Your message dated Sat, 24 Mar 2018 22:33:17 +0100 with message-id <61e51f6f-157c-63e1-b20a-bea2884ad...@debian.org> and subject line Re: systemd: why is /run/systemd/inhibit/1.ref inherited? has caused the Debian Bug report #775613, regarding systemd: why is /run/systemd/inhibit/1.ref inherited? to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 775613: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775613 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: systemd Version: 215-9 Severity: normal type=AVC msg=audit(1421538903.417:232): avc: denied { use } for pid=23546 comm="kded4" path="/run/systemd/inhibit/1.ref" dev="tmpfs" ino=91124 scontext=rjc:user_r:user_t:s0-s0:c0.c1023 tcontext=system_u:system_r:systemd_logind_t:s0 tclass=fd permissive=0 When I login via kdm the KDE user processes (and presumably user processes from any other desktop environment) inherit /run/systemd/inhibit/1.ref. Is this desired? If so why? I have SE Linux preventing it and everything works. -- Package-specific info: -- System Information: Debian Release: 8.0 APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores) Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Init: systemd (via /run/systemd/system) Versions of packages systemd depends on: ii acl 2.2.52-2 ii adduser 3.113+nmu3 ii initscripts 2.88dsf-58 ii libacl1 2.2.52-2 ii libaudit1 1:2.4-1+b1 ii libblkid1 2.25.2-4 ii libc6 2.19-13 ii libcap2 1:2.24-6 ii libcap2-bin 1:2.24-6 ii libcryptsetup4 2:1.6.6-4 ii libgcrypt20 1.6.2-4+b1 ii libkmod2 18-3 ii liblzma5 5.1.1alpha+20120614-2+b3 ii libpam0g 1.1.8-3.1 ii libselinux1 2.3-2 ii libsystemd0 215-9 ii mount 2.25.2-4 ii sysv-rc 2.88dsf-58 ii udev 215-9 ii util-linux 2.25.2-4 Versions of packages systemd recommends: ii dbus 1.8.14-1 ii libpam-systemd 215-9 Versions of packages systemd suggests: pn systemd-ui <none> -- Configuration Files: /etc/systemd/journald.conf changed: [Journal] SystemMaxUse=25M -- no debconf information
--- End Message ---
--- Begin Message ---On Thu, 1 Oct 2015 15:59:52 +1000 Russell Coker <russ...@coker.com.au> wrote: > On Thu, 1 Oct 2015 08:00:45 AM Michael Biebl wrote: > > On Sun, 18 Jan 2015 11:07:40 +1100 Russell Coker <russ...@coker.com.au> > > wrote: > > > Package: systemd > > > Version: 215-9 > > > Severity: normal > > > > > > > > > type=AVC msg=audit(1421538903.417:232): avc: denied { use } for > > > pid=23546 comm="kded4" path="/run/systemd/inhibit/1.ref" dev="tmpfs" > > > ino=91124 scontext=rjc:user_r:user_t:s0-s0:c0.c1023 > > > tcontext=system_u:system_r:systemd_logind_t:s0 tclass=fd permissive=0 > > > > > > When I login via kdm the KDE user processes (and presumably user > > > processes from any other desktop environment) inherit > > > /run/systemd/inhibit/1.ref. > > > > > > Is this desired? If so why? I have SE Linux preventing it and > > > everything works. > > > > I'm not sure what the problem is here. > > Can you elaborate? > > If a socket or pipe is inherited from a system process to a process running > as > a user there is a possibility of a security problem. Generally if there is > no > reason for such access to be granted then it should not be granted. The file > handle could be closed before exec or it could be set to close on exec. Please raise this issue upstream at https://github.com/systemd/systemd/issues if it still persists in stretch. Regards, Michael -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth?
signature.asc
Description: OpenPGP digital signature
--- End Message ---
_______________________________________________ Pkg-systemd-maintainers mailing list Pkg-systemd-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-systemd-maintainers
