[Dev] [Tizen 4.0/Security] How to resolve SMACK audit problems.

Hee-cheol Yang heecheol.yang at outlook.com
Sun Dec 31 05:44:34 UTC 2017


Hello.
Some of you may remember I am trying to run Tizen 4.0 on my single board computer, but I still couldn’t display anything on my LCD.
However, now it seems that I found what I have to do like followings:


  1.  Install my SOC’s GPU driver(SGX driver) and libdrm to test it.
  2.  Replace the original TBM/TDM backends (for exynos) with libtdm-dumb and libtbm-drm to use SGX driver.
  3.  Use dlogutil TBM/DBM to resolve the next problems…

I started porting sequence from this image<http://download.tizen.org/releases/daily/tizen/unified/tizen-unified_20171228.4/images/standard/mobile-wayland-armv7l-tm2/> that I downloaed from ‘release.tizen.org”. (Tizen 4.0 image for mobile-wayland-armv7l-tm2). I created image via MIC and flashed it with ‘dd’ command.
However, I tested this image with my SMACK enabled kernel (4.4version), there were a lot of SMACK audit message like below;
Also, because the TI-provided GPU driver installer should be run on my board (not host), I need to find the way to change smack policy on my board.

In summary, could you give some advices once again for these questions?:

  1.  The way to change SMACK policies for files that I have to install on my board such as device drivers.
  2.  The reasony why the original Tizen-privided programs such as “key-manager” or “contextd” violate SMACK policy, and how to resolve it.

Thank you very much in advance and happy new year!

Best Regards.
Heecheol Yan.g

P.S: following is part of my booting log. It would be very appreciate if someone check it.
Thanks a lot!


'systemctl status display-manager.service' for details.
[  OK  ] Started Smart Traffic Control Iptables.
[  OK  ] Started Cynara service.
[  OK  ] Started Start cynara agent that pro...ctions for license verification.
[  OK  ] Started D-Bus System Message Bus.
[  OK  ] Started Alarm server.
[  OK  ] Started Accounts service.
[  OK  ] Started Sensor Daemon.
[  OK  ] Started System storage daemon.

localhost login: [   19.693524] resize2fs[384]: resize2fs 1.43.4 (31-Jan-2017)
[   19.760305] resize2fs[384]: The filesystem is already 932864 (4k) blocks long.  Nothing to do!
[   19.954640] cgroup: cgroup: disabling cgroup2 socket matching due to net_prio or net_cls activation
[   20.458290] ln[396]: /bin/ln: creating symbolic link `/etc/systemd/system/resize2fs at dev-disk-by\\x2dlabel-rootfs.service': Read-only file system
[   26.130936] audit: type=1701 audit(1469476208.920:3): auid=4294967295 uid=444 gid=402 ses=4294967295 subj=System pid=437 comm="key-manager" exe="/usr/bin/key-manager" sig=11 res=1
[   26.232382] net eth0: initializing cpsw version 1.12 (0)
[   26.240908] cpsw 4a100000.ethernet: initialized cpsw ale version 1.4
[   26.250283] cpsw 4a100000.ethernet: ALE Table size 1024
[   26.671079] SMSC LAN8710/LAN8720 4a101000.mdio:00: attached PHY driver [SMSC LAN8710/LAN8720] (mii_bus:phy_addr=4a101000.mdio:00, irq=POLL)
[   26.821931] IPv6: ADDRCONF(NETDEV_UP): eth0: link is not ready
[   29.283022] audit: type=1701 audit(1469476212.072:4): auid=4294967295 uid=444 gid=402 ses=4294967295 subj=System pid=491 comm="key-manager" exe="/usr/bin/key-manager" sig=11 res=1

localhost login: [   29.533355] audit: type=1006 audit(1469476212.160:5): pid=505 uid=0 subj=User old-auid=4294967295 auid=5001 tty=(none) old-ses=4294967295 ses=1 res=1
[   29.860051] cpsw 4a100000.ethernet eth0: Link is Up - 100Mbps/Full - flow control rx/tx
[   29.985203] IPv6: ADDRCONF(NETDEV_CHANGE): eth0: link becomes ready
[   31.127517] audit: type=1701 audit(1469476213.916:6): auid=4294967295 uid=651 gid=651 ses=4294967295 subj=System pid=413 comm="contextd" exe="/usr/bin/contextd" sig=6 res=1

localhost login:
localhost login: [   32.900047] audit: type=1701 audit(1469476215.688:7): auid=4294967295 uid=444 gid=402 ses=4294967295 subj=System pid=518 comm="key-manager" exe="/usr/bin/key-manager" sig=11 res=1
root
Password: [   34.939955] audit: type=1701 audit(1469476217.728:8): auid=4294967295 uid=651 gid=651 ses=4294967295 subj=System pid=537 comm="contextd" exe="/usr/bin/contextd" sig=6 res=1

[   35.185897] audit: type=1006 audit(1469476217.868:9): pid=240 uid=0 subj=System old-auid=4294967295 auid=0 tty=ttyS0 old-ses=4294967295 ses=2 res=1
Welcome to Tizen
[   36.046204] audit: type=1701 audit(1469476218.836:10): auid=4294967295 uid=444 gid=402 ses=4294967295 subj=System pid=563 comm="key-manager" exe="/usr/bin/key-manager" sig=11 res=1
root at localhost:~# [   37.564845] audit: type=1701 audit(1469476220.352:11): auid=4294967295 uid=651 gid=651 ses=4294967295 subj=System pid=599 comm="contextd" exe="/usr/bin/contextd" sig=6 res=1
[   38.150316] audit: type=1701 audit(1469476220.940:12): auid=4294967295 uid=444 gid=402 ses=4294967295 subj=System pid=622 comm="key-manager" exe="/usr/bin/key-manager" sig=11 res=1
[   39.877237] audit: type=1701 audit(1469476222.664:13): auid=4294967295 uid=651 gid=651 ses=4294967295 subj=System pid=650 comm="contextd" exe="/usr/bin/contextd" sig=6 res=1
[   40.462909] audit: type=1701 audit(1469476223.252:14): auid=4294967295 uid=444 gid=402 ses=4294967295 subj=System pid=661 comm="key-manager" exe="/usr/bin/key-manager" sig=11 res=1
[   41.960612] audit: type=1701 audit(1469476224.748:15): auid=4294967295 uid=651 gid=651 ses=4294967295 subj=System pid=698 comm="contextd" exe="/usr/bin/contextd" sig=6 res=1
[   42.261807] audit: type=1701 audit(1469476225.048:16): auid=4294967295 uid=444 gid=402 ses=4294967295 subj=System pid=710 comm="key-manager" exe="/usr/bin/key-manager" sig=11 res=1
[   43.507807] audit: type=1701 audit(1469476226.296:17): auid=4294967295 uid=651 gid=651 ses=4294967295 subj=System pid=741 comm="contextd" exe="/usr/bin/contextd" sig=6 res=1
[   43.753304] audit: type=1701 audit(1469476226.540:18): auid=4294967295 uid=444 gid=402 ses=4294967295 subj=System pid=748 comm="key-manager" exe="/usr/bin/key-manager" sig=11 res=1
[   44.562007] audit: type=1701 audit(1469476227.352:19): auid=4294967295 uid=651 gid=651 ses=4294967295 subj=System pid=772 comm="contextd" exe="/usr/bin/contextd" sig=6 res=1
[   44.707718] audit: type=1701 audit(1469476227.496:20): auid=4294967295 uid=444 gid=402 ses=4294967295 subj=System pid=775 comm="key-manager" exe="/usr/bin/key-manager" sig=11 res=1
[   45.523248] audit: type=1701 audit(1469476228.312:21): auid=4294967295 uid=444 gid=402 ses=4294967295 subj=System pid=790 comm="key-manager" exe="/usr/bin/key-manager" sig=11 res=1
[   45.679296] audit: type=1701 audit(1469476228.344:22): auid=4294967295 uid=651 gid=651 ses=4294967295 subj=System pid=792 comm="contextd" exe="/usr/bin/contextd" sig=6 res=1
[   46.426657] audit: type=1701 audit(1469476229.216:23): auid=4294967295 uid=651 gid=651 ses=4294967295 subj=System pid=810 comm="contextd" exe="/usr/bin/contextd" sig=6 res=1
[   46.558867] audit: type=1701 audit(1469476229.260:24): auid=4294967295 uid=444 gid=402 ses=4294967295 subj=System pid=811 comm="key-manager" exe="/usr/bin/key-manager" sig=11 res=1
[   47.298035] audit: type=1701 audit(1469476230.088:25): auid=4294967295 uid=444 gid=402 ses=4294967295 subj=System pid=827 comm="key-manager" exe="/usr/bin/key-manager" sig=11 res=1
[   47.416991] audit: type=1701 audit(1469476230.136:26): auid=4294967295 uid=651 gid=651 ses=4294967295 subj=System pid=828 comm="contextd" exe="/usr/bin/contextd" sig=6 res=1
[   51.875141] kauditd_printk_skb: 1 callbacks suppressed
[   51.875149] audit: type=1006 audit(1469476234.664:28): pid=457 uid=0 subj=System old-auid=4294967295 auid=5001 tty=(none) old-ses=4294967295 ses=3 res=1

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.tizen.org/pipermail/dev/attachments/20171231/036b9cf0/attachment-0001.html>


More information about the Dev mailing list