summaryrefslogtreecommitdiff
path: root/src/main.c
AgeCommit message (Collapse)Author
2010-08-06main: automatically spawn a getty on the kernel configured serial consoleLennart Poettering
2010-08-03Systemd is causing mislabeled devices to be created and then attempting to ↵Daniel J Walsh
read them. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 07/28/2010 05:57 AM, Kay Sievers wrote: > On Wed, Jul 28, 2010 at 11:43, Lennart Poettering > <lennart@poettering.net> wrote: >> On Mon, 26.07.10 16:42, Daniel J Walsh (dwalsh@redhat.com) wrote: >>> tcontext=system_u:object_r:device_t:s0 tclass=chr_file >>> type=1400 audit(1280174589.476:7): avc: denied { read } for pid=1 >>> comm="systemd" name="autofs" dev=devtmpfs ino=9482 >>> scontext=system_u:system_r:init_t:s0 >>> tcontext=system_u:object_r:device_t:s0 tclass=chr_file >>> type=1400 audit(1280174589.476:8): avc: denied { read } for pid=1 >>> comm="systemd" name="autofs" dev=devtmpfs ino=9482 >>> scontext=system_u:system_r:init_t:s0 >>> tcontext=system_u:object_r:device_t:s0 tclass=chr_file >>> >>> Lennart, we talked about this earlier. I think this is caused by the >>> modprobe calls to create /dev/autofs. Since udev is not created at the >>> point that init loads the kernel modules, the devices get created with >>> the wrong label. Once udev starts the labels get fixed. >>> >>> I can allow init_t to read device_t chr_files. >> >> Hmm, I think a cleaner fix would be to make systemd relabel this device >> properly before accessing it? Given that this is only one device this >> should not be a problem for us to maintain, I think? How would the >> fixing of the label work? Would we have to spawn restorecon for this, or >> can we actually do this in C without too much work? > > I guess we can just do what udev is doing, and call setfilecon(), with > a context of an earlier matchpathcon(). > > Kay > _______________________________________________ > systemd-devel mailing list > systemd-devel@lists.freedesktop.org > http://lists.freedesktop.org/mailman/listinfo/systemd-devel Here is the updated patch with a fix for the labeling of /dev/autofs -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.14 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAkxQMyoACgkQrlYvE4MpobNviACfWgxsjW2xzz1qznFex8RVAQHf gIEAmwRmRcLvGqYtwQaZ3WKIg8wmrwNk =pC2e
2010-07-24main: disable NSS disabling logic for now, since this is incompatible with rpmLennart Poettering
2010-07-20systemctl: always disable color when output goes into a fileLennart Poettering
2010-07-20manager: write serialization to /dev/.systemd/ instead of /dev/shmLennart Poettering
2010-07-16main: disable nscd if we can to avoid deadlock, just in caseLennart Poettering
2010-07-13main: introduce -D as quick acess to debuggingLennart Poettering
2010-07-13main: replace --running-as= by --session and --system do mimic related tools ↵Lennart Poettering
and D-Bus
2010-07-10systemctl: show exec status of all exited programsLennart Poettering
2010-07-09main: introduce $SYSTEMD_SKIP_API_MOUNTS to disable mounting of API FSLennart Poettering
2010-07-08dbus: make errors reported via D-Bus more usefulLennart Poettering
2010-07-07util: use quoted word parsing where applicableLennart Poettering
2010-07-07log: bump up a number of log messages so that they are shown even if debug ↵Lennart Poettering
logging is disabled, for diagnostic purposes
2010-07-07main: always log when we reexecute or reloadLennart Poettering
2010-07-07main: lower default log level to INFOLennart Poettering
2010-07-07main: show welcome string only when asked forLennart Poettering
2010-07-07main: implement manager configuration fileLennart Poettering
2010-07-07main: show welcome message on bootLennart Poettering
2010-07-07manager: optionally print status updates to console on bootLennart Poettering
2010-07-06main: add a native implementation of the 'nomodules' kernel option ↵Lennart Poettering
understood by fedora init scripts
2010-06-24minor fixes to help textsLennart Poettering
2010-06-23man: start documenting systemd itselfLennart Poettering
2010-06-19don't use 'long long' unless we have a really good reason toLennart Poettering
2010-06-19manager: get rid of destinction between running_as=system and ↵Lennart Poettering
running_as=init, as there is little value in it and we cannot really test this
2010-06-18main: don't segfault when --log-color is passed without parameterLennart Poettering
2010-06-18init: call telinit in case we are run as init and not pid1Lennart Poettering
2010-06-18systemctl: add verbs for special unitsLennart Poettering
2010-06-17log: make color/location logging optionalLennart Poettering
2010-06-16service: optionally call into PAM when dropping priviligesLennart Poettering
2010-06-16main: fix help regarding --unit/systemd.unit=Lennart Poettering
2010-06-11reword a few log messagesLennart Poettering
2010-06-09main: rename systemd.default= to systemd.unit=Lennart Poettering
2010-06-02macro: avoid name clash with _unused on ppcLennart Poettering
2010-05-24main: don't try to mount api dirs if we are not rootLennart Poettering
2010-05-23dbus: automatically generate and install introspection filesLennart Poettering
2010-05-22execute: fix typoLennart Poettering
2010-05-22execute: only reset those signals to the default we really need to reset to ↵Lennart Poettering
the default
2010-05-22kmod: automatically load a few kernel modules we need for normal operation ↵Lennart Poettering
before udev is active
2010-05-18log: never close file descriptors < 3Lennart Poettering
2010-05-18main: ignore EPERM in TIOCSTTY when opening terminal for crash shellLennart Poettering
2010-05-18main: if we fail to acquire a terminal for the crash shell, warn but continueLennart Poettering
2010-05-16build-sys: move source files to subdirectoryLennart Poettering