From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from smtp.sws.net.au (smtp.sws.net.au [144.76.186.9]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 49BA1A59 for ; Wed, 23 Jul 2025 00:15:42 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=144.76.186.9 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1753229745; cv=none; b=OS6IxQYXta50IL7VSD68YUW3BlUoBlhaouDP4m+bUfK2M5GltKpEkqom//u3d4BMRhd/rdIpXXMWNM3cET48DPWZasd3FSc5auzZGbmA5EyVEwtVC15u9g/IaRy/ZYh3/yodeUkHhuNrwaC4ZHDBrXBJOn9GIuwIAKwRVzpXS+s= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1753229745; c=relaxed/simple; bh=P0lv1ngml9We6QzEou3fBzgkTIh5S9TbdqzjK2sF270=; h=From:To:Subject:Date:Message-ID:MIME-Version:Content-Type; b=iOFuOzd5ICnXc9qdAwiCYi0cK9Dsuzeqe9+jxpFjMOcjRc/dFbUSa0X1N7la9CQpfn3+Vt7mTdKn1PMCZeDVlfoRiQPm5UI3UDDAZwzTVbbrScEcIWu5u4w2pQISXbA2rLAQpebKNfUCEHYDMpq931pihtQfgYASlbbW0JuR39o= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=coker.com.au; spf=pass smtp.mailfrom=coker.com.au; dkim=pass (1024-bit key) header.d=coker.com.au header.i=@coker.com.au header.b=hyabj+2A; arc=none smtp.client-ip=144.76.186.9 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=coker.com.au Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=coker.com.au Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=coker.com.au header.i=@coker.com.au header.b="hyabj+2A" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=coker.com.au; s=2008; t=1753229735; bh=mgPANG4CyLi4wzmWTOokUNt3JFYRfoksp7JAEqBcyaw=; l=528; h=From:To:Reply-To:Subject:Date:From; b=hyabj+2AX6Q/lNGdS1euC56GJwZzKm59Uob/YeM8o29p+emO3OB5Y7j1201diInak ktz+X0yqNsIYTahr2YAX844x7kMlSnqjZPoZ8C5AVMSeekSmmYJp7R/XYRorZBhQBL mGJR7ehV1LZAuy/s6LCI+Sw+0nsJxvdZIrWfZlxQ= Received: from xev.localnet (n175-33-172-140.sun22.vic.optusnet.com.au [175.33.172.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (prime256v1) server-digest SHA256) (No client certificate requested) (Authenticated sender: russell@coker.com.au) by smtp.sws.net.au (Postfix) with ESMTPSA id 936F0F665 for ; Wed, 23 Jul 2025 10:15:34 +1000 (AEST) From: Russell Coker To: SELinux Reference Policy mailing list Reply-To: russell@coker.com.au Subject: systemd and dontaudit Date: Wed, 23 Jul 2025 10:15:24 +1000 Message-ID: <13022276.O9o76ZdvQC@xev> Precedence: bulk X-Mailing-List: selinux-refpolicy@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: 7Bit Content-Type: text/plain; charset="utf-8" kernel_dontaudit_getattr_proc(systemd_logind_t) The above hides the fact that systemd-logind wants to statfs /proc and that can cause it to abort in some situations, to refuse to respond to dbus requests, and to delay all logins by 25 seconds. https://github.com/SELinuxProject/refpolicy/pull/995 I fixed it in this PR, but I think that perhaps we should allow all systemd processes to statfs /proc to avoid future problems. -- My Main Blog http://etbe.coker.com.au/ My Documents Blog http://doc.coker.com.au/