Age | Commit message (Collapse) | Author | |
---|---|---|---|
2010-08-12 | main: log build time features on startup | Lennart Poettering | |
2010-08-11 | main: disable nscd properly, if possible | Lennart Poettering | |
2010-08-11 | selinux: split off selinux calls into seperate file label.c | Lennart Poettering | |
2010-08-11 | clang: fix numerous little issues found with clang-analyzer | Lennart Poettering | |
2010-08-09 | service: hide output of sysv scripts if quiet is passed on the kernel cmdline | Lennart Poettering | |
2010-08-06 | main: automatically spawn a getty on the kernel configured serial console | Lennart Poettering | |
2010-08-03 | Systemd is causing mislabeled devices to be created and then attempting to ↵ | Daniel J Walsh | |
read them. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 07/28/2010 05:57 AM, Kay Sievers wrote: > On Wed, Jul 28, 2010 at 11:43, Lennart Poettering > <lennart@poettering.net> wrote: >> On Mon, 26.07.10 16:42, Daniel J Walsh (dwalsh@redhat.com) wrote: >>> tcontext=system_u:object_r:device_t:s0 tclass=chr_file >>> type=1400 audit(1280174589.476:7): avc: denied { read } for pid=1 >>> comm="systemd" name="autofs" dev=devtmpfs ino=9482 >>> scontext=system_u:system_r:init_t:s0 >>> tcontext=system_u:object_r:device_t:s0 tclass=chr_file >>> type=1400 audit(1280174589.476:8): avc: denied { read } for pid=1 >>> comm="systemd" name="autofs" dev=devtmpfs ino=9482 >>> scontext=system_u:system_r:init_t:s0 >>> tcontext=system_u:object_r:device_t:s0 tclass=chr_file >>> >>> Lennart, we talked about this earlier. I think this is caused by the >>> modprobe calls to create /dev/autofs. Since udev is not created at the >>> point that init loads the kernel modules, the devices get created with >>> the wrong label. Once udev starts the labels get fixed. >>> >>> I can allow init_t to read device_t chr_files. >> >> Hmm, I think a cleaner fix would be to make systemd relabel this device >> properly before accessing it? Given that this is only one device this >> should not be a problem for us to maintain, I think? How would the >> fixing of the label work? Would we have to spawn restorecon for this, or >> can we actually do this in C without too much work? > > I guess we can just do what udev is doing, and call setfilecon(), with > a context of an earlier matchpathcon(). > > Kay > _______________________________________________ > systemd-devel mailing list > systemd-devel@lists.freedesktop.org > http://lists.freedesktop.org/mailman/listinfo/systemd-devel Here is the updated patch with a fix for the labeling of /dev/autofs -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.14 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAkxQMyoACgkQrlYvE4MpobNviACfWgxsjW2xzz1qznFex8RVAQHf gIEAmwRmRcLvGqYtwQaZ3WKIg8wmrwNk =pC2e | |||
2010-07-24 | main: disable NSS disabling logic for now, since this is incompatible with rpm | Lennart Poettering | |
2010-07-20 | systemctl: always disable color when output goes into a file | Lennart Poettering | |
2010-07-20 | manager: write serialization to /dev/.systemd/ instead of /dev/shm | Lennart Poettering | |
2010-07-16 | main: disable nscd if we can to avoid deadlock, just in case | Lennart Poettering | |
2010-07-13 | main: introduce -D as quick acess to debugging | Lennart Poettering | |
2010-07-13 | main: replace --running-as= by --session and --system do mimic related tools ↵ | Lennart Poettering | |
and D-Bus | |||
2010-07-10 | systemctl: show exec status of all exited programs | Lennart Poettering | |
2010-07-09 | main: introduce $SYSTEMD_SKIP_API_MOUNTS to disable mounting of API FS | Lennart Poettering | |
2010-07-08 | dbus: make errors reported via D-Bus more useful | Lennart Poettering | |
2010-07-07 | util: use quoted word parsing where applicable | Lennart Poettering | |
2010-07-07 | log: bump up a number of log messages so that they are shown even if debug ↵ | Lennart Poettering | |
logging is disabled, for diagnostic purposes | |||
2010-07-07 | main: always log when we reexecute or reload | Lennart Poettering | |
2010-07-07 | main: lower default log level to INFO | Lennart Poettering | |
2010-07-07 | main: show welcome string only when asked for | Lennart Poettering | |
2010-07-07 | main: implement manager configuration file | Lennart Poettering | |
2010-07-07 | main: show welcome message on boot | Lennart Poettering | |
2010-07-07 | manager: optionally print status updates to console on boot | Lennart Poettering | |
2010-07-06 | main: add a native implementation of the 'nomodules' kernel option ↵ | Lennart Poettering | |
understood by fedora init scripts | |||
2010-06-24 | minor fixes to help texts | Lennart Poettering | |
2010-06-23 | man: start documenting systemd itself | Lennart Poettering | |
2010-06-19 | don't use 'long long' unless we have a really good reason to | Lennart Poettering | |
2010-06-19 | manager: get rid of destinction between running_as=system and ↵ | Lennart Poettering | |
running_as=init, as there is little value in it and we cannot really test this | |||
2010-06-18 | main: don't segfault when --log-color is passed without parameter | Lennart Poettering | |
2010-06-18 | init: call telinit in case we are run as init and not pid1 | Lennart Poettering | |
2010-06-18 | systemctl: add verbs for special units | Lennart Poettering | |
2010-06-17 | log: make color/location logging optional | Lennart Poettering | |
2010-06-16 | service: optionally call into PAM when dropping priviliges | Lennart Poettering | |
2010-06-16 | main: fix help regarding --unit/systemd.unit= | Lennart Poettering | |
2010-06-11 | reword a few log messages | Lennart Poettering | |
2010-06-09 | main: rename systemd.default= to systemd.unit= | Lennart Poettering | |
2010-06-02 | macro: avoid name clash with _unused on ppc | Lennart Poettering | |
2010-05-24 | main: don't try to mount api dirs if we are not root | Lennart Poettering | |
2010-05-23 | dbus: automatically generate and install introspection files | Lennart Poettering | |
2010-05-22 | execute: fix typo | Lennart Poettering | |
2010-05-22 | execute: only reset those signals to the default we really need to reset to ↵ | Lennart Poettering | |
the default | |||
2010-05-22 | kmod: automatically load a few kernel modules we need for normal operation ↵ | Lennart Poettering | |
before udev is active | |||
2010-05-18 | log: never close file descriptors < 3 | Lennart Poettering | |
2010-05-18 | main: ignore EPERM in TIOCSTTY when opening terminal for crash shell | Lennart Poettering | |
2010-05-18 | main: if we fail to acquire a terminal for the crash shell, warn but continue | Lennart Poettering | |
2010-05-16 | build-sys: move source files to subdirectory | Lennart Poettering | |