It was <2013-12-18 śro 20:31>, when Schaufler, Casey wrote: >> -----Original Message----- >> From: [email protected] [mailto:[email protected]] On >> Behalf Of Lukasz Stelmach >> Sent: Wednesday, December 18, 2013 9:52 AM >> Hi,
A day of investigation.
>> I've got quite a recent RD-PQ image: tizen_20131217.8. There is a problem
>> with systemd-journald failing to start because
>
> Where did you get this image? What are you running it on?
>
>>
>> + "Failed to open /dev/kmsg, ignoring: Permission denied"
>
> This looks like you don't have the systemd rules file
> 55-udev-default-smack-rules. This might indicate that the images do
> not have a current version of systemd. A temporary workaround is:
I've got the file. The version is as current as possible but it does not
do:
> chsmack -a '*' /dev/kmsg
unless patched with[fn:1]
>> + "Failed to open runtime journal: No such file or directory"
>
> This is most likely the Smack label on /var/log. A fix is in the works
> for the general problem of /var/log. A temporary workaround is
>
> chsmack -a '*' /var/log
As I wrote this is about /run and /run/log
--8<---------------cut here---------------start------------->8---
2597 execve("/usr/lib/systemd/systemd-journald",
["/usr/lib/systemd/systemd-journald"], [/* 5 vars */]) = 0
[...]
2597 open("/dev/kmsg", O_RDWR|O_NOCTTY|O_NONBLOCK|O_LARGEFILE|O_CLOEXEC) = -1
EACCES (Permission denied)
[...]
2597 mkdir("/run", 0755) = -1 EEXIST (File exists)
2597 mkdir("/run/log", 0755) = -1 EACCES (Permission denied)
2597 open("/run/log/journal/a7d44123bd584b19b949cd3701a47293/system.journal",
O_RDWR|O_CREAT|O_LARGEFILE|O_CLOEXEC, 0640) = -1 ENOENT (No such file or
directory)
2597 writev(2, [{"Failed to open runtime journal: No such file or directory",
57}, {"\n", 1}], 2) = 58
--8<---------------cut here---------------end--------------->8---
--8<---------------cut here---------------start------------->8---
root:~> dmesg | grep lsm=SMACK | tail -1
[ 2183.931852] type=1400 audit(946715231.815:14): lsm=SMACK
fn=smack_inode_permission action=denied subject="System" object="_"
requested=wx pid=2597 comm="systemd-journal" name="/" dev="tmpfs" ino=1293
root:~> mount | awk ' (/^tmpfs/){print $3}' | xargs -i find '{}' -inum 1293
/run
root:~> chsmack /run
/run access="_"
root:~> chsmack /dev/kmsg
/dev/kmsg access="*"
--8<---------------cut here---------------end--------------->8---
PID 2597 was systemd-journald running with the System label.
I wonder why /dev/kmsg is a problem.
>> Apparently something wrong happens with smack settings because, the
>> problem does not appear with security=none present at kernel
>> commandline.
>
> What shows up in /sys/fs/smackfs/load2?
--8<---------------cut here---------------start------------->8---
root:~> grep ^System /sys/fs/smackfs/load2
System User rwx
System ^ rwxa
System System::Shared rwxat
System System::Run rwxat
--8<---------------cut here---------------end--------------->8---
but /run is not labeled with System::Run.
Footnotes:
[fn:1]
http://lists.freedesktop.org/archives/systemd-devel/2013-December/015740.html
--
Łukasz Stelmach
Samsung R&D Institute Poland
Samsung Electronics
pgpG80D3J6Tiy.pgp
Description: PGP signature
_______________________________________________ Dev mailing list [email protected] https://lists.tizen.org/listinfo/dev
