Dear Mr. Kim,
Thank you for your reply.
I can't execute the command because the "systemd" and "sh" have been denied. There is no login prompt. I can't input anything.
And I find that the "pid" is different every time. So may be not the previous logs.
"[ 8.896733] audit: type=1400 audit(8.860:3): lsm=SMACK fn=smack_file_open action="" subject="User" object="System" requested=r pid=3574 comm="systemd" path="/etc/ld.so.cache" dev="mmcblk0p2" ino=306"
Thank you very much.
BRs
Jianzhong Fang
------- Original Message -------
Sender : Bogon Kim<[email protected]> S4/Engineer/Tizen R&D Team/Samsung Electronics
Date : 十二月 16, 2015 13:45 (GMT+08:00)
Title : Re: Re: [Dev] Some services has been denied by SMACK when systemd running
Dear Mr. fang
audit log has been stacked up the previous logs.
You need to clear out to check the problem has been solved using below command
> cat /dev/null > /var/log/audit/audit.log
then retry to check the problem happens again.
The problem of smack label for /etc/ld.so/cache is only happened when you install rpm packages in your local device.
BRs
Bogon Kim
------- Original Message -------
Sender : jianzhong fang<[email protected]> Senior Engineer/SRC-Nanjing-Product 2 Lab/Samsung Electronics
Date : 2015-12-16 11:40 (GMT+09:00)
Title : Re: [Dev] Some services has been denied by SMACK when systemd running
Dear Mr. Kubiak,
Thank you for your reply.
Because some commands have been denied, such as systemd, dbus-daemon, sh and so on.
There is no login prompt.
So I use the command "chsmack -a _ /etc/ld.so.cache" after I chroot the image.
bash-4.3# chsmack -a _ /etc/ld.so.cache
bash-4.3# chsmack /etc/ld.so.cache
/etc/ld.so.cache access="_"
And then I flash the rootfs.img which I have changed and the problem still exists. And don't know the reason.
Is there any other ways to solve the problem?
[ 16.277486] audit: type=1400 audit(16.240:2): lsm=SMACK fn=smack_file_open action="" subject="User" object="System" requested=r pid=5183 comm="systemd" path="/etc/ld.so.cache" dev="mmcblk0p2" ino=314
[ 16.302854] audit: type=1400 audit(16.265:3): lsm=SMACK fn=smack_file_open action="" subject="User" object="System" requested=r pid=5183 comm="systemd" path="/etc/ld.so.cache" dev="mmcblk0p2" ino=314
[ 16.320465] audit: type=1400 audit(16.285:4): lsm=SMACK fn=smack_file_open action="" subject="User" object="System" requested=r pid=5183 comm="systemd" path="/etc/ld.so.cache" dev="mmcblk0p2" ino=314
[ 16.580001] audit: type=1400 audit(16.545:5): lsm=SMACK fn=smack_file_open action="" subject="User" object="System" requested=r pid=5253 comm="sh" path="/etc/ld.so.cache" dev="mmcblk0p2" ino=314
I also check the download.tizen.org, and not find the tizen-common for odroid-xu3. So I can't check the problem.
The serial output log is in attachment.
BRS,
Jianzhong Fang
------- Original Message -------
Sender : Roman Kubiak<[email protected]> Senior Software Engineer/SRPOL-Security (TP)/삼성전자
Date : 十二月 16, 2015 00:09 (GMT+08:00)
Title : Re: [Dev] Some services has been denied by SMACK when systemd running
try setting the floor label to /etc/ld.so.cache
chsmack -a _ /etc/ld.so.cache
did you try a pre-built image from download.tizen.org ? do you get the same errors on those ?
best regards.
On 12/15/2015 01:28 PM, jianzhong fang wrote:
> Dear all,
> Now I build tizen-common which want working on Odroid-XU3 using the object "tizen-distro".
>
>
> When the systemd running, i find some denied log about SMACK as following:
> [ 15.838824] audit: type=1400 audit(15.805:2): lsm=SMACK fn=smack_file_open action="" subject="User" object="System" requested=r pid=5169 comm="systemd" path="/etc/ld.so.cache" dev="mmcblk0p2" ino=306
> [ 15.861900] audit: type=1400 audit(15.825:3): lsm=SMACK fn=smack_file_open action="" subject="User" object="System" requested=r pid=5169 comm="systemd" path="/etc/ld.so.cache" dev="mmcblk0p2" ino=306
> [ 15.879063] audit: type=1400 audit(15.845:4): lsm=SMACK fn=smack_file_open action="" subject="User" object="System" requested=r pid=5169 comm="systemd" path="/etc/ld.so.cache" dev="mmcblk0p2" ino=306
> [ 16.148403] audit: type=1400 audit(16.115:5): lsm=SMACK fn=smack_file_open action="" subject="User" object="System" requested=r pid=5250 comm="sh" path="/etc/ld.so.cache" dev="mmcblk0p2" ino=306
> [ 16.158863] audit: type=1400 audit(16.125:6): lsm=SMACK fn=smack_file_open action="" subject="User" object="System" requested=r pid=5255 comm="dbus-daemon" path="/etc/ld.so.cache" dev="mmcblk0p2" in6
> [ 16.163428] audit: type=1400 audit(16.130:7): lsm=SMACK fn=smack_file_open action="" subject="User" object="System" requested=r pid=5255 comm="dbus-daemon" path="/etc/ld.so.cache" dev="mmcblk0p2" in6
> [ 16.164232] audit: type=1400 audit(16.130:8): lsm=SMACK fn=smack_file_open action="" subject="User" object="System" requested=r pid=5255 comm="dbus-daemon" path="/etc/ld.so.cache" dev="mmcblk0p2" in6
> [ 16.190755] audit: type=1400 audit(16.155:9): lsm=SMACK fn=smack_file_open action="" subject="User" object="System" requested=r pid=5252 comm="install_widgets" path="/etc/ld.so.cache" dev="mmcblk0p26
> [ 16.202234] audit: type=1400 audit(16.165:10): lsm=SMACK fn=smack_file_open action="" subject="User" object="System" requested=r pid=5262 comm="date" path="/etc/ld.so.cache" dev="mmcblk0p2" ino=306
> [ 16.211276] audit: type=1400 audit(16.175:11): lsm=SMACK fn=smack_file_open action="" subject="User" object="System" requested=r pid=5266 comm="ls" path="/etc/ld.so.cache" dev="mmcblk0p2" in[ OK ].
>
>
> I use the "Linux-exynos" as kernel, which branch is "accepted/tizen_common", and commit is "ad533b7c467aa4117cde97bdd9b86e98e35c8741".
>
>
>
> I want to know how to set the smack rule, and let all the denied action to pass.
>
> Any assistance you can render i will be appreciated.
>
> The serial output log is in attachment.
>
>
>
> BRS,
>
> Jianzhong Fang
>
>
>
>
>
> _______________________________________________
> Dev mailing list
> [email protected]
> https://lists.tizen.org/listinfo/dev
>
--
--------------
Roman Kubiak
--------------
|
|
|
|
_______________________________________________ Dev mailing list [email protected] https://lists.tizen.org/listinfo/dev
