Hi,
For first smack denial you commented, it assaulted because "_" label is predefined smack label which only allowed read and execution
not write or append. And all device node which are created under tmpfs have "_" label. So you have to set proper lable to device node
you want to access with command 'chsmack -a <label> <file>'. Also it can be defined udev rule for later automatic labeling.
In addition to, "*" is smack label for allowing every access.
>-sh-4.1# chsmack -e "System" /usr/apps/org.tizen.w-home/bin/w-home
>/usr/apps/org.tizen.w-home/bin/w-home: Operation not supported
You did it as a root user, arent you? AFAIK, there is no extra privilege such as CAP_SMACK_ADMIN, it follows system privileges.
So ift you access root privilege it won't be happened. If it still occur even if you're root user, check whether XATTR option
is enabled for your filesystem, such as CONFIG_EXT3_FS_XATTR, CONFIG_TMPFS_XATTR..
Thanks,
Jonghwa
------- Original Message -------
Sender : Joshua Varghese<[email protected]>
Date : 2016-01-30 19:28 (GMT+09:00)
Title : [Dev] Fwd: Smack - Home screen issue
Hi,
We are trying to install apps on our MIPS based platform. We learnt that SMACK is necessary for apps installation. So, we enabled SMACK (which we disabled earlier). We are getting the boot-animation logo but the menu screen doesn't show up. In our kernel logs, we find errors which say "permission denied" e.g (" type=1400 audit(1420366222.567:8): lsm=SMACK fn=smack_inode_permission action="" subject="_" object="device::app_logging" requested=w pid=271 comm="enlightenment" name="log_main" dev="devtmpfs" ino=2067 ") and in the dlogutil logs, we find errors related to w-home ("E/PRIVILEGE_CONTROL( 493): privilege-control.c: get_smack_from_binary(468) > Getting exec label from file /usr/apps/org.tizen.w-home/bin/w-home failed "). We tried to give w-home executable permissions using chsmack, but we get an error "Operation not supported". Could this be because we don't have the CAP_SMACK_ADMIN privilege. What do we do?
-sh-4.1# chsmack -e "System" /usr/apps/org.tizen.w-home/bin/w-home
/usr/apps/org.tizen.w-home/bin/w-home: Operation not supported
P.S: We find that all the processes/files have the default label "_". Do we need to change them and if yes, how?
Please find the attached Kernel and dlogutil logs
Thanks & Regards,
Atchyut Sreekar Durga
JongHwa Lee | 이 종 화 (李 鐘 和)
Platform Solution Lab, S/W Center, SEC, M: 82-10-2827-9616
|
|
_______________________________________________ Dev mailing list [email protected] https://lists.tizen.org/listinfo/dev
