Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Bug#775613: systemd: why is /run/systemd/inhibit/1.ref inherited?
10 views
Skip to first unread message
Russell Coker
Jan 17, 2015, 7:10:02 PM1/17/15
to
Package: systemd
Version: 215-9
Severity: normal
type=AVC msg=audit(1421538903.417:232): avc: denied { use } for pid=23546 comm="kded4" path="/run/systemd/inhibit/1.ref" dev="tmpfs" ino=91124 scontext=rjc:user_r:user_t:s0-s0:c0.c1023 tcontext=system_u:system_r:systemd_logind_t:s0 tclass=fd permissive=0
When I login via kdm the KDE user processes (and presumably user processes
from any other desktop environment) inherit /run/systemd/inhibit/1.ref.
Is this desired? If so why? I have SE Linux preventing it and everything
works.
-- Package-specific info:
-- System Information:
Debian Release: 8.0
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Init: systemd (via /run/systemd/system)
Versions of packages systemd depends on:
ii acl 2.2.52-2
ii adduser 3.113+nmu3
ii initscripts 2.88dsf-58
ii libacl1 2.2.52-2
ii libaudit1 1:2.4-1+b1
ii libblkid1 2.25.2-4
ii libc6 2.19-13
ii libcap2 1:2.24-6
ii libcap2-bin 1:2.24-6
ii libcryptsetup4 2:1.6.6-4
ii libgcrypt20 1.6.2-4+b1
ii libkmod2 18-3
ii liblzma5 5.1.1alpha+20120614-2+b3
ii libpam0g 1.1.8-3.1
ii libselinux1 2.3-2
ii libsystemd0 215-9
ii mount 2.25.2-4
ii sysv-rc 2.88dsf-58
ii udev 215-9
ii util-linux 2.25.2-4
Versions of packages systemd recommends:
ii dbus 1.8.14-1
ii libpam-systemd 215-9
Versions of packages systemd suggests:
pn systemd-ui <none>
-- Configuration Files:
/etc/systemd/journald.conf changed:
[Journal]
SystemMaxUse=25M
-- no debconf information
--
To UNSUBSCRIBE, email to debian-bugs-...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org
Version: 215-9
Severity: normal
type=AVC msg=audit(1421538903.417:232): avc: denied { use } for pid=23546 comm="kded4" path="/run/systemd/inhibit/1.ref" dev="tmpfs" ino=91124 scontext=rjc:user_r:user_t:s0-s0:c0.c1023 tcontext=system_u:system_r:systemd_logind_t:s0 tclass=fd permissive=0
When I login via kdm the KDE user processes (and presumably user processes
from any other desktop environment) inherit /run/systemd/inhibit/1.ref.
Is this desired? If so why? I have SE Linux preventing it and everything
works.
-- Package-specific info:
-- System Information:
Debian Release: 8.0
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Init: systemd (via /run/systemd/system)
Versions of packages systemd depends on:
ii acl 2.2.52-2
ii adduser 3.113+nmu3
ii initscripts 2.88dsf-58
ii libacl1 2.2.52-2
ii libaudit1 1:2.4-1+b1
ii libblkid1 2.25.2-4
ii libc6 2.19-13
ii libcap2 1:2.24-6
ii libcap2-bin 1:2.24-6
ii libcryptsetup4 2:1.6.6-4
ii libgcrypt20 1.6.2-4+b1
ii libkmod2 18-3
ii liblzma5 5.1.1alpha+20120614-2+b3
ii libpam0g 1.1.8-3.1
ii libselinux1 2.3-2
ii libsystemd0 215-9
ii mount 2.25.2-4
ii sysv-rc 2.88dsf-58
ii udev 215-9
ii util-linux 2.25.2-4
Versions of packages systemd recommends:
ii dbus 1.8.14-1
ii libpam-systemd 215-9
Versions of packages systemd suggests:
pn systemd-ui <none>
-- Configuration Files:
/etc/systemd/journald.conf changed:
[Journal]
SystemMaxUse=25M
-- no debconf information
--
To UNSUBSCRIBE, email to debian-bugs-...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org
Michael Biebl
Sep 30, 2015, 6:10:03 PM9/30/15
to
On Sun, 18 Jan 2015 11:07:40 +1100 Russell Coker <rus...@coker.com.au>
wrote:
Can you elaborate?
Michael
--
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?
wrote:
> Package: systemd
> Version: 215-9
> Severity: normal
>
>
> type=AVC msg=audit(1421538903.417:232): avc: denied { use } for pid=23546 comm="kded4" path="/run/systemd/inhibit/1.ref" dev="tmpfs" ino=91124 scontext=rjc:user_r:user_t:s0-s0:c0.c1023 tcontext=system_u:system_r:systemd_logind_t:s0 tclass=fd permissive=0
>
> When I login via kdm the KDE user processes (and presumably user processes
> from any other desktop environment) inherit /run/systemd/inhibit/1.ref.
>
> Is this desired? If so why? I have SE Linux preventing it and everything
> works.
I'm not sure what the problem is here.
> Version: 215-9
> Severity: normal
>
>
> type=AVC msg=audit(1421538903.417:232): avc: denied { use } for pid=23546 comm="kded4" path="/run/systemd/inhibit/1.ref" dev="tmpfs" ino=91124 scontext=rjc:user_r:user_t:s0-s0:c0.c1023 tcontext=system_u:system_r:systemd_logind_t:s0 tclass=fd permissive=0
>
> When I login via kdm the KDE user processes (and presumably user processes
> from any other desktop environment) inherit /run/systemd/inhibit/1.ref.
>
> Is this desired? If so why? I have SE Linux preventing it and everything
> works.
Can you elaborate?
Michael
--
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?
Russell Coker
Oct 1, 2015, 2:20:05 AM10/1/15
to
On Thu, 1 Oct 2015 08:00:45 AM Michael Biebl wrote:
> On Sun, 18 Jan 2015 11:07:40 +1100 Russell Coker <rus...@coker.com.au>
> wrote:
> > Package: systemd
> > Version: 215-9
> > Severity: normal
> >
> >
> > type=AVC msg=audit(1421538903.417:232): avc: denied { use } for
> > pid=23546 comm="kded4" path="/run/systemd/inhibit/1.ref" dev="tmpfs"
> > ino=91124 scontext=rjc:user_r:user_t:s0-s0:c0.c1023
> > tcontext=system_u:system_r:systemd_logind_t:s0 tclass=fd permissive=0
> >
> > When I login via kdm the KDE user processes (and presumably user
> > processes from any other desktop environment) inherit
> > /run/systemd/inhibit/1.ref.
> >
> > Is this desired? If so why? I have SE Linux preventing it and
> > everything works.
>
> I'm not sure what the problem is here.
> Can you elaborate?
If a socket or pipe is inherited from a system process to a process running as
> On Sun, 18 Jan 2015 11:07:40 +1100 Russell Coker <rus...@coker.com.au>
> wrote:
> > Package: systemd
> > Version: 215-9
> > Severity: normal
> >
> >
> > type=AVC msg=audit(1421538903.417:232): avc: denied { use } for
> > pid=23546 comm="kded4" path="/run/systemd/inhibit/1.ref" dev="tmpfs"
> > ino=91124 scontext=rjc:user_r:user_t:s0-s0:c0.c1023
> > tcontext=system_u:system_r:systemd_logind_t:s0 tclass=fd permissive=0
> >
> > When I login via kdm the KDE user processes (and presumably user
> > processes from any other desktop environment) inherit
> > /run/systemd/inhibit/1.ref.
> >
> > Is this desired? If so why? I have SE Linux preventing it and
> > everything works.
>
> I'm not sure what the problem is here.
> Can you elaborate?
a user there is a possibility of a security problem. Generally if there is no
reason for such access to be granted then it should not be granted. The file
handle could be closed before exec or it could be set to close on exec.
--
My Main Blog http://etbe.coker.com.au/
My Documents Blog http://doc.coker.com.au/
0 new messages