[systemd-devel] Systemd is causing mislabeled devices to be created and then attempting to read them.
Daniel J Walsh
dwalsh at redhat.com
Mon Jul 26 13:42:44 PDT 2010
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
type=1400 audit(1280174589.475:4): avc: denied { read } for pid=1
comm="systemd" name="autofs" dev=devtmpfs ino=9482
scontext=system_u:system_r:init_t:s0
tcontext=system_u:object_r:device_t:s0 tclass=chr_file
type=1400 audit(1280174589.475:5): avc: denied { read } for pid=1
comm="systemd" name="autofs" dev=devtmpfs ino=9482
scontext=system_u:system_r:init_t:s0
tcontext=system_u:object_r:device_t:s0 tclass=chr_file
type=1400 audit(1280174589.475:6): avc: denied { read } for pid=1
comm="systemd" name="autofs" dev=devtmpfs ino=9482
scontext=system_u:system_r:init_t:s0
tcontext=system_u:object_r:device_t:s0 tclass=chr_file
type=1400 audit(1280174589.476:7): avc: denied { read } for pid=1
comm="systemd" name="autofs" dev=devtmpfs ino=9482
scontext=system_u:system_r:init_t:s0
tcontext=system_u:object_r:device_t:s0 tclass=chr_file
type=1400 audit(1280174589.476:8): avc: denied { read } for pid=1
comm="systemd" name="autofs" dev=devtmpfs ino=9482
scontext=system_u:system_r:init_t:s0
tcontext=system_u:object_r:device_t:s0 tclass=chr_file
Lennart, we talked about this earlier. I think this is caused by the
modprobe calls to create /dev/autofs. Since udev is not created at the
point that init loads the kernel modules, the devices get created with
the wrong label. Once udev starts the labels get fixed.
I can allow init_t to read device_t chr_files.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAkxN80QACgkQrlYvE4MpobMDhwCeN5oGvQXx97afyb4KdpcLdCiW
89QAoIIV/q9ZZoHeZ9nkwPCbrqz+8rOj
=cBvM
-----END PGP SIGNATURE-----
More information about the systemd-devel
mailing list