- Desktop
- Enterprise
- Gaming
- Graphics
- Hardware
- Linux Kernel
- Multimedia
- Operating Systems
- Programming
- System Internals
- All Projects
- Latest News
- pg_combinebackup: Add --version to --help output
- PostgreSQL: Support SSL_R_VERSION_TOO_LOW when using LibreSSL
- avcodec/mediacodecenc: Add global header support
- tdf#159660: also add normal blend filter
- Linux Kernel: Linux 6.9-rc5
- WINE: Release 9.7.
- Sync psm/evdev/atkbd with FreeBSD
- lavfi: Add pad_vaapi filter
- Latest News (cont.)
- lavfi: Add drawbox_vaapi filter
- Linux Kernel: Linux 6.9-rc4
- Embind: support .implement()-based JS UNO objects
- tdf#33603: sd: rework notes panel
- xwayland: Add SourceValidate hook
- UPower: Release 1.90.4
- timezone: sync to TZDB 2024a
- Linux Kernel: Linux 6.9-rc3
- Optimize pg_popcount() with AVX-512 instructions
- Enhance nbtree ScalarArrayOp execution
- Add basic JSON_TABLE() functionality
Featured content is also available via:
journald: add CAP_MAC_OVERRIDE in journald for SMACK issue
System Internals / systemd - Juho Son [samsung.com] - 22 October 2014 12:12 UTC
systemd-journald check the cgroup id to support rate limit option for every messages. so journald should be available to access cgroup node in each process send messages to journald. In system using SMACK, cgroup node in proc is assigned execute label as each process's execute label. so if journald don't want to denied for every process, journald should have all of access rule for all process's label. It's too heavy. so we could give special smack label for journald te get all accesses's permission. '^' label. When assign '^' execute smack label to systemd-journald, systemd-journald need to add CAP_MAC_OVERRIDE capability to get that smack privilege.
so I want to notice this information and set default capability to journald whether system use SMACK or not. because that capability affect to only smack enabled kernel
f2a474a journald: add CAP_MAC_OVERRIDE in journald for SMACK issue
units/systemd-journald.service.in | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
Upstream: github.com
Related systemd Activity
- journald: make sure we retain all stream fds across restarts (#6348)
Michal Sekletar - journald: make reading /dev/kmsg optional (#6362)
Susant Sahani - journald: allow restarting journald without losing stream connections
Lennart Poettering - journald: process SIGBUS for the memory maps we set up
Lennart Poettering
Share
- Tweet
Recent systemd Activity
- hwdb: add Medion Akoya E2228T MD61900 (#18317)
corvusnix - varlink: make 'userdata' pointer inheritance from varlink server to connection optional
Lennart Poettering - udev: use DEFINE_MAIN_FUNCTION in cdrom_id
Dan Streetman - network: add support to RoutingPolicyRule lookup table name
Susant Sahani - resolved: fix use-after-free with queries hitting the cache
Zbigniew Jędrzejewski-Szmek