Package: selinux-policy-default Version: 2:2.20161023.1-10 Severity: normal
Dear Debian folks, Running `systemd-analyze critical-chain` and `systemctl status sysstat` – even as root – fails. ``` $ sudo systemd-analyze critical-chain Failed to parse reply: Access denied $ sudo systemctl status sysstat Failed to get properties: Access denied ``` The messages below are logged in `/var/log/audit/audit.log`. ``` type=USER_AVC msg=audit(1502388774.763:469093): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='avc: denied { status } for auid=1000 uid=0 gid=0 path="/etc/init.d/sysstat" cmdline="systemd-analyze critical-chain" scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysstat_initrc_exec_t:s0 tclass=service exe="/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?' […] type=USER_AVC msg=audit(1502388969.411:469366): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='avc: denied { status } for auid=1000 uid=0 gid=0 path="/etc/init.d/sysstat" cmdline="systemctl status sysstat" scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysstat_initrc_exec_t:s0 tclass=service exe="/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?' ``` The labels of some files in `/etc/init.d/` also differ. Some are just labeled with `initrc_exec_t`, while others seem to have their name in it. ``` -rwxr-xr-x. 1 root root system_u:object_r:sysstat_initrc_exec_t:s0 1597 May 25 20:26 sysstat ``` For “services”, like xinetd, whose label is `initrc_exec_t`, `systemctl status` works. Thanks, Paul
signature.asc
Description: This is a digitally signed message part
_______________________________________________ SELinux-devel mailing list SELinux-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/selinux-devel