On Di, 07.08.18 22:34, Martin Townsend (mtownsend1...@gmail.com) wrote:
> Any comments from systemd devs on this issue? I'm particulary keen to
> know if using the very permissive values on the /run/systemd/notify is
> advisable or whether this would cause any security issues.
Sorry, but for MAC
Any comments from systemd devs on this issue? I'm particulary keen to
know if using the very permissive values on the /run/systemd/notify is
advisable or whether this would cause any security issues.
On Wed, Aug 1, 2018 at 6:46 PM Martin Townsend wrote:
>
> Hi Casey,
>
> Thanks you for you prompt
On Mi, 01.08.18 11:18, Martin Townsend (mtownsend1...@gmail.com) wrote:
> @@ -728,7 +729,12 @@ static int manager_setup_notify(Manager *m) {
>
> m->notify_fd = fd;
> fd = -1;
> -
> +r = mac_smack_apply_fd(m->notify_fd, SMACK_ATTR_IPIN, "*");
> +
Hi Casey,
Thanks you for you prompt response.
On Wed, Aug 1, 2018 at 5:32 PM Casey Schaufler wrote:
>
> On 8/1/2018 3:18 AM, Martin Townsend wrote:
> > Hi,
> >
> > I have a service running with a SmackProcessLabel that uses the
> > supervisory watchdog feature, ie calls sd_notify(). The Watchdog
On 8/1/2018 3:18 AM, Martin Townsend wrote:
> Hi,
>
> I have a service running with a SmackProcessLabel that uses the
> supervisory watchdog feature, ie calls sd_notify(). The Watchdog
> keeps resetting the service and I get the following in the journal
>
> Jul 27 11:36:11 kernel: audit: type=1400
Hi,
I have a service running with a SmackProcessLabel that uses the
supervisory watchdog feature, ie calls sd_notify(). The Watchdog
keeps resetting the service and I get the following in the journal
Jul 27 11:36:11 kernel: audit: type=1400 audit(1532691371.270:34):
lsm=SMACK fn=smack_unix_may_s