/bugs

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

SELinux missing access vector with systemd #1682

Closed
pizzarabe opened this Issue Nov 29, 2016 · 0 comments

Comments

Assignees

@mjg59 mjg59

Labels
Projects
None yet
Milestone
No milestone
3 participants
@pizzarabe @crawford @mjg59
@pizzarabe

pizzarabe commented Nov 29, 2016

Issue Report

Bug

Using SELinux (configured with the docs https://coreos.com/os/docs/latest/selinux.html) systemd-analyze critical-chain is not working in enforcing.

With the help of #selinux we were able to find

USER_AVC pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 msg='Unknown permission status for class system exe="/usr/lib64/systemd/systemd" sauid=0 hostname=? addr=? terminal=?

According to them:

the "start stop status reload" access vector permissions have to be associated with the "system" security class in the "access_vectors" file of the coreos selinux policy

CoreOS Version

NAME=CoreOS
ID=coreos
VERSION=1185.3.0
VERSION_ID=1185.3.0
BUILD_ID=2016-11-01-0605
PRETTY_NAME="CoreOS 1185.3.0 (MoreOS)"
ANSI_COLOR="1;32"
HOME_URL="https://coreos.com/"
BUG_REPORT_URL="https://github.com/coreos/bugs/issues"

@crawford crawford added area/security component/selinux kind/bug priority/P1 team/os labels Nov 29, 2016

@mjg59 mjg59 self-assigned this Nov 30, 2016

mjg59 added a commit to mjg59/coreos-overlay that referenced this issue Dec 20, 2016

@mjg59
sys-apps/systemd: Update to disable selinux permissions checks 
Fix coreos/bugs#1682
31616e4

@mjg59 mjg59 referenced this issue Dec 20, 2016

Merged

sys-apps/systemd: Update to disable selinux permissions checks #2329

mjg59 added a commit to mjg59/coreos-overlay that referenced this issue Dec 20, 2016

@mjg59
sys-apps/systemd: Update to disable selinux permissions checks 
Fix coreos/bugs#1682
90f4e7a

@mjg59 mjg59 closed this in coreos/coreos-overlay#2329 Dec 20, 2016

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment