[Dev] smack setup incomplete, systemd-journal fails

Łukasz Stelmach l.stelmach at samsung.com
Thu Dec 19 18:26:39 GMT 2013


It was <2013-12-19 czw 18:26>, when Schaufler, Casey wrote:
>> -----Original Message-----
>> From: Łukasz Stelmach [mailto:l.stelmach at samsung.com]
>> Sent: Thursday, December 19, 2013 9:19 AM
>> To: Schaufler, Casey
>> Cc: dev at lists.tizen.org
>> Subject: Re: [Dev] smack setup incomplete, systemd-journal fails
>> 
>> It was <2013-12-19 czw 17:32>, when Schaufler, Casey wrote:
>> > -----Original Message-----
>> > From: Łukasz Stelmach [mailto:l.stelmach at samsung.com]
>> > Sent: Thursday, December 19, 2013 12:58 AM
>> >> It was <2013-12-18 śro 20:31>, when Schaufler, Casey wrote:
>> >>>> -----Original Message-----
>> >>>> From: dev-bounces at lists.tizen.org
>> >>>> [mailto:dev-bounces at lists.tizen.org] On Behalf Of Lukasz Stelmach
>> >>>> Sent: Wednesday, December 18, 2013 9:52 AM
>> >>>>
>> >>>> Hi,
>> >>>>
>> >>>> I've got quite a recent RD-PQ image: tizen_20131217.8. There is a
>> >>>> problem with systemd-journald failing to start because
>> >>>
>> >>> Where did you get this image? What are you running it on?
>> >>
>> >> http://download.tizen.org/snapshots/tizen/rd-pq/tizen_20131217.8/
>> >>
>> 
>> [...]
>> 
>> >> >> + "Failed to open runtime journal: No such file or directory"
>> >> >
>> >> > This is most likely the Smack label on /var/log. A fix is in the
>> >> > works for the general problem of /var/log. A temporary workaround
>> >> > is
>> >> >
>> >> > 	chsmack -a '*' /var/log
>> >>
>> >> "Runtime journal" is in /run/log. And there is no /run/log directory
>> >> which may suggest journald is unable to create it.
>> >>
>> >> root:~> chsmack /run
>> >> /run access="_"
>> >
>> > This is a clear indication that systemd is not mounting /run.
>> > When systemd mounts /run it uses the smackfstransmute option to set
>> > the hierarchy to System::Run.
>> 
>> [   20.297116] tmpfs: Bad mount option smackfstransmute
>> 
>> Apparently I need to back-port it.
>
> There is a set of kernel patches required.
> Look at the ivi kernel change log.
> The base kernel version that mobile uses will of course impact which patches are required.

Correct me if I am wrong:

git log --format=oneline $(git merge-base  tizen-mobile/tizen tizen-ivi/tizen)..tizen-ivi/tizen -- security/smack/

shows I need to take these

e830b394 Smack: Add smkfstransmute mount option
2f823ff8 Smack: Improve access check performance
c6739443 Smack: Local IPv6 port based controls

to get what I need these assuming tizen-mobile and tizen-ivi are respectively.

git://review.tizen.org/platform/kernel/linux-3.10.git
git://review.tizen.org/profile/ivi/kernel-x86-ivi.git

The patches apply cleanly. I will see tomorrow if they work

>> --8<---------------cut here---------------start------------->8---
>> commit e830b39412ca2bbedd7508243f21c04d57ad543c
>> Author: Casey Schaufler <casey at schaufler-ca.com>
>> Date:   Wed May 22 18:43:07 2013 -0700
>> 
>>     Smack: Add smkfstransmute mount option
>> --8<---------------cut here---------------end--------------->8---

Best regards,
-- 
Łukasz Stelmach
Samsung R&D Institute Poland
Samsung Electronics
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 489 bytes
Desc: not available
URL: <http://lists.tizen.org/pipermail/dev/attachments/20131219/8fc980f4/attachment.sig>


More information about the Dev mailing list