Dear Mr. fang
audit log has been stacked up the previous logs.
You need to clear out to check the problem has been solved using below command
> cat /dev/null > /var/log/audit/audit.log
then retry to check the problem happens again.
The problem of smack label for /etc/ld.so/cache is only happened when you install rpm packages in your local device.
BRs
Bogon Kim
------- Original Message -------
Sender : jianzhong fang<[email protected]> Senior Engineer/SRC-Nanjing-Product 2 Lab/Samsung Electronics
Date : 2015-12-16 11:40 (GMT+09:00)
Title : Re: [Dev] Some services has been denied by SMACK when systemd running
Dear Mr. Kubiak,
Thank you for your reply.
Because some commands have been denied, such as systemd, dbus-daemon, sh and so on.
There is no login prompt.
So I use the command "chsmack -a _ /etc/ld.so.cache" after I chroot the image.
bash-4.3# chsmack -a _ /etc/ld.so.cache
bash-4.3# chsmack /etc/ld.so.cache
/etc/ld.so.cache access="_"
And then I flash the rootfs.img which I have changed and the problem still exists. And don't know the reason.
Is there any other ways to solve the problem?
[ 16.277486] audit: type=1400 audit(16.240:2): lsm=SMACK fn=smack_file_open action="" subject="User" object="System" requested=r pid=5183 comm="systemd" path="/etc/ld.so.cache" dev="mmcblk0p2" ino=314
[ 16.302854] audit: type=1400 audit(16.265:3): lsm=SMACK fn=smack_file_open action="" subject="User" object="System" requested=r pid=5183 comm="systemd" path="/etc/ld.so.cache" dev="mmcblk0p2" ino=314
[ 16.320465] audit: type=1400 audit(16.285:4): lsm=SMACK fn=smack_file_open action="" subject="User" object="System" requested=r pid=5183 comm="systemd" path="/etc/ld.so.cache" dev="mmcblk0p2" ino=314
[ 16.580001] audit: type=1400 audit(16.545:5): lsm=SMACK fn=smack_file_open action="" subject="User" object="System" requested=r pid=5253 comm="sh" path="/etc/ld.so.cache" dev="mmcblk0p2" ino=314
I also check the download.tizen.org, and not find the tizen-common for odroid-xu3. So I can't check the problem.
The serial output log is in attachment.
BRS,
Jianzhong Fang
------- Original Message -------
Sender : Roman Kubiak<[email protected]> Senior Software Engineer/SRPOL-Security (TP)/삼성전자
Date : 十二月 16, 2015 00:09 (GMT+08:00)
Title : Re: [Dev] Some services has been denied by SMACK when systemd running
try setting the floor label to /etc/ld.so.cache
chsmack -a _ /etc/ld.so.cache
did you try a pre-built image from download.tizen.org ? do you get the same errors on those ?
best regards.
On 12/15/2015 01:28 PM, jianzhong fang wrote:
> Dear all,
> Now I build tizen-common which want working on Odroid-XU3 using the object "tizen-distro".
>
>
> When the systemd running, i find some denied log about SMACK as following:
> [ 15.838824] audit: type=1400 audit(15.805:2): lsm=SMACK fn=smack_file_open action="" subject="User" object="System" requested=r pid=5169 comm="systemd" path="/etc/ld.so.cache" dev="mmcblk0p2" ino=306
> [ 15.861900] audit: type=1400 audit(15.825:3): lsm=SMACK fn=smack_file_open action="" subject="User" object="System" requested=r pid=5169 comm="systemd" path="/etc/ld.so.cache" dev="mmcblk0p2" ino=306
> [ 15.879063] audit: type=1400 audit(15.845:4): lsm=SMACK fn=smack_file_open action="" subject="User" object="System" requested=r pid=5169 comm="systemd" path="/etc/ld.so.cache" dev="mmcblk0p2" ino=306
> [ 16.148403] audit: type=1400 audit(16.115:5): lsm=SMACK fn=smack_file_open action="" subject="User" object="System" requested=r pid=5250 comm="sh" path="/etc/ld.so.cache" dev="mmcblk0p2" ino=306
> [ 16.158863] audit: type=1400 audit(16.125:6): lsm=SMACK fn=smack_file_open action="" subject="User" object="System" requested=r pid=5255 comm="dbus-daemon" path="/etc/ld.so.cache" dev="mmcblk0p2" in6
> [ 16.163428] audit: type=1400 audit(16.130:7): lsm=SMACK fn=smack_file_open action="" subject="User" object="System" requested=r pid=5255 comm="dbus-daemon" path="/etc/ld.so.cache" dev="mmcblk0p2" in6
> [ 16.164232] audit: type=1400 audit(16.130:8): lsm=SMACK fn=smack_file_open action="" subject="User" object="System" requested=r pid=5255 comm="dbus-daemon" path="/etc/ld.so.cache" dev="mmcblk0p2" in6
> [ 16.190755] audit: type=1400 audit(16.155:9): lsm=SMACK fn=smack_file_open action="" subject="User" object="System" requested=r pid=5252 comm="install_widgets" path="/etc/ld.so.cache" dev="mmcblk0p26
> [ 16.202234] audit: type=1400 audit(16.165:10): lsm=SMACK fn=smack_file_open action="" subject="User" object="System" requested=r pid=5262 comm="date" path="/etc/ld.so.cache" dev="mmcblk0p2" ino=306
> [ 16.211276] audit: type=1400 audit(16.175:11): lsm=SMACK fn=smack_file_open action="" subject="User" object="System" requested=r pid=5266 comm="ls" path="/etc/ld.so.cache" dev="mmcblk0p2" in[ OK ].
>
>
> I use the "Linux-exynos" as kernel, which branch is "accepted/tizen_common", and commit is "ad533b7c467aa4117cde97bdd9b86e98e35c8741".
>
>
>
> I want to know how to set the smack rule, and let all the denied action to pass.
>
> Any assistance you can render i will be appreciated.
>
> The serial output log is in attachment.
>
>
>
> BRS,
>
> Jianzhong Fang
>
>
>
>
>
> _______________________________________________
> Dev mailing list
> [email protected]
> https://lists.tizen.org/listinfo/dev
>
--
--------------
Roman Kubiak
--------------
|
|
|
|
_______________________________________________ Dev mailing list [email protected] https://lists.tizen.org/listinfo/dev
