Join GitHub today
GitHub is home to over 31 million developers working together to host and review code, manage projects, and build software together.Sign up
CoreOS stable (899.15.0) polkit segfault using selinux #1258
I wanted to setup a selinux secured coreos cluster, but after setting the selinux mode to "enforcing" and restarting the machine, every call to systemd results in polkitd segfaulting.
To enable selinux enforcing I followed the steps here:
First I thought, that this might be an issue on my baremetal installation, but I can reproduce this behavior on plain CoreOS stable (899.15.0) installations on VirtualBox, digitalocean and baremetal.
The selinux integration is a critical requirement for my setup, so any help is very welcome.
Example Output (digitalocean):
Hi, thanks for your reply.
Setting selinux enforcing during runtime works. It also works if you deactivate selinux enforcing temporarily using sudo setenforce 0 and reactivate it right after.
Edit I just started a new digitalocean droplet using 899.15.0 reproducing the issue, but coredumpctl returns no results:
i believe we may be missing an appropriate selinux policy for polkit. unsure why it didn't come up before.
the relevant failure appears to be:
so, mmap fails (due to selinux?) and appears to deref the NULL, so it crashes.
You can work around this for now by doing the following: