[systemd-devel] [PATCH] Add CAP_MAC_OVERRIDE in logind and hostnamed units

Zbigniew Jędrzejewski-Szmek zbyszek at in.waw.pl
Fri Mar 7 05:52:27 PST 2014


On Fri, Mar 07, 2014 at 02:41:07PM +0100, Maciej Wereski wrote:
> 07.03.2014 at 14:27 Zbigniew Jędrzejewski-Szmek <zbyszek at in.waw.pl> wrote:
> 
> >What is it needed for?
> 
> To fix SMACK:
> 
> [    8.715491] type=1400 audit(946708910.490:2): lsm=SMACK
> fn=smack_inode_permission action=denied subject="System" object="_"
> requested=w pid=2324 comm="systemd-logind" dev="tmpfs" ino=11023
> [    8.731766] type=1400 audit(946708910.510:3): lsm=SMACK
> fn=smack_inode_permission action=denied subject="System" object="_"
> requested=w pid=2324 comm="systemd-logind" dev="tmpfs" ino=11023
> [    9.570774] type=1400 audit(946708911.345:4): lsm=SMACK
> fn=smack_inode_permission action=denied subject="System" object="_"
> requested=w pid=2412 comm="systemd-hostnam" dev="tmpfs" ino=9174
> [    9.587658] type=1400 audit(946708911.360:5): lsm=SMACK
> fn=smack_inode_permission action=denied subject="System" object="_"
> requested=w pid=2412 comm="systemd-hostnam" dev="tmpfs" ino=9175
> 
> Should it be fixed in some other way?
What about updating the smack policy?

Zbyszek


More information about the systemd-devel mailing list