New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

SELinux missing access vector with systemd #1682

Closed
pizzarabe opened this Issue Nov 29, 2016 · 0 comments

Comments

Projects
None yet
3 participants
@pizzarabe

pizzarabe commented Nov 29, 2016

Issue Report

Bug

Using SELinux (configured with the docs https://coreos.com/os/docs/latest/selinux.html) systemd-analyze critical-chain is not working in enforcing.

With the help of #selinux we were able to find

USER_AVC pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 msg='Unknown permission status for class system exe="/usr/lib64/systemd/systemd" sauid=0 hostname=? addr=? terminal=?

According to them:

the "start stop status reload" access vector permissions have to be associated with the "system" security class in the "access_vectors" file of the coreos selinux policy

CoreOS Version

NAME=CoreOS
ID=coreos
VERSION=1185.3.0
VERSION_ID=1185.3.0
BUILD_ID=2016-11-01-0605
PRETTY_NAME="CoreOS 1185.3.0 (MoreOS)"
ANSI_COLOR="1;32"
HOME_URL="https://coreos.com/"
BUG_REPORT_URL="https://github.com/coreos/bugs/issues"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment