Skip to:

  1. Skip to Jira Navigation
  2. Skip to Side Navigation
  3. Skip to Main Content

named/bind forbiden write on root partition

Description

Just testing the last FF candidate on my Minnow and I see in the boot log that Smack stops named/bind to access the root partition.

The error is persitant to reboot.

First boot

==========

audit: type=1400 audit(1536228756.161:2): lsm=SMACK fn=smack_inode_permission action=denied subject="System" object="_" requested=w pid=811 comm="named" name="bind" dev="mmcblk2p2" ino=1574464
audit: type=1300 audit(1536228756.161:2): arch=c000003e syscall=21 success=no exit=-13 a0=55d9e6531755 a1=2 a2=7fca047a2020 a3=0 items=0 ppid=798 pid=811 auid=4294967295 uid=987 gid=987 euid=987 sui)
audit: type=1327 audit(1536228756.161:2): proctitle=2F7573722F7362696E2F6E616D6564002D750062696E64

 

Second boot

===========

audit: type=1006 audit(1536228746.736:2): pid=356 uid=0 subj=System old-auid=4294967295 auid=0 tty=(none) old-ses=4294967295 ses=1 res=1
audit: type=1006 audit(1536228747.018:3): pid=377 uid=0 subj=System old-auid=4294967295 auid=0 tty=(none) old-ses=4294967295 ses=2 res=1
audit: type=1400 audit(1536228747.018:4): lsm=SMACK fn=smack_key_permission action=denied subject="System" object="_" requested=w pid=377 comm="(systemd)" key_serial=831371642 key_desc="_uid.0"
audit: type=1300 audit(1536228747.018:4): arch=c000003e syscall=250 success=no exit=-13 a0=8 a1=fffffffc a2=fffffffd a3=0 items=0 ppid=1 pid=377 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=)
audit: type=1327 audit(1536228747.018:4): proctitle="(systemd)"
audit: type=1400 audit(1536228747.292:5): lsm=SMACK fn=smack_inode_permission action=denied subject="System" object="_" requested=w pid=380 comm="named" name="bind" dev="mmcblk2p2" ino=1574464
audit: type=1300 audit(1536228747.292:5): arch=c000003e syscall=21 success=no exit=-13 a0=5647c996a755 a1=2 a2=7fb9fbc57020 a3=0 items=0 ppid=361 pid=380 auid=4294967295 uid=987 gid=987 euid=987 sui)
audit: type=1327 audit(1536228747.292:5): proctitle=2F7573722F7362696E2F6E616D6564002D750062696E64

Environment

Minnowboard Turbo Master 10 Sept 2018 Boot SD card created with mkefi script.

Activity

Walt Miner 
June 25, 2019 at 3:51 PM

was there a fix pushed to gerrit for this?

jose bollo 
September 18, 2018 at 8:36 AM

This issue is raised by the Smack label of the directory /var/cache/bind

This is a more generic issue in fact: the directory /var has a wrong smack label.

Fixed

Details

Assignee

Reporter

Labels

Contract ID

Components

Affects versions

Priority

Created September 10, 2018 at 9:31 AM
Updated July 9, 2019 at 5:04 PM
Resolved June 20, 2019 at 9:10 AM