[systemd-devel] Antw: [EXT] Child of daemon sending SIGCHLD to systemd

Mon, 29 Jun 2020 23:16:57 -0700 

>>> Ian Pilcher <arequip...@gmail.com> schrieb am 29.06.2020 um 19:19 in
Nachricht
<4792_1593451210_5EFA22CA_4792_148_1_rdd7rq$3aje$1...@ciao.gmane.io>:
> I originally posted a variation of the question on the SELinux mailing
> list, but the more I look at this the more I realize that it really
> isn't a SELinux questions.  I'm not really sure that it's a systemd
> question either, but it definitely falls into the area of Linux process
> management, so I'm hopeful that someone here at least has an idea what
> is going on ...
> 
> I'm in the (hopefully) final stages of creating the policy module for a
> daemon that I've written to monitor my home NAS.
> 
> The daemon is started by systemd (init_t) and runs as its own type
> (freecusd_t).  In order to read the SMART attributes of the NAS drives,
> the daemon runs a helper application, which has its own type
> (freecusd_smart_t).  So:
> 
>    systemd (init_t) ‑‑> freecusd (freecusd_t)
>                             ‑‑> freecusd_smart_helper (freecusd_smart_t)
> 
> I've got my policy basically working, but I'm getting this SELinux
> denial, which I just don't understand:
> 
> type=AVC msg=audit(1593392372.230:9215): avc:  denied  { sigchld } for 
> pid=1 comm="systemd" scontext=system_u:system_r:freecusd_smart_t:s0 
> tcontext=system_u:system_r:init_t:s0 tclass=process permissive=0
> 
> This seems to be saying that the helper is trying to send SIGCHLD to
> systemd.  I'm seeing this message repeated 4 times when the freecusd
> daemon starts and then sporadically afterwards.  (freecusd repeatedly
> spawns the helper to read the drive states.)
> 
> Is there a circumstance in which the grandchild (freecusd_smart_helper)
> would send SIGCHLD to systemd while its parent is still running?

Have you tried running your command unter "strace -f ..." to record what's
going on? You can restrict the syscalls to record if it's too many.

> 
> ‑‑ 
> ========================================================================
>                   In Soviet Russia, Google searches you!
> ========================================================================
> 
> _______________________________________________
> systemd‑devel mailing list
> systemd‑de...@lists.freedesktop.org 
> https://lists.freedesktop.org/mailman/listinfo/systemd‑devel 



_______________________________________________
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/systemd-devel

Reply via email to