1. 13 Feb, 2011 1 commit
  2. 20 Jan, 2011 1 commit
  3. 05 Jan, 2011 1 commit
  4. 28 Dec, 2010 1 commit
  5. 15 Nov, 2010 1 commit
  6. 11 Nov, 2010 1 commit
  7. 10 Nov, 2010 2 commits
  8. 28 Oct, 2010 1 commit
  9. 27 Oct, 2010 2 commits
  10. 26 Oct, 2010 1 commit
  11. 25 Oct, 2010 1 commit
  12. 22 Oct, 2010 1 commit
  13. 18 Oct, 2010 1 commit
  14. 08 Oct, 2010 1 commit
  15. 07 Oct, 2010 2 commits
  16. 05 Oct, 2010 1 commit
  17. 21 Sep, 2010 1 commit
  18. 15 Sep, 2010 3 commits
  19. 25 Aug, 2010 1 commit
  20. 20 Aug, 2010 3 commits
  21. 17 Aug, 2010 2 commits
  22. 16 Aug, 2010 1 commit
  23. 11 Aug, 2010 4 commits
  24. 03 Aug, 2010 1 commit
    • Daniel J Walsh's avatar
      Systemd is causing mislabeled devices to be created and then attempting to read them. · 56cf987f
      Daniel J Walsh authored
      -----BEGIN PGP SIGNED MESSAGE-----
      Hash: SHA1
      
      On 07/28/2010 05:57 AM, Kay Sievers wrote:
      > On Wed, Jul 28, 2010 at 11:43, Lennart Poettering
      > <lennart@poettering.net> wrote:
      >> On Mon, 26.07.10 16:42, Daniel J Walsh (dwalsh@redhat.com) wrote:
      >>> tcontext=system_u:object_r:device_t:s0 tclass=chr_file
      >>> type=1400 audit(1280174589.476:7): avc:  denied  { read } for  pid=1
      >>> comm="systemd" name="autofs" dev=devtmpfs ino=9482
      >>> scontext=system_u:system_r:init_t:s0
      >>> tcontext=system_u:object_r:device_t:s0 tclass=chr_file
      >>> type=1400 audit(1280174589.476:8): avc:  denied  { read } for  pid=1
      >>> comm="systemd" name="autofs" dev=devtmpfs ino=9482
      >>> scontext=system_u:system_r:init_t:s0
      >>> tcontext=system_u:object_r:device_t:s0 tclass=chr_file
      >>>
      >>> Lennart, we talked about this earlier.  I think this is caused by the
      >>> modprobe calls to create /dev/autofs.  Since udev is not created at the
      >>> point that init loads the kernel modules, the devices get created with
      >>> the wrong label.  Once udev starts the labels get fixed.
      >>>
      >>> I can allow init_t to read device_t chr_files.
      >>
      >> Hmm, I think a cleaner fix would be to make systemd relabel this device
      >> properly before accessing it? Given that this is only one device this
      >> should not be a problem for us to maintain, I think? How would the
      >> fixing of the label work? Would we have to spawn restorecon for this, or
      >> can we actually do this in C without too much work?
      >
      > I guess we can just do what udev is doing, and call setfilecon(), with
      > a context of an earlier matchpathcon().
      >
      > Kay
      > _______________________________________________
      > systemd-devel mailing list
      > systemd-devel@lists.freedesktop.org
      > http://lists.freedesktop.org/mailman/listinfo/systemd-devel
      
      Here is the updated patch with a fix for the labeling of /dev/autofs
      -----BEGIN PGP SIGNATURE-----
      Version: GnuPG v2.0.14 (GNU/Linux)
      Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
      
      iEYEARECAAYFAkxQMyoACgkQrlYvE4MpobNviACfWgxsjW2xzz1qznFex8RVAQHf
      gIEAmwRmRcLvGqYtwQaZ3WKIg8wmrwNk
      =pC2e
      56cf987f
  25. 20 Jul, 2010 1 commit
    • Lennart Poettering's avatar
      device: do not merge devices · 8fe914ec
      Lennart Poettering authored
      Don't try to merge devices that have been created via dependencies when
      they appear in the system and can be recognized as the same.  Instead,
      simply continue to maintain them independently of each other, however
      with the same state cycle. Why? Because otherwise we'd have a hard time
      to seperate the dependencies after the devices are unplugged again and
      we hence cannot be sure anymore that next time the device is plugged in
      it will carry the same names.
      
      Example: if one depndency refers to dev-sda.device and another one to
      dev-by-id-xxxyyy.device we only learn at time of plug in of the device
      that it is actually the same device that was ment. In the moment the
      device is unplugged again we won't know anymore their relation to each
      other and the next time the harddisk is plugged it might even appear as
      dev-by-id-xxxyyy.device and dev-sdb.service. To ensure the dependencies
      continue to have the meaning they were intended to have let's hence keep
      the .device objects seperate all the time, even when they are plugged
      in.
      
      This patch also introduces a new Following= property which points from
      the various .device units of a specific device to the main .device unit
      for it. This can be used by the client side to figure out the relation
      of the .device units to each other and even filter units from display.
      8fe914ec
  26. 12 Jul, 2010 1 commit
  27. 10 Jul, 2010 1 commit
  28. 08 Jul, 2010 2 commits