[systemd-devel] [PATCH] Add CAP_MAC_OVERRIDE in logind and hostnamed units
Zbigniew Jędrzejewski-Szmek
zbyszek at in.waw.pl
Fri Mar 7 05:52:27 PST 2014
On Fri, Mar 07, 2014 at 02:41:07PM +0100, Maciej Wereski wrote:
> 07.03.2014 at 14:27 Zbigniew Jędrzejewski-Szmek <zbyszek at in.waw.pl> wrote:
>
> >What is it needed for?
>
> To fix SMACK:
>
> [ 8.715491] type=1400 audit(946708910.490:2): lsm=SMACK
> fn=smack_inode_permission action=denied subject="System" object="_"
> requested=w pid=2324 comm="systemd-logind" dev="tmpfs" ino=11023
> [ 8.731766] type=1400 audit(946708910.510:3): lsm=SMACK
> fn=smack_inode_permission action=denied subject="System" object="_"
> requested=w pid=2324 comm="systemd-logind" dev="tmpfs" ino=11023
> [ 9.570774] type=1400 audit(946708911.345:4): lsm=SMACK
> fn=smack_inode_permission action=denied subject="System" object="_"
> requested=w pid=2412 comm="systemd-hostnam" dev="tmpfs" ino=9174
> [ 9.587658] type=1400 audit(946708911.360:5): lsm=SMACK
> fn=smack_inode_permission action=denied subject="System" object="_"
> requested=w pid=2412 comm="systemd-hostnam" dev="tmpfs" ino=9175
>
> Should it be fixed in some other way?
What about updating the smack policy?
Zbyszek
More information about the systemd-devel
mailing list