SELinux Mailing List - NSA/CSS

Skip All Menus Skip Top Menu

Top Navigation Menus

Skip Research Menus

Research Menu

Research Security Enhanced Linux What's New Frequently Asked Questions Background Documents License Download Participating Mail List Archives Remaining Work Contributors Related Work Press Releases Information Assurance Research NIARL In-house Research Areas Mathematical Sciences Program Sabbaticals Computer & Information Sciences Research Technology Transfer Advanced Computing Advanced Mathematics Communications & Networking Information Processing Microelectronics Other Technologies Technology Fact Sheets Publications Related Links	Skip Search Box Searchbox SELinux Mailing List cdrecord deadlocks linux 2.6.8.1 (problem in setscheduler) This message: [ Message body ] [ More options ] Related messages: [ Next message ] [ Previous message ] [ Next in thread ] [ Replies ] From: Thomas Bleher <bleher_at_informatik.uni-muenchen.de> Date: Mon, 18 Oct 2004 14:43:32 +0200 cdrecord deadlocks linux 2.6.8.1: I have just written selinux policy for cdrecord. While writing this policy cdrecord constantly locked up the computer (even in permissive mode). When booting with selinux=0 the problem went away. After digging around for a while, the following seems to be happening: * cdrecord calls sched_setscheduler() setscheduler (in kernel/sched.c) asks for CAP_SYS_NICE cdrecord doesn't have this capability selinux generates an audit message ==> deadlock When I grant cdrecord CAP_SYS_NICE everything works fine. I think SELinux shouldn't generate a log message in this case; like it is already suppressed for setsched. To test, add the attached policy, remove sys_nice from the allowed caps and simply call cdrecord without parameters. Thomas -- http://www.cip.ifi.lmu.de/~bleher/selinux/ - my SELinux pages GPG-Fingerprint: BC4F BB16 30D6 F253 E3EA D09E C562 2BAE B2F4 ABE7 -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message. text/plain attachment: cdrecord.patch Received on Mon 18 Oct 2004 - 08:49:43 EDT This message: [ Message body ] Next message: Colin Walters: "Re: writing rules to disallow a domain to read particular files" Previous message: Russell Coker: "nscd policy" Next in thread: Stephen Smalley: "Re: cdrecord deadlocks linux 2.6.8.1 (problem in setscheduler)" Reply: Stephen Smalley: "Re: cdrecord deadlocks linux 2.6.8.1 (problem in setscheduler)" Reply: Luke Kenneth Casson Leighton: "Re: cdrecord deadlocks linux 2.6.8.1 (problem in setscheduler)" Maybe reply: Stephen Smalley: "Re: cdrecord deadlocks linux 2.6.8.1 (problem in setscheduler)" Maybe reply: Chris Wright: "Re: cdrecord deadlocks linux 2.6.8.1 (problem in setscheduler)" Maybe reply: Stephen Smalley: "Re: cdrecord deadlocks linux 2.6.8.1 (problem in setscheduler)" Maybe reply: Stephen Smalley: "Re: cdrecord deadlocks linux 2.6.8.1 (problem in setscheduler)" Maybe reply: Chris Wright: "Re: cdrecord deadlocks linux 2.6.8.1 (problem in setscheduler)" Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]
	Date Posted: Jan 15, 2009 \| Last Modified: Jan 15, 2009 \| Last Reviewed: Jan 15, 2009

bottom