From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from smtp.sws.net.au (smtp.sws.net.au [144.76.186.9]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 2C7FA29B8C0 for ; Wed, 23 Jul 2025 12:58:04 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=144.76.186.9 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1753275488; cv=none; b=UAYkHanQtwzj5vPZOISNZj3qaMnCnPdTgDGntfwKxfJnRunpITKgx1F3UMw4YaARb/q/qZJWd4oX7U7ZnkpxVn+wKNusx3If2IEn5vcrFZXMykQyFmO5FhAF3hOucQGTcOYXApYWDi0xjIuHMcqWCS6UbBEpQ7x4fvXNCqsq2pc= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1753275488; c=relaxed/simple; bh=HCrBdhsbIP08wRiJ8NXIgkVx/STj3iqX0m+bgJDtJ0s=; h=From:To:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=DEMCxQedf87Wvv/p0Mtn7SmpdcBchzCD0IYVYNlmarLlKpBPkPL8p4ZosYYxBRl8A13Ad3p9t1fTryJSyn+OEpk3A4LRKbBTD0EuVTfea5pdfuVCMRZ5MWJB8u1nxjioBZfTYZ4/WWLjD27ZlPIdkY/k8e7aqi8FcVKmE326uuM= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=coker.com.au; spf=pass smtp.mailfrom=coker.com.au; dkim=pass (1024-bit key) header.d=coker.com.au header.i=@coker.com.au header.b=RJNYR+lm; arc=none smtp.client-ip=144.76.186.9 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=coker.com.au Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=coker.com.au Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=coker.com.au header.i=@coker.com.au header.b="RJNYR+lm" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=coker.com.au; s=2008; t=1753275483; bh=F98j3CdN4pqcduB34CaGKyBI/q1HFtwP2LDxwbFkfp8=; l=1112; h=From:To:Subject:Date:In-Reply-To:References:From; b=RJNYR+lmTCTxbS2qw70S62DBkoE1wRMfKNtiZdnZ9AdbnDIbGrhhmwrRMNMD2uYRW dI1zBaOpVe8MOnaVvxZyVH/U1cZSI0cWrjxz0B/dSvhPtOczQuyyUaRug9C6EEzogL YfGV8aWhN/1p5eeczVOCmVOLtPF0a/HAliINDmJA= Received: from liv.coker.com.au (n175-33-172-140.sun22.vic.optusnet.com.au [175.33.172.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (prime256v1) server-digest SHA256) (No client certificate requested) (Authenticated sender: russell@coker.com.au) by smtp.sws.net.au (Postfix) with ESMTPSA id 35CAE11343; Wed, 23 Jul 2025 22:58:01 +1000 (AEST) From: Russell Coker To: SELinux Reference Policy mailing list , Chris PeBenito Subject: Re: systemd and dontaudit Date: Wed, 23 Jul 2025 22:57:56 +1000 Message-ID: <12737856.O9o76ZdvQC@dojacat> In-Reply-To: <2ee08e8f-59f4-418d-ab5e-01e0addaf17b@ieee.org> References: <13022276.O9o76ZdvQC@xev> <2ee08e8f-59f4-418d-ab5e-01e0addaf17b@ieee.org> Precedence: bulk X-Mailing-List: selinux-refpolicy@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: 7Bit Content-Type: text/plain; charset="utf-8" On Wednesday, 23 July 2025 22:37:09 AEST Chris PeBenito wrote: > On 7/22/2025 8:15 PM, Russell Coker wrote: > > kernel_dontaudit_getattr_proc(systemd_logind_t) > > > > The above hides the fact that systemd-logind wants to statfs /proc and > > that > > can cause it to abort in some situations, to refuse to respond to dbus > > requests, and to delay all logins by 25 seconds. > > Can you elaborate on what one of those failing situations is? It only happened repeatedly on one of my systems. I think that triggering that particular condition required multiple settings, so just not allowing statfs isn't necessarily enough, some other combination of things allowed and denied seemed necessary to get it into that state. The one system that had this had it persist across reboots but other systems never had it. I had seen it briefly happen on other systems but a reboot fixed it. I didn't put as much effort into investigating this as I might have because the access in question is fairly innocuous. -- My Main Blog http://etbe.coker.com.au/ My Documents Blog http://doc.coker.com.au/