Re: [PATCH 2/2] pidfd: add pidfdfs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


> Apologies if this has already been reported or fixed but I did not see
> anything on the mailing list.
> On next-20240221 and next-20240222, with CONFIG_FS_PID=y, some of my
> services such as abrtd, dbus, and polkit fail to start on my Fedora
> machines, which causes further isssues like failing to start network
> interfaces with NetworkManager. I can easily reproduce this in a Fedora
> 39 QEMU virtual machine, which has:
>   # systemctl --version
>   systemd 254 (254.9-1.fc39)

If something fails for completely inexplicable reasons:

Feb 23 12:09:58 fed1 audit[353]: AVC avc:  denied  { read write open } for  pid=353 comm="systemd-userdbd" path="pidfd:[709]" dev="pidfs" ino=709 scontext=system_u:system_r:systemd_userdbd_t:>


pidfd creation can now be mediated by LSMs since we can finally go
through the regular open path. That wasn't possible before but LSM
mediation ability had been requested a few times.

In short, we have to update the selinux policy for Fedora. (Fwiw, went
through the same excercise with nsfs back then.)

I've created a pull-request here:

and filed an issue here:

We have sufficient time to get this resolved and I was assured that this
would be resolved. If we can't get it resolved in a timely manner we'll
default to N for a while until everything's updated but I'd like to
avoid that. I'll track that issue.

[Index of Archives]     [Linux Ext4 Filesystem]     [Union Filesystem]     [Filesystem Testing]     [Ceph Users]     [Ecryptfs]     [NTFS 3]     [AutoFS]     [Kernel Newbies]     [Share Photos]     [Security]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux Cachefs]     [Reiser Filesystem]     [Linux RAID]     [NTFS 3]     [Samba]     [Device Mapper]     [CEPH Development]

  Powered by Linux