Change execute label to System to remove smack errors
Jan 01 09:08:55 localhost audit[2765]: AVC lsm=SMACK fn=smack_key_permission action=denied subject="User" object="System::Privileged" requested=r pid=2765 comm="tlm-sessiond" key_serial=
841328352 key_desc="_ses"
Jan 01 09:08:55 localhost audit[2765]: AVC lsm=SMACK fn=smack_inode_permission action=denied subject="User" object="System::Privileged" requested=r pid=2765 comm="tlm-sessiond" name="environ" dev="proc" ino=23193
Jan 01 09:08:55 localhost audit[2765]: AVC lsm=SMACK fn=smack_inode_permission action=denied subject="User" object="System::Privileged" requested=r pid=2765 comm="tlm-sessiond" name="sched" dev="proc" ino=23194
Jan 01 09:08:55 localhost audit[2765]: AVC lsm=SMACK fn=smack_key_permission action=denied subject="User" object="System::Privileged" requested=r pid=2765 comm="tlm-sessiond" key_serial=
185875009 key_desc="_uid.5001"
Jan 01 09:08:55 localhost audit[2765]: AVC lsm=SMACK fn=smack_file_open action=denied subject="User" object="System::Privileged" requested=r pid=2765 comm="tlm-sessiond" path="/opt/var/log/wtmp" dev="mmcblk0p3" ino=822
A tlm-sessiond only create the shell process in /etc/passwd directly, and this shell process does nothing.
So, changing tlm's smack from "User" to "System" does not change user systemd and its associated processes.
===========================================================================================================================
sh-3.2# pstree -p | grep tlm
|-tlm(551)-+-tlm-sessiond(567)-+-bash(622)
| | |-{tlm-sessiond}(569)
| | `-{tlm-sessiond}(572)
| |-{tlm}(565)
| `-{tlm}(566)
sh-3.2# ps -auxZ | grep tlm
User root 551 0.0 0.2 25912 2672 ? Ssl 11:23 0:00 /usr/bin/tlm
User root 567 0.0 0.3 26848 3104 ? Sl 11:23 0:00 /usr/bin/tlm-sessiond
sh-3.2# ps -auxZ | grep 622
User owner 622 0.0 0.1 4628 1068 tty7 Ss+ 11:23 0:00 /bin/bash <== shell process
Change-Id: I7376be55ea57ab187a79ab99721e05e1d8ea38a1
Signed-off-by: Hyotaek Shim <hyotaek.shim@samsung.com>
projects / platform / core / system / tlm.git / commit