summaryrefslogtreecommitdiff
path: root/src/automount.c
AgeCommit message (Collapse)Author
2010-08-06automount: order automount units after fsck, tooLennart Poettering
2010-08-03Systemd is causing mislabeled devices to be created and then attempting to ↵Daniel J Walsh
read them. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 07/28/2010 05:57 AM, Kay Sievers wrote: > On Wed, Jul 28, 2010 at 11:43, Lennart Poettering > <lennart@poettering.net> wrote: >> On Mon, 26.07.10 16:42, Daniel J Walsh (dwalsh@redhat.com) wrote: >>> tcontext=system_u:object_r:device_t:s0 tclass=chr_file >>> type=1400 audit(1280174589.476:7): avc: denied { read } for pid=1 >>> comm="systemd" name="autofs" dev=devtmpfs ino=9482 >>> scontext=system_u:system_r:init_t:s0 >>> tcontext=system_u:object_r:device_t:s0 tclass=chr_file >>> type=1400 audit(1280174589.476:8): avc: denied { read } for pid=1 >>> comm="systemd" name="autofs" dev=devtmpfs ino=9482 >>> scontext=system_u:system_r:init_t:s0 >>> tcontext=system_u:object_r:device_t:s0 tclass=chr_file >>> >>> Lennart, we talked about this earlier. I think this is caused by the >>> modprobe calls to create /dev/autofs. Since udev is not created at the >>> point that init loads the kernel modules, the devices get created with >>> the wrong label. Once udev starts the labels get fixed. >>> >>> I can allow init_t to read device_t chr_files. >> >> Hmm, I think a cleaner fix would be to make systemd relabel this device >> properly before accessing it? Given that this is only one device this >> should not be a problem for us to maintain, I think? How would the >> fixing of the label work? Would we have to spawn restorecon for this, or >> can we actually do this in C without too much work? > > I guess we can just do what udev is doing, and call setfilecon(), with > a context of an earlier matchpathcon(). > > Kay > _______________________________________________ > systemd-devel mailing list > systemd-devel@lists.freedesktop.org > http://lists.freedesktop.org/mailman/listinfo/systemd-devel Here is the updated patch with a fix for the labeling of /dev/autofs -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.14 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAkxQMyoACgkQrlYvE4MpobNviACfWgxsjW2xzz1qznFex8RVAQHf gIEAmwRmRcLvGqYtwQaZ3WKIg8wmrwNk =pC2e
2010-07-19systemctl: introduce reset-maintenance commandLennart Poettering
2010-07-13socket: when the socket is supposed to stop, don't accept any connections ↵Lennart Poettering
anymore
2010-07-12mount: add automatic start ordering dependencies for mountsLennart Poettering
2010-07-10mount: add implicit umount.target conflicts only in system modeLennart Poettering
2010-07-10automount: refuse automounts for the root file systemLennart Poettering
2010-07-10units: introduce umount.target for unmounting all file systemsLennart Poettering
2010-07-08dbus: make errors reported via D-Bus more usefulLennart Poettering
2010-07-03unit: simplify things a little by introducing API to add two dependencies in ↵Lennart Poettering
one step
2010-07-02automount: add DirectoryMode= settingLennart Poettering
2010-07-01unit: shorten active state enums to make systemctl output nicerLennart Poettering
2010-07-01unit: add new abstracted maintenance state for unitsLennart Poettering
2010-06-19unit: get rid of various unnecessary castsLennart Poettering
2010-06-18systemctl: add /dev/initctl fallbackLennart Poettering
2010-06-16typo: the correct spelling is maintenance not maintainanceLennart Poettering
2010-05-24path: add .path unit type for monitoring filesLennart Poettering
2010-05-22kmod: automatically load a few kernel modules we need for normal operation ↵Lennart Poettering
before udev is active
2010-05-19automount: try to modprobe autofs4 if its lackingLennart Poettering
2010-05-19automount: never consider our own mount point a prefix mount of usLennart Poettering
2010-05-16build-sys: move source files to subdirectoryLennart Poettering