On Tue, 10.11.15 22:53, Igor Zhbanov (izh1...@gmail.com) wrote: > Hi! > > I see lots of messages (with systemd debug enabled) on the kernel with > selinux disabled: > systemd[1]: Failed to determine peer security context: Protocol not available > > As I understand, this happen because getsockopt() returns ENOPROTOOPT, > and systemd > checks for EOPNOTSUPP.
Hmm, how did you disable selinux/smack here? disabled at compile-time? or at runtime via a kernel cmldine option like selinux=0? > > /* Get the peer for socketpair() sockets */ > b->ucred_valid = getpeercred(b->input_fd, &b->ucred) >= 0; > > /* Get the SELinux context of the peer */ > r = getpeersec(b->input_fd, &b->label); > if (r < 0 && r != -EOPNOTSUPP) > log_debug_errno(r, "Failed to determine peer security > context: %m"); I figure we should wrap this in a mac_selinux_use() check like we do for the other cases, otherwise we'd mistake a SMACK label for an selinux one... That would solve the issue at hand. Will fix. Lennart -- Lennart Poettering, Red Hat _______________________________________________ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
