Skip to content
This repository has been archived by the owner. It is now read-only.

/ bugs Archived

SELinux missing access vector with systemd #1682

Closed
pizzarabe opened this issue Nov 29, 2016 · 0 comments
Closed

SELinux missing access vector with systemd #1682

pizzarabe opened this issue Nov 29, 2016 · 0 comments
Assignees
@mjg59
Labels
area/security component/selinux kind/bug priority/P1 team/os

Comments

@pizzarabe
Copy link

@pizzarabe pizzarabe commented Nov 29, 2016

Issue Report

Bug

Using SELinux (configured with the docs https://coreos.com/os/docs/latest/selinux.html) systemd-analyze critical-chain is not working in enforcing.

With the help of #selinux we were able to find

USER_AVC pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 msg='Unknown permission status for class system exe="/usr/lib64/systemd/systemd" sauid=0 hostname=? addr=? terminal=?

According to them:

the "start stop status reload" access vector permissions have to be associated with the "system" security class in the "access_vectors" file of the coreos selinux policy

CoreOS Version

NAME=CoreOS
ID=coreos
VERSION=1185.3.0
VERSION_ID=1185.3.0
BUILD_ID=2016-11-01-0605
PRETTY_NAME="CoreOS 1185.3.0 (MoreOS)"
ANSI_COLOR="1;32"
HOME_URL="https://coreos.com/"
BUG_REPORT_URL="https://github.com/coreos/bugs/issues"
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@mjg59 mjg59

Labels
area/security component/selinux kind/bug priority/P1 team/os
Projects
None yet
Milestone
No milestone
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
3 participants
@crawford @mjg59 @pizzarabe
You can’t perform that action at this time.