proxmox-mirrors/systemd
1
0
Fork 0
mirror of https://git.proxmox.com/git/systemd synced 2026-01-20 23:53:54 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
1,048 Commits 2 Branches 4 Tags 78 MiB
C 89%
Python 5.4%
Shell 3%
Meson 1.3%
HTML 0.8%
Other 0.4%
56cf987fe7
Go to file
Daniel J Walsh 56cf987fe7 Systemd is causing mislabeled devices to be created and then attempting to read them. 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 07/28/2010 05:57 AM, Kay Sievers wrote:
> On Wed, Jul 28, 2010 at 11:43, Lennart Poettering
> <lennart@poettering.net> wrote:
>> On Mon, 26.07.10 16:42, Daniel J Walsh (dwalsh@redhat.com) wrote:
>>> tcontext=system_u:object_r:device_t:s0 tclass=chr_file
>>> type=1400 audit(1280174589.476:7): avc:  denied  { read } for  pid=1
>>> comm="systemd" name="autofs" dev=devtmpfs ino=9482
>>> scontext=system_u:system_r:init_t:s0
>>> tcontext=system_u:object_r:device_t:s0 tclass=chr_file
>>> type=1400 audit(1280174589.476:8): avc:  denied  { read } for  pid=1
>>> comm="systemd" name="autofs" dev=devtmpfs ino=9482
>>> scontext=system_u:system_r:init_t:s0
>>> tcontext=system_u:object_r:device_t:s0 tclass=chr_file
>>>
>>> Lennart, we talked about this earlier.  I think this is caused by the
>>> modprobe calls to create /dev/autofs.  Since udev is not created at the
>>> point that init loads the kernel modules, the devices get created with
>>> the wrong label.  Once udev starts the labels get fixed.
>>>
>>> I can allow init_t to read device_t chr_files.
>>
>> Hmm, I think a cleaner fix would be to make systemd relabel this device
>> properly before accessing it? Given that this is only one device this
>> should not be a problem for us to maintain, I think? How would the
>> fixing of the label work? Would we have to spawn restorecon for this, or
>> can we actually do this in C without too much work?
>
> I guess we can just do what udev is doing, and call setfilecon(), with
> a context of an earlier matchpathcon().
>
> Kay
> _______________________________________________
> systemd-devel mailing list
> systemd-devel@lists.freedesktop.org
> http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Here is the updated patch with a fix for the labeling of /dev/autofs
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAkxQMyoACgkQrlYvE4MpobNviACfWgxsjW2xzz1qznFex8RVAQHf
gIEAmwRmRcLvGqYtwQaZ3WKIg8wmrwNk
=pC2e
2010-08-03 23:45:22 +02:00
m4 git: ignore libtool m4 files 2010-06-18 04:23:33 +02:00
man socket: Allow selection of TCP Congestion Avoidance algorithm to socket 2010-08-03 23:23:47 +02:00
src Systemd is causing mislabeled devices to be created and then attempting to read them. 2010-08-03 23:45:22 +02:00
test1 cgroup: add cgroupsification 2010-03-31 16:29:55 +02:00
test2 test: update test-engine.c to work again 2010-06-03 03:01:29 +02:00
units units: add [Install] section to getty.target and remote-fs.target 2010-07-22 02:39:21 +02:00
.gitignore update fixme 2010-07-21 20:26:44 +02:00
bootstrap.sh build-sys: fix automake version check 2010-07-01 00:24:14 +02:00
CODING_STYLE CODING_STYLE: minor updates 2010-02-14 22:44:51 +01:00
configure.ac Systemd is causing mislabeled devices to be created and then attempting to read them. 2010-08-03 23:45:22 +02:00
DISTRO_PORTING main: replace --running-as= by --session and --system do mimic related tools and D-Bus 2010-07-13 18:57:58 +02:00
fixme update fixme 2010-08-03 23:29:18 +02:00
LICENSE license: add GPLv2+ license blurbs everwhere 2010-02-03 13:03:47 +01:00
Makefile.am systemctl: fold systemd-install into systemctl 2010-07-24 00:53:33 +02:00
README build-sys: remove vala generated sources only when valac is around 2010-05-18 00:28:39 +02:00
systemd.pc.in build-sys: fix directory creation of a few dirs 2010-06-22 05:43:07 +02:00

README 

systemd System and Session Manager

DETAILS:
        http://0pointer.de/blog/projects/systemd.html

WEB SITE:
        http://www.freedesktop.org/wiki/Software/systemd

GIT:
        git://anongit.freedesktop.org/systemd
        ssh://git.freedesktop.org/git/systemd

GITWEB:
        http://cgit.freedesktop.org/systemd/

MAILING LIST:
        http://lists.freedesktop.org/mailman/listinfo/systemd-devel
        http://lists.freedesktop.org/mailman/listinfo/systemd-commits

IRC:
        #systemd on irc.freenode.org

BUG REPORTS:
        https://bugs.freedesktop.org/enter_bug.cgi?product=systemd

AUTHOR:
        Lennart Poettering with major support from Kay Sievers

REQUIREMENTS:
        Linux kernel >= 2.6.30 (with autofs4, devtmpfs, cgroups)
        libudev >= 151
        libcgroup >= 0.35
        vala >= 0.80
        gtk+ >= 2.20
        dbus >= 1.2.24