Roger Maclean
|
Re: 'dumper' running on non-root does not work without secpogenerate
|
Roger Maclean
06/28/2019 8:31 AM
post119770
|
Re: 'dumper' running on non-root does not work without secpogenerate
It's not completely clear to me what you've done. You need to set LD_PRELOAD only when you’re using secpolgenerate
since its purpose is to communicate to secpolgenerate information about procmgr_ability calls.
Does log_1 represent the behavior when you're running the system without secpolgenerate using the generated policy?
Even if run with the -U option, dumper will run as root at times since it needs to acquire additional privileges when it
dumps a core file. So if you did happen to catch it after something crashed, this might be perfectly normal.
On 2019-06-28, 7:41 AM, "Gauresh Badve" <community-noreply@qnx.com> wrote:
Thank you for the solution.
Yes the environment variable "LD_PRELOAD" was not set to /proc/boot/secpol-preload.so. After adding the following
change:
LD_PRELOAD=/proc/boot/secpol-preload.so
I could see that "pidin ar" command shows the dumper running as below
pid Arguments
1 procnto-smp-instr -v -mr
8195 /proc/boot/pipe
12292 /proc/boot/slogger2 -U 111:116
16389 /proc/boot/dumper -U 112
20486 /proc/boot/random -pt -U 113:105
But when I run the command " ps -e -o "user,CMD", I get the output as dumper still running on root. Please find the
below log_1:
USER CMD
0 procnto-smp-instr
110 pipe
111 slogger2
0 dumper
113 random
However with the secpolgenerate enabled I see that dumper running on non-root. Please find the below log_2:
USER CMD
0 procnto-smp-instr
0 secpolgenerate
110 pipe
111 slogger2
112 dumper
113 random
Note: The log_1 uses the same policy generated by the secpolgenerate where we see the dumper running on non-root in
log_2.
_______________________________________________
General
http://community.qnx.com/sf/go/post119769
To cancel your subscription to this discussion, please e-mail general-community-unsubscribe@community.qnx.com
|
|
|