Dear Mr.Kubiak,
Thank you for your reply.
I'm using the "tizen_distro" to build tizen-common for odroid-XU3.
I just replace linux-3.14 kernel with linux-exynos which support the odroid-XU3, and replace the u-boot.
I don't know why the label for /etc/ld.so.cache is wrong. I need to check it.
If I have any progress, I will let you know.
Thank you very much.
BRs,
Jianzhong Fang
------- Original Message -------
Sender : Roman Kubiak<[email protected]> Senior Software Engineer/SRPOL-Security (TP)/삼성전자
Date : 十二月 16, 2015 18:47 (GMT+08:00)
Title : Re: [Dev] Some services has been denied by SMACK when systemd running
Well it looks like the label for /etc/ld.so.cache is wrong it should be "_" not System
In your build procedure you need to make sure that this label is set for /etc/ld.so.cache
this file is used in the execution of any binary, since it's the dynamic linkers cache.
Can you give us some information what procedure are you using to build your image for XU3 ?
best regards
On 12/16/2015 06:45 AM, Bogon Kim wrote:
> Dear Mr. fang
>
>
>
> audit log has been stacked up the previous logs.
>
> You need to clear out to check the problem has been solved using below command
>
>> cat /dev/null > /var/log/audit/audit.log
>
> then retry to check the problem happens again.
>
>
>
> The problem of smack label for /etc/ld.so/cache is only happened when you install rpm packages in your local device.
>
>
>
> BRs
>
> Bogon Kim
>
> ------- *Original Message* -------
>
> *Sender* : jianzhong fang
>
> *Date* : 2015-12-16 11:40 (GMT+09:00)
>
> *Title* : Re: [Dev] Some services has been denied by SMACK when systemd running
>
>
>
> Dear Mr. Kubiak,
>
> Thank you for your reply.
>
> Because some commands have been denied, such as systemd, dbus-daemon, sh and so on.
>
> There is no login prompt.
>
> So I use the command "chsmack -a _ /etc/ld.so.cache" after I chroot the image.
>
> bash-4.3# chsmack -a _ /etc/ld.so.cache
>
> bash-4.3# chsmack /etc/ld.so.cache
> /etc/ld.so.cache access="_"
>
> And then I flash the rootfs.img which I have changed and the problem still exists. And don't know the reason.
>
> Is there any other ways to solve the problem?
>
>
>
> [ 16.277486] audit: type=1400 audit(16.240:2): lsm=SMACK fn=smack_file_open action="" subject="User" object="System" requested=r pid=5183 comm="systemd" path="/etc/ld.so.cache" dev="mmcblk0p2" ino=314
> [ 16.302854] audit: type=1400 audit(16.265:3): lsm=SMACK fn=smack_file_open action="" subject="User" object="System" requested=r pid=5183 comm="systemd" path="/etc/ld.so.cache" dev="mmcblk0p2" ino=314
> [ 16.320465] audit: type=1400 audit(16.285:4): lsm=SMACK fn=smack_file_open action="" subject="User" object="System" requested=r pid=5183 comm="systemd" path="/etc/ld.so.cache" dev="mmcblk0p2" ino=314
> [ 16.580001] audit: type=1400 audit(16.545:5): lsm=SMACK fn=smack_file_open action="" subject="User" object="System" requested=r pid=5253 comm="sh" path="/etc/ld.so.cache" dev="mmcblk0p2" ino=314
>
> I also check the download.tizen.org, and not find the tizen-common for odroid-xu3. So I can't check the problem.
>
> The serial output log is in attachment.
>
>
>
> BRS,
>
> Jianzhong Fang
>
>
>
>
>
>
>
> ------- *Original Message* -------
>
> *Sender* : Roman Kubiak
>
> *Date* : 十二月 16, 2015 00:09 (GMT+08:00)
>
> *Title* : Re: [Dev] Some services has been denied by SMACK when systemd running
>
>
>
> try setting the floor label to /etc/ld.so.cache
>
> chsmack -a _ /etc/ld.so.cache
>
> did you try a pre-built image from download.tizen.org ? do you get the same errors on those ?
>
> best regards.
>
> On 12/15/2015 01:28 PM, jianzhong fang wrote:
>> Dear all,
>> Now I build tizen-common which want working on Odroid-XU3 using the object "tizen-distro".
>>
>>
>> When the systemd running, i find some denied log about SMACK as following:
>> [ 15.838824] audit: type=1400 audit(15.805:2): lsm=SMACK fn=smack_file_open action="" subject="User" object="System" requested=r pid=5169 comm="systemd" path="/etc/ld.so.cache" dev="mmcblk0p2" ino=306
>> [ 15.861900] audit: type=1400 audit(15.825:3): lsm=SMACK fn=smack_file_open action="" subject="User" object="System" requested=r pid=5169 comm="systemd" path="/etc/ld.so.cache" dev="mmcblk0p2" ino=306
>> [ 15.879063] audit: type=1400 audit(15.845:4): lsm=SMACK fn=smack_file_open action="" subject="User" object="System" requested=r pid=5169 comm="systemd" path="/etc/ld.so.cache" dev="mmcblk0p2" ino=306
>> [ 16.148403] audit: type=1400 audit(16.115:5): lsm=SMACK fn=smack_file_open action="" subject="User" object="System" requested=r pid=5250 comm="sh" path="/etc/ld.so.cache" dev="mmcblk0p2" ino=306
>> [ 16.158863] audit: type=1400 audit(16.125:6): lsm=SMACK fn=smack_file_open action="" subject="User" object="System" requested=r pid=5255 comm="dbus-daemon" path="/etc/ld.so.cache" dev="mmcblk0p2" in6
>> [ 16.163428] audit: type=1400 audit(16.130:7): lsm=SMACK fn=smack_file_open action="" subject="User" object="System" requested=r pid=5255 comm="dbus-daemon" path="/etc/ld.so.cache" dev="mmcblk0p2" in6
>> [ 16.164232] audit: type=1400 audit(16.130:8): lsm=SMACK fn=smack_file_open action="" subject="User" object="System" requested=r pid=5255 comm="dbus-daemon" path="/etc/ld.so.cache" dev="mmcblk0p2" in6
>> [ 16.190755] audit: type=1400 audit(16.155:9): lsm=SMACK fn=smack_file_open action="" subject="User" object="System" requested=r pid=5252 comm="install_widgets" path="/etc/ld.so.cache" dev="mmcblk0p26
>> [ 16.202234] audit: type=1400 audit(16.165:10): lsm=SMACK fn=smack_file_open action="" subject="User" object="System" requested=r pid=5262 comm="date" path="/etc/ld.so.cache" dev="mmcblk0p2" ino=306
>> [ 16.211276] audit: type=1400 audit(16.175:11): lsm=SMACK fn=smack_file_open action="" subject="User" object="System" requested=r pid=5266 comm="ls" path="/etc/ld.so.cache" dev="mmcblk0p2" in[ OK ].
>>
>>
>> I use the "Linux-exynos" as kernel, which branch is "accepted/tizen_common", and commit is "ad533b7c467aa4117cde97bdd9b86e98e35c8741".
>>
>>
>>
>> I want to know how to set the smack rule, and let all the denied action to pass.
>>
>> Any assistance you can render i will be appreciated.
>>
>> The serial output log is in attachment.
>>
>>
>>
>> BRS,
>>
>> Jianzhong Fang
>>
>>
>>
>>
>>
>> _______________________________________________
>> Dev mailing list
>> [email protected]
>> https://lists.tizen.org/listinfo/dev
>>
>
> --
> --------------
> Roman Kubiak
> --------------
>
>
>
>
>
>
>
>
>
> **
>
>
>
> *김보곤 선임(Bogon Kim)*
>
>
>
> *Mobile Communication Division*
>
> *Samsung Electronics.Co.,LTD*
>
> *Mobile 82 - 10 - 3583 - 0881*
>
> *E-mail [email protected]
>
> *Software, System and Samsung*
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> _______________________________________________
> Dev mailing list
> [email protected]
> https://lists.tizen.org/listinfo/dev
>
--
--------------
Roman Kubiak
--------------
|
|
_______________________________________________ Dev mailing list [email protected] https://lists.tizen.org/listinfo/dev
