Well it looks like the label for /etc/ld.so.cache is wrong it should be "_" not System In your build procedure you need to make sure that this label is set for /etc/ld.so.cache this file is used in the execution of any binary, since it's the dynamic linkers cache.
Can you give us some information what procedure are you using to build your image for XU3 ? best regards On 12/16/2015 06:45 AM, Bogon Kim wrote: > Dear Mr. fang > > > > audit log has been stacked up the previous logs. > > You need to clear out to check the problem has been solved using below command > >> cat /dev/null > /var/log/audit/audit.log > > then retry to check the problem happens again. > > > > The problem of smack label for /etc/ld.so/cache is only happened when you > install rpm packages in your local device. > > > > BRs > > Bogon Kim > > ------- *Original Message* ------- > > *Sender* : jianzhong fang<[email protected]> Senior > Engineer/SRC-Nanjing-Product 2 Lab/Samsung Electronics > > *Date* : 2015-12-16 11:40 (GMT+09:00) > > *Title* : Re: [Dev] Some services has been denied by SMACK when systemd > running > > > > Dear Mr. Kubiak, > > Thank you for your reply. > > Because some commands have been denied, such as systemd, dbus-daemon, sh and > so on. > > There is no login prompt. > > So I use the command "chsmack -a _ /etc/ld.so.cache" after I chroot the image. > > bash-4.3# chsmack -a _ /etc/ld.so.cache > > bash-4.3# chsmack /etc/ld.so.cache > /etc/ld.so.cache access="_" > > And then I flash the rootfs.img which I have changed and the problem still > exists. And don't know the reason. > > Is there any other ways to solve the problem? > > > > [ 16.277486] audit: type=1400 audit(16.240:2): lsm=SMACK fn=smack_file_open > action=denied subject="User" object="System" requested=r pid=5183 > comm="systemd" path="/etc/ld.so.cache" dev="mmcblk0p2" ino=314 > [ 16.302854] audit: type=1400 audit(16.265:3): lsm=SMACK fn=smack_file_open > action=denied subject="User" object="System" requested=r pid=5183 > comm="systemd" path="/etc/ld.so.cache" dev="mmcblk0p2" ino=314 > [ 16.320465] audit: type=1400 audit(16.285:4): lsm=SMACK fn=smack_file_open > action=denied subject="User" object="System" requested=r pid=5183 > comm="systemd" path="/etc/ld.so.cache" dev="mmcblk0p2" ino=314 > [ 16.580001] audit: type=1400 audit(16.545:5): lsm=SMACK fn=smack_file_open > action=denied subject="User" object="System" requested=r pid=5253 comm="sh" > path="/etc/ld.so.cache" dev="mmcblk0p2" ino=314 > > I also check the download.tizen.org, and not find the tizen-common for > odroid-xu3. So I can't check the problem. > > The serial output log is in attachment. > > > > BRS, > > Jianzhong Fang > > > > > > > > ------- *Original Message* ------- > > *Sender* : Roman Kubiak<[email protected]> Senior Software > Engineer/SRPOL-Security (TP)/삼성전자 > > *Date* : 十二月 16, 2015 00:09 (GMT+08:00) > > *Title* : Re: [Dev] Some services has been denied by SMACK when systemd > running > > > > try setting the floor label to /etc/ld.so.cache > > chsmack -a _ /etc/ld.so.cache > > did you try a pre-built image from download.tizen.org ? do you get the same > errors on those ? > > best regards. > > On 12/15/2015 01:28 PM, jianzhong fang wrote: >> Dear all, >> Now I build tizen-common which want working on Odroid-XU3 using the object >> "tizen-distro". >> >> >> When the systemd running, i find some denied log about SMACK as following: >> [ 15.838824] audit: type=1400 audit(15.805:2): lsm=SMACK >> fn=smack_file_open action=denied subject="User" object="System" requested=r >> pid=5169 comm="systemd" path="/etc/ld.so.cache" dev="mmcblk0p2" ino=306 >> [ 15.861900] audit: type=1400 audit(15.825:3): lsm=SMACK >> fn=smack_file_open action=denied subject="User" object="System" requested=r >> pid=5169 comm="systemd" path="/etc/ld.so.cache" dev="mmcblk0p2" ino=306 >> [ 15.879063] audit: type=1400 audit(15.845:4): lsm=SMACK >> fn=smack_file_open action=denied subject="User" object="System" requested=r >> pid=5169 comm="systemd" path="/etc/ld.so.cache" dev="mmcblk0p2" ino=306 >> [ 16.148403] audit: type=1400 audit(16.115:5): lsm=SMACK >> fn=smack_file_open action=denied subject="User" object="System" requested=r >> pid=5250 comm="sh" path="/etc/ld.so.cache" dev="mmcblk0p2" ino=306 >> [ 16.158863] audit: type=1400 audit(16.125:6): lsm=SMACK >> fn=smack_file_open action=denied subject="User" object="System" requested=r >> pid=5255 comm="dbus-daemon" path="/etc/ld.so.cache" dev="mmcblk0p2" in6 >> [ 16.163428] audit: type=1400 audit(16.130:7): lsm=SMACK >> fn=smack_file_open action=denied subject="User" object="System" requested=r >> pid=5255 comm="dbus-daemon" path="/etc/ld.so.cache" dev="mmcblk0p2" in6 >> [ 16.164232] audit: type=1400 audit(16.130:8): lsm=SMACK >> fn=smack_file_open action=denied subject="User" object="System" requested=r >> pid=5255 comm="dbus-daemon" path="/etc/ld.so.cache" dev="mmcblk0p2" in6 >> [ 16.190755] audit: type=1400 audit(16.155:9): lsm=SMACK >> fn=smack_file_open action=denied subject="User" object="System" requested=r >> pid=5252 comm="install_widgets" path="/etc/ld.so.cache" dev="mmcblk0p26 >> [ 16.202234] audit: type=1400 audit(16.165:10): lsm=SMACK >> fn=smack_file_open action=denied subject="User" object="System" requested=r >> pid=5262 comm="date" path="/etc/ld.so.cache" dev="mmcblk0p2" ino=306 >> [ 16.211276] audit: type=1400 audit(16.175:11): lsm=SMACK >> fn=smack_file_open action=denied subject="User" object="System" requested=r >> pid=5266 comm="ls" path="/etc/ld.so.cache" dev="mmcblk0p2" in[ OK ]. >> >> >> I use the "Linux-exynos" as kernel, which branch is "accepted/tizen_common", >> and commit is "ad533b7c467aa4117cde97bdd9b86e98e35c8741". >> >> >> >> I want to know how to set the smack rule, and let all the denied action to >> pass. >> >> Any assistance you can render i will be appreciated. >> >> The serial output log is in attachment. >> >> >> >> BRS, >> >> Jianzhong Fang >> >> >> >> >> >> _______________________________________________ >> Dev mailing list >> [email protected] >> https://lists.tizen.org/listinfo/dev >> > > -- > -------------- > Roman Kubiak > -------------- > > > > > > > > > > ** > > > > *김보곤 선임(Bogon Kim)* > > > > *Mobile Communication Division* > > *Samsung Electronics.Co.,LTD* > > *Mobile 82 - 10 - 3583 - 0881* > > *E-mail [email protected] <mailto:[email protected]>* > > *Software, System and Samsung* > > > > > > > > > > > > > > > > > > > > > > > > > > > > _______________________________________________ > Dev mailing list > [email protected] > https://lists.tizen.org/listinfo/dev > -- -------------- Roman Kubiak -------------- _______________________________________________ Dev mailing list [email protected] https://lists.tizen.org/listinfo/dev
