Re: [Dev] Some services has been denied by SMACK when systemd running

Tue, 15 Dec 2015 18:40:42 -0800

Title: Samsung Enterprise Portal mySingle

Dear Mr. Kubiak,

Thank you for your reply.

Because some commands have been denied, such as systemd, dbus-daemon, sh and so on.

There is no login prompt.

So I use the command "chsmack -a _ /etc/ld.so.cache" after I chroot the image.

bash-4.3# chsmack -a _ /etc/ld.so.cache

bash-4.3# chsmack /etc/ld.so.cache
/etc/ld.so.cache access="_"

And then I flash the  rootfs.img which I have changed and the problem still exists. And don't know the reason.

Is there any other ways to solve the problem?

 

[   16.277486] audit: type=1400 audit(16.240:2): lsm=SMACK fn=smack_file_open action="" subject="User" object="System" requested=r pid=5183 comm="systemd" path="/etc/ld.so.cache" dev="mmcblk0p2" ino=314
[   16.302854] audit: type=1400 audit(16.265:3): lsm=SMACK fn=smack_file_open action="" subject="User" object="System" requested=r pid=5183 comm="systemd" path="/etc/ld.so.cache" dev="mmcblk0p2" ino=314
[   16.320465] audit: type=1400 audit(16.285:4): lsm=SMACK fn=smack_file_open action="" subject="User" object="System" requested=r pid=5183 comm="systemd" path="/etc/ld.so.cache" dev="mmcblk0p2" ino=314
[   16.580001] audit: type=1400 audit(16.545:5): lsm=SMACK fn=smack_file_open action="" subject="User" object="System" requested=r pid=5253 comm="sh" path="/etc/ld.so.cache" dev="mmcblk0p2" ino=314

I also check the download.tizen.org, and not find the tizen-common for odroid-xu3. So I can't check the problem.

The serial output log is in attachment.

 

BRS,

Jianzhong Fang

 

 

 

------- Original Message -------

Sender : Roman Kubiak<[email protected]> Senior Software Engineer/SRPOL-Security (TP)/삼성전자

Date : 十二月 16, 2015 00:09 (GMT+08:00)

Title : Re: [Dev] Some services has been denied by SMACK when systemd running

 

try setting the floor label to /etc/ld.so.cache

chsmack -a _ /etc/ld.so.cache

did you try a pre-built image from download.tizen.org ? do you get the same errors on those ?

best regards.

On 12/15/2015 01:28 PM, jianzhong fang wrote:
> Dear all,
> Now I build tizen-common which want working on Odroid-XU3 using the object "tizen-distro".
>
>
> When the systemd running, i find some denied log about SMACK as following:
> [   15.838824] audit: type=1400 audit(15.805:2): lsm=SMACK fn=smack_file_open action="" subject="User" object="System" requested=r pid=5169 comm="systemd" path="/etc/ld.so.cache" dev="mmcblk0p2" ino=306
> [   15.861900] audit: type=1400 audit(15.825:3): lsm=SMACK fn=smack_file_open action="" subject="User" object="System" requested=r pid=5169 comm="systemd" path="/etc/ld.so.cache" dev="mmcblk0p2" ino=306
> [   15.879063] audit: type=1400 audit(15.845:4): lsm=SMACK fn=smack_file_open action="" subject="User" object="System" requested=r pid=5169 comm="systemd" path="/etc/ld.so.cache" dev="mmcblk0p2" ino=306
> [   16.148403] audit: type=1400 audit(16.115:5): lsm=SMACK fn=smack_file_open action="" subject="User" object="System" requested=r pid=5250 comm="sh" path="/etc/ld.so.cache" dev="mmcblk0p2" ino=306
> [   16.158863] audit: type=1400 audit(16.125:6): lsm=SMACK fn=smack_file_open action="" subject="User" object="System" requested=r pid=5255 comm="dbus-daemon" path="/etc/ld.so.cache" dev="mmcblk0p2" in6
> [   16.163428] audit: type=1400 audit(16.130:7): lsm=SMACK fn=smack_file_open action="" subject="User" object="System" requested=r pid=5255 comm="dbus-daemon" path="/etc/ld.so.cache" dev="mmcblk0p2" in6
> [   16.164232] audit: type=1400 audit(16.130:8): lsm=SMACK fn=smack_file_open action="" subject="User" object="System" requested=r pid=5255 comm="dbus-daemon" path="/etc/ld.so.cache" dev="mmcblk0p2" in6
> [   16.190755] audit: type=1400 audit(16.155:9): lsm=SMACK fn=smack_file_open action="" subject="User" object="System" requested=r pid=5252 comm="install_widgets" path="/etc/ld.so.cache" dev="mmcblk0p26
> [   16.202234] audit: type=1400 audit(16.165:10): lsm=SMACK fn=smack_file_open action="" subject="User" object="System" requested=r pid=5262 comm="date" path="/etc/ld.so.cache" dev="mmcblk0p2" ino=306
> [   16.211276] audit: type=1400 audit(16.175:11): lsm=SMACK fn=smack_file_open action="" subject="User" object="System" requested=r pid=5266 comm="ls" path="/etc/ld.so.cache" dev="mmcblk0p2" in[  OK  ].
>
>
> I use the "Linux-exynos" as kernel, which branch is "accepted/tizen_common", and commit is "ad533b7c467aa4117cde97bdd9b86e98e35c8741".
>
>  
>
> I want to know how to set the smack rule, and let all the denied action to pass.
>
> Any assistance you can render i will be appreciated.
>
> The serial output log is in attachment.
>
>  
>
> BRS,
>
> Jianzhong Fang
>
>  
>
>
>
> _______________________________________________
> Dev mailing list
> [email protected]
> https://lists.tizen.org/listinfo/dev
>

--
--------------
Roman Kubiak
--------------

 

 

Attachment: 1126.txt
Description: Binary data

_______________________________________________
Dev mailing list
[email protected]
https://lists.tizen.org/listinfo/dev

Reply via email to