It was <2013-12-19 czw 19:41>, when Schaufler, Casey wrote: >> -----Original Message----- >> From: Łukasz Stelmach [mailto:[email protected]] >> Sent: Thursday, December 19, 2013 10:27 AM >> To: Schaufler, Casey >> Cc: [email protected] >> Subject: Re: [Dev] smack setup incomplete, systemd-journal fails >> >> It was <2013-12-19 czw 18:26>, when Schaufler, Casey wrote: >>>> -----Original Message----- >>>> From: Łukasz Stelmach [mailto:[email protected]] >>>> Sent: Thursday, December 19, 2013 9:19 AM >>>> To: Schaufler, Casey >>>> Cc: [email protected] >>>> Subject: Re: [Dev] smack setup incomplete, systemd-journal fails >>>> >>>> It was <2013-12-19 czw 17:32>, when Schaufler, Casey wrote: >>>>> -----Original Message----- >>>>> From: Łukasz Stelmach [mailto:[email protected]] >>>>> Sent: Thursday, December 19, 2013 12:58 AM >>>>>> It was <2013-12-18 śro 20:31>, when Schaufler, Casey wrote: >>>>>>> -----Original Message----- >>>>>>> From: [email protected] >>>>>>> [mailto:[email protected]] On Behalf Of Lukasz >>>>>>> Stelmach >>>>>>> Sent: Wednesday, December 18, 2013 9:52 AM >>>>>>>> + "Failed to open runtime journal: No such file or directory" >>>>>>> >>>>>>> This is most likely the Smack label on /var/log. A fix is in the >>>>>>> works for the general problem of /var/log. A temporary >>>>>>> workaround is >>>>>>> >>>>>>> chsmack -a '*' /var/log >>>>>> >>>>>> "Runtime journal" is in /run/log. And there is no /run/log >>>>>> directory which may suggest journald is unable to create it. >>>>>> >>>>>> root:~> chsmack /run >>>>>> /run access="_" >>>>> >>>>> This is a clear indication that systemd is not mounting /run. >>>>> When systemd mounts /run it uses the smackfstransmute option to set >>>>> the hierarchy to System::Run. >>>> >>>> [ 20.297116] tmpfs: Bad mount option smackfstransmute >>>> >>>> Apparently I need to back-port it. >>> >>> There is a set of kernel patches required. >>> Look at the ivi kernel change log. >>> The base kernel version that mobile uses will of course impact which >> patches are required. >> >> Correct me if I am wrong: >> >> git log --format=oneline $(git merge-base tizen-mobile/tizen tizen- >> ivi/tizen)..tizen-ivi/tizen -- security/smack/ >> >> shows I need to take these >> >> e830b394 Smack: Add smkfstransmute mount option >> 2f823ff8 Smack: Improve access check performance >> c6739443 Smack: Local IPv6 port based controls > > You also need: > > 8ff4ac65: Smack: Cgroup filesystem access > The *only* place you'll see this is the ivi tree. It is not upstream. > cb6108a4: Smack: Ptrace access check mode > d5ec1d65: Smack: Implement lock security mode >
I've decided to take all the patches for Smack avaialble in ivi tree --8<---------------cut here---------------start------------->8--- 13482179 Smack: Cgroup filesystem access 4b6e1f27 Smack: Ptrace access check mode 15a27374 Smack: Implement lock security mode 10289b0f Smack: parse multiple rules per write to load2, up to PAGE_SIZE-1 bytes 6ea06247 Smack: IPv6 casting error fix for 3.11 677264e8 Smack: network label match fix 4d7cf4a1 security: smack: add a hash table to quicken smk_find_entry() 470043ba security: smack: fix memleak in smk_write_rules_list() 9548906b xattr: Constify ->name member of "struct xattr". 746df9b5 Security: Add Hook to test if the particular xattr is part of a MAC model. 0fcfee61 Smack: Fix the bug smackcipso can't set CIPSO correctly 8cd77a0b Smack: Fix possible NULL pointer dereference at smk_netlbl_mls() e830b394 Smack: Add smkfstransmute mount option 2f823ff8 Smack: Improve access check performance c6739443 Smack: Local IPv6 port based controls --8<---------------cut here---------------end--------------->8--- Things appear to work no worse than they did before. Apparently we need to rebase the mobile kernel. Thank you very much for your assitance. >> to get what I need these assuming tizen-mobile and tizen-ivi are >> respectively. >> >> git://review.tizen.org/platform/kernel/linux-3.10.git >> git://review.tizen.org/profile/ivi/kernel-x86-ivi.git > > The ivi tree is 3.12 based. You may have other issues using a 3.10 kernel. -- Łukasz Stelmach Samsung R&D Institute Poland Samsung Electronics
pgp3yI7ZiWsAt.pgp
Description: PGP signature
_______________________________________________ Dev mailing list [email protected] https://lists.tizen.org/listinfo/dev
