[systemd-devel] Antw: [EXT] Child of daemon sending SIGCHLD to systemd
Ulrich Windl
Ulrich.Windl at rz.uni-regensburg.de
Tue Jun 30 06:16:14 UTC 2020
>>> Ian Pilcher <arequipeno at gmail.com> schrieb am 29.06.2020 um 19:19 in
Nachricht
<4792_1593451210_5EFA22CA_4792_148_1_rdd7rq$3aje$1 at ciao.gmane.io>:
> I originally posted a variation of the question on the SELinux mailing
> list, but the more I look at this the more I realize that it really
> isn't a SELinux questions. I'm not really sure that it's a systemd
> question either, but it definitely falls into the area of Linux process
> management, so I'm hopeful that someone here at least has an idea what
> is going on ...
>
> I'm in the (hopefully) final stages of creating the policy module for a
> daemon that I've written to monitor my home NAS.
>
> The daemon is started by systemd (init_t) and runs as its own type
> (freecusd_t). In order to read the SMART attributes of the NAS drives,
> the daemon runs a helper application, which has its own type
> (freecusd_smart_t). So:
>
> systemd (init_t) ‑‑> freecusd (freecusd_t)
> ‑‑> freecusd_smart_helper (freecusd_smart_t)
>
> I've got my policy basically working, but I'm getting this SELinux
> denial, which I just don't understand:
>
> type=AVC msg=audit(1593392372.230:9215): avc: denied { sigchld } for
> pid=1 comm="systemd" scontext=system_u:system_r:freecusd_smart_t:s0
> tcontext=system_u:system_r:init_t:s0 tclass=process permissive=0
>
> This seems to be saying that the helper is trying to send SIGCHLD to
> systemd. I'm seeing this message repeated 4 times when the freecusd
> daemon starts and then sporadically afterwards. (freecusd repeatedly
> spawns the helper to read the drive states.)
>
> Is there a circumstance in which the grandchild (freecusd_smart_helper)
> would send SIGCHLD to systemd while its parent is still running?
Have you tried running your command unter "strace -f ..." to record what's
going on? You can restrict the syscalls to record if it's too many.
>
> ‑‑
> ========================================================================
> In Soviet Russia, Google searches you!
> ========================================================================
>
> _______________________________________________
> systemd‑devel mailing list
> systemd‑devel at lists.freedesktop.org
> https://lists.freedesktop.org/mailman/listinfo/systemd‑devel
More information about the systemd-devel
mailing list