[Dev] smack setup incomplete, systemd-journal fails

Łukasz Stelmach l.stelmach at samsung.com
Thu Dec 19 08:58:05 GMT 2013

It was <2013-12-18 śro 20:31>, when Schaufler, Casey wrote:
>> -----Original Message-----
>> From: dev-bounces at lists.tizen.org [mailto:dev-bounces at lists.tizen.org] On
>> Behalf Of Lukasz Stelmach
>> Sent: Wednesday, December 18, 2013 9:52 AM
>> Hi,
>> I've got quite a recent RD-PQ image: tizen_20131217.8. There is a problem
>> with systemd-journald failing to start because
> Where did you get this image? What are you running it on?


>> + "Failed to open /dev/kmsg, ignoring: Permission denied"
> This looks like you don't have the systemd rules file
> 55-udev-default-smack-rules. This might indicate that the images do
> not have a current version of systemd. A temporary workaround is:
> 	chsmack -a '*' /dev/kmsg

root:~> chsmack /dev/kmsg 
/dev/kmsg access="*"

This happens at some point because after systemd manages start I can see
/dev/kmsg labeled with '*'. However, journald tries to 

>> + "Failed to open runtime journal: No such file or directory"
> This is most likely the Smack label on /var/log. A fix is in the works
> for the general problem of /var/log. A temporary workaround is
> 	chsmack -a '*' /var/log

"Runtime journal" is in /run/log. And there is no /run/log directory
which may suggest journald is unable to create it.

root:~> chsmack /run 
/run access="_"

>> Apparently something wrong happens with smack settings because, the
>> problem does not appear with security=none present at kernel
>> commandline.
> What shows up in /sys/fs/smackfs/load2?

--8<---------------cut here---------------start------------->8---
root:~> cat /sys/fs/smackfs/load2 | wc -l
root:~> cat /sys/fs/smackfs/load2 | grep -v ^org.tizen\\\|^com.samsung | sort
System System::Run rwxat
System System::Shared rwxat
System User rwx
System ^ rwxa
User System wx
User System::Run rwxat
User System::Shared rx
^ System rwxa
^ System::Run rwxat
_ System wx
_ System::Run rwxat
_default_ 57r43275q7 rw
_default_ System rw
_default_ User rw
_default_ ^ rw
_default_ cp7ipabg4k rw
_default_ deviced rw
_default_ libug-phone rw
_default_ oma-dm-agent rw
_default_ oma-ds-agent rw
_default_ org.tizen.bt-syspopup rw
_default_ org.tizen.calculator rw
_default_ org.tizen.call rw
_default_ org.tizen.clock rw
_default_ org.tizen.contacts rw
_default_ org.tizen.contacts-viewer rw
_default_ org.tizen.email rw
_default_ org.tizen.gallery rw
_default_ org.tizen.indicator rw
_default_ org.tizen.lockscreen rw
_default_ org.tizen.memo rw
_default_ org.tizen.message rw
_default_ org.tizen.mobileprint rw
_default_ org.tizen.music-player rw
_default_ org.tizen.myfile rw
_default_ org.tizen.phone rw
_default_ org.tizen.quickpanel rw
_default_ org.tizen.setting rw
_default_ org.tizen.smartsearch rw
_default_ org.tizen.video-player rw
_default_ osp-installer rw
_default_ privilege-checker rw
_default_ tizenprv00.privacy-popup rw
_default_ ug-image-viewer-efl rw
_default_ ug-setting-manage-applications-efl rw
_default_ ug_bluetooth rw
_default_ usb-server rw
aul com.samsung.gallery rwx
aul org.tizen.call rx
aul org.tizen.camera-app rwx
aul org.tizen.email rwx
aul org.tizen.message rwx
context-service com.samsung.gallery rx
context-service org.tizen.call rx
context-service org.tizen.camera-app rx
context-service org.tizen.email rx
context-service org.tizen.message rx
dbus org.tizen.indicator rwx
dbus org.tizen.pwlock w
e17 _ wx
e17 aul rwx
e17 com.samsung.gallery rw
e17 connman r
e17 device::app_logging w
e17 device::sys_logging w
e17 e17-data rwx
e17 efreet rx
e17 isf rwx
e17 mobileprint rwx
e17 org.tizen.call w
e17 org.tizen.camera-app rw
e17 org.tizen.email rw
e17 org.tizen.indicator rw
e17 org.tizen.message rw
e17 org.tizen.net-popup rwx
e17 org.tizen.pwlock rw
e17 org.tizen.virtual-controller r
e17 pkgmgr r
e17 pulseaudio rwx
e17 sound_server rwx
e17 svi-data rx
e17 sys-assert::core rwxat
e17 system rx
e17 system::homedir rwxat
e17 system::media rwxat
e17 system::share rwx
e17 system::use_internet r
e17 system::vconf rwxat
e17 system::vconf_misc r
e17 xorg rw
e17 xorg::screencapture r
isf com.samsung.gallery rx
isf org.tizen.camera-app r
isf org.tizen.email r
isf org.tizen.message rx
media-server com.samsung.gallery w
media-server org.tizen.camera-app w
media-server org.tizen.email w
media-server org.tizen.message w
mobileprint org.tizen.email rwx
mobileprint pulseaudio rwxat
mobileprint system::homedir rwxat
mobileprint system::media rwxat
mobileprint system::share rwxat
mobileprint system::vconf rwxat
mobileprint ug-email-viewer-efl rwxat
mobileprint webkit2-efl rx
net.wifi-qs com.samsung.gallery x
nfc-share-service com.samsung.gallery rw
oma-ds-agent com.samsung.gallery rwx
oma-ds-agent org.tizen.camera-app rwx
oma-ds-agent org.tizen.email rwx
oma-ds-agent org.tizen.message rwx
oma-ds-agent system::use_internet rwx
root 57r43275q7 rw
root System rw
root User rw
root ^ rw
root cp7ipabg4k rw
root deviced rw
root libug-phone rw
root oma-dm-agent rw
root oma-ds-agent rw
root org.tizen.bt-syspopup rw
root org.tizen.calculator rw
root org.tizen.call rw
root org.tizen.clock rw
root org.tizen.contacts rw
root org.tizen.contacts-viewer rw
root org.tizen.email rw
root org.tizen.gallery rw
root org.tizen.indicator rw
root org.tizen.lockscreen rw
root org.tizen.memo rw
root org.tizen.message rw
root org.tizen.mobileprint rw
root org.tizen.music-player rw
root org.tizen.myfile rw
root org.tizen.phone rw
root org.tizen.quickpanel rw
root org.tizen.setting rw
root org.tizen.smartsearch rw
root org.tizen.video-player rw
root osp-installer rw
root privilege-checker rw
root tizenprv00.privacy-popup rw
root ug-image-viewer-efl rw
root ug-setting-manage-applications-efl rw
root ug_bluetooth rw
root usb-server rw
stest-service org.tizen.call rx
stest-service org.tizen.camera-app rx
stest-service org.tizen.email rx
stest-service org.tizen.indicator rx
stest-service org.tizen.pwlock rx
system::use_internet com.samsung.gallery w
system::use_internet e17 w
system::use_internet oma-ds-agent rwx
system::use_internet org.tizen.camera-app w
system::use_internet org.tizen.email w
system::use_internet org.tizen.message w
tts-server org.tizen.email rw
ui-gadget::client org.tizen.camera-app rw
vcs-server org.tizen.call rw
webkit2-efl com.samsung.gallery x
webkit2-efl org.tizen.email rwx
--8<---------------cut here---------------end--------------->8---

Łukasz Stelmach
Samsung R&D Institute Poland
Samsung Electronics
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 489 bytes
Desc: not available
URL: <http://lists.tizen.org/pipermail/dev/attachments/20131219/372fbc22/attachment-0001.sig>

More information about the Dev mailing list