Menu
▾
▴
[Linux-ima-user] Getting an error with file created by systemd-logind
|
From: Curtis V. <cu...@vp...> - 2015-07-08 17:46:45
|
Hi, I'm looking for help understanding an error (shown below). The "tasks" files created by systemd-logind that give the error are shown by "file" to be "empty" and by "mimetype -b -M" to be "text/plain" and ownership and perms are root:root 644. These seems to work most of the time but are occasionally created or updated without hashes. If it fails it continues to fail afterward even though it is creating new directories and files. Does anyone have suggestions for a proper fix? I wondered if this is a bug in systemd-logind (running ubuntu 14.04), or if I missed a fsmagic number I should have included in the list of "dont_measure" "dont_appraise" or if I should somehow have the system ignore /proc and /sys if I cannot find a solution? Here are the errors in kern.log Jul 7 20:57:48 irms-25276 kernel: [ 56.330439] audit: type=1800 audit(1436302668.756:51): pid=981 uid=0 auid=4294967295 ses=4294967295 op="appraise_data" cause="missing-hash" comm="systemd-logind" name="/sys/fs/cgroup/systemd/user/1000.user/1.session/tasks" dev="cgroup" ino=21 res=0 Jul 7 20:57:51 irms-25276 kernel: [ 59.313945] audit: type=1800 audit(1436302671.736:52): pid=981 uid=0 auid=4294967295 ses=4294967295 op="appraise_data" cause="missing-hash" comm="systemd-logind" name="/sys/fs/cgroup/systemd/user/1000.user/c1.session/tasks" dev="cgroup" ino=26 res=0 Jul 7 21:02:23 irms-25276 kernel: [ 331.666603] audit: type=1800 audit(1436302943.733:53): pid=981 uid=0 auid=4294967295 ses=4294967295 op="appraise_data" cause="missing-hash" comm="systemd-logind" name="/sys/fs/cgroup/systemd/user/1000.user/tasks" dev="cgroup" ino=16 res=0 Currently my "dont" list in policy is as follows: # Default Rules dont_measure fsmagic=0x9fa0 dont_appraise fsmagic=0x9fa0 dont_measure fsmagic=0x62656572 dont_appraise fsmagic=0x62656572 dont_measure fsmagic=0x64626720 dont_appraise fsmagic=0x64626720 dont_measure fsmagic=0x01021994 dont_appraise fsmagic=0x01021994 dont_measure fsmagic=0x858458f6 dont_appraise fsmagic=0x858458f6 dont_measure fsmagic=0x73636673 dont_appraise fsmagic=0x73636673 Comments and suggestions are always appreciated. Best regards, Curtis |
