Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list]
Date: Sat, 15 May 2021 17:35:58 +0200
From: bryn1u <m.bryn1u@...il.com>
To: lkrg-users@...ts.openwall.com
Subject: After make install im not able to run lkrg via systemd because of SElinux.

Hey guys,

Have you changed something in lkrg ? I cant runt lkrg on Fresh Centos 8
Stream.

[root@...ton lkrg]# make install
make -C /lib/modules/5.12.1/build M=/root/lkrg modules_install
make[1]: Entering directory '/usr/src/kernels/5.12.1'
  INSTALL /root/lkrg/p_lkrg.ko
  DEPMOD  5.12.1
make[1]: Leaving directory '/usr/src/kernels/5.12.1'
depmod -a
/root/lkrg/scripts/bootup/lkrg-bootup.sh install
 [*] Executing LKRG's bootup installation script
  [+] Systemd detected
       Installing lkrg.service file under /etc/systemd/system directory
       To start lkrg.service please use: systemctl start lkrg
       To enable lkrg.service on bootup please use: systemctl enable
lkrg.service
       Installing lkrg.conf file under /etc/sysctl.d directory
  [+] Done!
[root@...ton lkrg]# systemctl start lkrg
Failed to start lkrg.service: Unit lkrg.service not found.
[root@...ton lkrg]# systemctl enable lkrg
Failed to enable unit: Unit file lkrg.service does not exist.
[root@...ton lkrg]#

*The funny thing is that lkrg.service exist in right place.*

[root@...ton lkrg]#
*[root@...ton lkrg]# setenforce 0*
[root@...ton lkrg]# systemctl start lkrg
[root@...ton lkrg]# systemctl status lkrg
‚óŹ lkrg.service - Linux Kernel Runtime Guard
   Loaded: loaded (/etc/systemd/system/lkrg.service; disabled; vendor
preset: disabled)
   Active: active (exited) since Sat 2021-05-15 17:30:59 CEST; 48s ago
  Process: 2973 ExecStartPost=/sbin/sysctl -p /etc/sysctl.d/lkrg.conf
(code=exited, status=0/SUCCESS)
  Process: 2969 ExecStart=/sbin/modprobe -v p_lkrg (code=exited,
status=0/SUCCESS)
 Main PID: 2969 (code=exited, status=0/SUCCESS)

May 15 17:30:58 proton.edu.pl systemd[1]: Starting Linux Kernel Runtime
Guard...
May 15 17:30:59 proton.edu.pl modprobe[2969]: insmod
/lib/modules/5.12.1/extra/p_lkrg.ko
May 15 17:30:59 proton.edu.pl systemd[1]: Started Linux Kernel Runtime
Guard.

As you can see, when selinux is disabled i can start lkrg service.

*Log from audit.log*

[root@...ton lkrg]# grep -i lkrg /var/log/audit/audit.log
type=AVC msg=audit(1621092405.902:108): avc:  denied  { read } for  pid=1
comm="systemd" name="lkrg.service" dev="dm-0" ino=633837
scontext=system_u:system_r:init_t:s0
tcontext=system_u:object_r:default_t:s0 tclass=file permissive=0
type=AVC msg=audit(1621092409.875:109): avc:  denied  { read } for  pid=1
comm="systemd" name="lkrg.service" dev="dm-0" ino=633837
scontext=system_u:system_r:init_t:s0
tcontext=system_u:object_r:default_t:s0 tclass=file permissive=0
type=AVC msg=audit(1621092658.498:124): avc:  denied  { read } for  pid=1
comm="systemd" name="lkrg.service" dev="dm-0" ino=633837
scontext=system_u:system_r:init_t:s0
tcontext=system_u:object_r:default_t:s0 tclass=file permissive=1
type=AVC msg=audit(1621092658.498:125): avc:  denied  { open } for  pid=1
comm="systemd" path="/etc/systemd/system/lkrg.service" dev="dm-0"
ino=633837 scontext=system_u:system_r:init_t:s0
tcontext=system_u:object_r:default_t:s0 tclass=file permissive=1
type=SERVICE_START msg=audit(1621092659.144:126): pid=1 uid=0
auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0
msg='unit=lkrg comm="systemd" exe="/usr/lib/systemd/systemd" hostname=?
addr=? terminal=? res=success'UID="root" AUID="unset"
type=SERVICE_STOP msg=audit(1621092726.815:129): pid=1 uid=0
auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0
msg='unit=lkrg comm="systemd" exe="/usr/lib/systemd/systemd" hostname=?
addr=? terminal=? res=success'UID="root" AUID="unset"
type=AVC msg=audit(1621092726.816:130): avc:  denied  { read } for  pid=1
comm="systemd" name="lkrg.service" dev="dm-0" ino=633837
scontext=system_u:system_r:init_t:s0
tcontext=system_u:object_r:default_t:s0 tclass=file permissive=0
type=AVC msg=audit(1621092726.817:131): avc:  denied  { read } for  pid=1
comm="systemd" name="lkrg.service" dev="dm-0" ino=633837
scontext=system_u:system_r:init_t:s0
tcontext=system_u:object_r:default_t:s0 tclass=file permissive=0
type=AVC msg=audit(1621092735.011:132): avc:  denied  { read } for  pid=1
comm="systemd" name="lkrg.service" dev="dm-0" ino=633837
scontext=system_u:system_r:init_t:s0
tcontext=system_u:object_r:default_t:s0 tclass=file permissive=0

Someone has any idea where the problem cloud be and why SElinux blocks LKRG
?

Thank you  !
Greetings,

Content of type "text/html" skipped

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.