I'm in the (hopefully) final stages of creating the policy module for a
daemon that I've written to monitor my home NAS.
The daemon is started by systemd (init_t) and runs as its own type
(freecusd_t). In order to read the SMART attributes of the NAS drives,
the daemon runs a helper application, which has its own type
(freecusd_smart_t). So:
systemd (init_t) --> freecusd (freecusd_t)
--> freecusd_smart_helper (freecusd_smart_t)
This is all working (although I can't help but think that there's likely
a macro that I could have used to define the helper type that would have
made things a lot easier). Every time that the daemon starts, however,
I'm getting this denial repeated 4 times:
type=AVC msg=audit(1593392372.230:9215): avc: denied { sigchld } for
pid=1 comm="systemd" scontext=system_u:system_r:freecusd_smart_t:s0
tcontext=system_u:system_r:init_t:s0 tclass=process permissive=0
(Note that the daemon spawns the helper repeatedly while it runs, but I
only ever see the denial 4 times when the daemon first starts.)
It appears that the helper process is trying to send SIGCHLD, which
doesn't seem right, as its parent is still running. (I've already given
the helper permission to send SIGCHLD to its parent, freecusd_t.)
Has anyone ever seen this behavior or have any idea what could cause it?
Thanks!
--
========================================================================
In Soviet Russia, Google searches you!
========================================================================
