Package: selinux-policy-default
Version: 2:2.20110726-12
Severity: normal
Hi,
Booting a system with systemd and SElinux, i have seen the following AVC :
May 5 14:22:36 venser dbus[511]: avc: denied { send_msg } for
msgtype=method_return dest=:1.2 spid=515 tpid=647
scontext=system_u:system_r:systemd_logind_t:s0
tcontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tclass=dbus
I have no idea of why it does try to speak to sshd over dbus. I suspect it to
be due to some pam module used
there, and looking at Fedora policy, there is much more rules regarding dbus
for systemd_logind_t than
on Debian, and there is indeed this one :
allow systemd_logind_t sshd_t : dbus send_msg ;
Without this, pam_systemd complain about :
May 08 16:32:36 venser.ephaone.org sshd[28404]: pam_systemd(sshd:session):
Failed to create session: Access denied
and I guess this prevent pam_systemd from working properly ( ie, you do not
have 1 cgroups hierarchy per user,
no way to kill all the process on logout, etc, etc ).
-- System Information:
Debian Release: 7.0
APT prefers stable
APT policy: (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 3.2.0-4-amd64 (SMP w/1 CPU core)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=ANSI_X3.4-1968)
(ignored: LC_ALL set to C)
Shell: /bin/sh linked to /bin/dash
Versions of packages selinux-policy-default depends on:
ii libpam-modules 1.1.3-7.1
ii libselinux1 2.1.9-5
ii libsepol1 2.1.4-3
ii policycoreutils 2.1.10-9
ii python 2.7.3-4
Versions of packages selinux-policy-default recommends:
ii checkpolicy 2.1.8-2
ii setools 3.3.7-3
Versions of packages selinux-policy-default suggests:
pn logcheck <none>
pn syslog-summary <none>
-- Configuration Files:
/etc/selinux/default/modules/active/file_contexts.local [Errno 13] Permission
denied: u'/etc/selinux/default/modules/active/file_contexts.local'
-- no debconf information
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
