Bug#775651: systemd: /run/user/$UID directories are created with type tmpfs_t on SE Linux
On Sat, 30 Jan 2016 16:56:43 +0100 Michael Bieblwrote: > On Mon, 19 Jan 2015 10:05:55 +0100 Michael Biebl wrote: > > Am 19.01.2015 um 03:20 schrieb Russell Coker: > > > On Mon, 19 Jan 2015, Michael Biebl wrote: > > >> unfortunately I don't have any selinux knowledge at all, so I don't have > > >> the slightest idea how this (or your earlier bug #775613) should be > > >> addressed. > > >> > > >> Help is most welcome. > > > > > > Would you like me to give you root access on a virtual machine that > > > demonstrates the bugs in question? > > > > Thanks for the kind offer. I'm not sure if it would help, since, as > > said, I don't know anything about selinux. At least not enough to > > examine and understand the issue. > > So, where do we stand on this. Is this actually something which needs to > be addressed in the systemd package or is this an issue of the selinux > policy package shipped in Debian and should be reassigned accordingly? > > Russel, Laurent, would very much appreciate your help with this bug report. After some discussion on #selinux@freenode and some testing, it seems that there is still an issue here. Somebody on the channel made a patch, I hope it will be upstreamed. Cheers, Laurent Bigonville
Bug#775651: systemd: /run/user/$UID directories are created with type tmpfs_t on SE Linux
Am 02.02.2016 um 18:21 schrieb Laurent Bigonville: > After some discussion on #selinux@freenode and some testing, it seems > that there is still an issue here. > > Somebody on the channel made a patch, I hope it will be upstreamed. A patch for systemd? Is this tracked somewhere? -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth? signature.asc Description: OpenPGP digital signature
Bug#775651: systemd: /run/user/$UID directories are created with type tmpfs_t on SE Linux
On Mon, 19 Jan 2015 10:05:55 +0100 Michael Bieblwrote: > Am 19.01.2015 um 03:20 schrieb Russell Coker: > > On Mon, 19 Jan 2015, Michael Biebl wrote: > >> unfortunately I don't have any selinux knowledge at all, so I don't have > >> the slightest idea how this (or your earlier bug #775613) should be > >> addressed. > >> > >> Help is most welcome. > > > > Would you like me to give you root access on a virtual machine that > > demonstrates the bugs in question? > > Thanks for the kind offer. I'm not sure if it would help, since, as > said, I don't know anything about selinux. At least not enough to > examine and understand the issue. So, where do we stand on this. Is this actually something which needs to be addressed in the systemd package or is this an issue of the selinux policy package shipped in Debian and should be reassigned accordingly? Russel, Laurent, would very much appreciate your help with this bug report. Michael -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth? signature.asc Description: OpenPGP digital signature
Bug#775651: systemd: /run/user/$UID directories are created with type tmpfs_t on SE Linux
Am 19.01.2015 um 03:20 schrieb Russell Coker: On Mon, 19 Jan 2015, Michael Biebl bi...@debian.org wrote: unfortunately I don't have any selinux knowledge at all, so I don't have the slightest idea how this (or your earlier bug #775613) should be addressed. Help is most welcome. Would you like me to give you root access on a virtual machine that demonstrates the bugs in question? Thanks for the kind offer. I'm not sure if it would help, since, as said, I don't know anything about selinux. At least not enough to examine and understand the issue. -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth? signature.asc Description: OpenPGP digital signature
Bug#775651: systemd: /run/user/$UID directories are created with type tmpfs_t on SE Linux
On Mon, 19 Jan 2015, Michael Biebl bi...@debian.org wrote: unfortunately I don't have any selinux knowledge at all, so I don't have the slightest idea how this (or your earlier bug #775613) should be addressed. Help is most welcome. Would you like me to give you root access on a virtual machine that demonstrates the bugs in question? -- My Main Blog http://etbe.coker.com.au/ My Documents Bloghttp://doc.coker.com.au/ -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#775651: systemd: /run/user/$UID directories are created with type tmpfs_t on SE Linux
control: tags -1 moreinfo help control: tags 775613 moreinfo help Am 18.01.2015 um 08:06 schrieb Russell Coker: # grep auditallow local.te auditallow domain tmpfs_t:dir create; # grep granted /var/log/audit/audit.log type=AVC msg=audit(1421563773.398:239): avc: granted { create } for pid=4302 comm=systemd name=systemd scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:tmpfs_t:s0 tclass=dir type=AVC msg=audit(1421563773.398:240): avc: granted { create } for pid=4302 comm=systemd name=generator scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:tmpfs_t:s0 tclass=dir type=AVC msg=audit(1421563773.398:241): avc: granted { create } for pid=4302 comm=systemd name=generator.early scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:tmpfs_t:s0 tclass=dir type=AVC msg=audit(1421563773.398:242): avc: granted { create } for pid=4302 comm=systemd name=generator.late scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:tmpfs_t:s0 tclass=dir # ls -laZ /run/user total 0 drwxr-xr-x. 4 root root system_u:object_r:var_auth_t:SystemLow 80 Jan 18 17:58 . drwxr-xr-x. 26 root root system_u:object_r:var_run_t:SystemLow 1080 Jan 18 17:58 .. drwx--. 3 root root system_u:object_r:var_auth_t:SystemLow 60 Jan 18 17:34 0 drwx--. 3 rjc rjc system_u:object_r:tmpfs_t:SystemLow 60 Jan 18 17:58 1001 I have an auditallow rule to audit creation of tmpfs_t directories. As you can see systemd creates such directories when I login. The directory 0 has the correct context because I ran restorecon but the directory 1001 has the wrong context because I just logged in as that user. There are no auto trans rules to give it the type tmpfs_t and the file_contexts also specify var_auth_t. I think that systemd is requesting tmpfs_t as the type. Hi Russel, unfortunately I don't have any selinux knowledge at all, so I don't have the slightest idea how this (or your earlier bug #775613) should be addressed. Help is most welcome. Michael -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth? signature.asc Description: OpenPGP digital signature
Bug#775651: systemd: /run/user/$UID directories are created with type tmpfs_t on SE Linux
Package: systemd Version: 215-9 Severity: normal # grep auditallow local.te auditallow domain tmpfs_t:dir create; # grep granted /var/log/audit/audit.log type=AVC msg=audit(1421563773.398:239): avc: granted { create } for pid=4302 comm=systemd name=systemd scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:tmpfs_t:s0 tclass=dir type=AVC msg=audit(1421563773.398:240): avc: granted { create } for pid=4302 comm=systemd name=generator scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:tmpfs_t:s0 tclass=dir type=AVC msg=audit(1421563773.398:241): avc: granted { create } for pid=4302 comm=systemd name=generator.early scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:tmpfs_t:s0 tclass=dir type=AVC msg=audit(1421563773.398:242): avc: granted { create } for pid=4302 comm=systemd name=generator.late scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:tmpfs_t:s0 tclass=dir # ls -laZ /run/user total 0 drwxr-xr-x. 4 root root system_u:object_r:var_auth_t:SystemLow 80 Jan 18 17:58 . drwxr-xr-x. 26 root root system_u:object_r:var_run_t:SystemLow 1080 Jan 18 17:58 .. drwx--. 3 root root system_u:object_r:var_auth_t:SystemLow 60 Jan 18 17:34 0 drwx--. 3 rjc rjc system_u:object_r:tmpfs_t:SystemLow 60 Jan 18 17:58 1001 I have an auditallow rule to audit creation of tmpfs_t directories. As you can see systemd creates such directories when I login. The directory 0 has the correct context because I ran restorecon but the directory 1001 has the wrong context because I just logged in as that user. There are no auto trans rules to give it the type tmpfs_t and the file_contexts also specify var_auth_t. I think that systemd is requesting tmpfs_t as the type. -- Package-specific info: -- System Information: Debian Release: 8.0 APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores) Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Init: systemd (via /run/systemd/system) Versions of packages systemd depends on: ii acl 2.2.52-2 ii adduser 3.113+nmu3 ii initscripts 2.88dsf-58 ii libacl1 2.2.52-2 ii libaudit1 1:2.4-1+b1 ii libblkid1 2.25.2-4 ii libc6 2.19-13 ii libcap2 1:2.24-6 ii libcap2-bin 1:2.24-6 ii libcryptsetup4 2:1.6.6-4 ii libgcrypt20 1.6.2-4+b1 ii libkmod218-3 ii liblzma55.1.1alpha+20120614-2+b3 ii libpam0g1.1.8-3.1 ii libselinux1 2.3-2 ii libsystemd0 215-9 ii mount 2.25.2-4 ii sysv-rc 2.88dsf-58 ii udev215-9 ii util-linux 2.25.2-4 Versions of packages systemd recommends: ii dbus1.8.14-1 ii libpam-systemd 215-9 Versions of packages systemd suggests: pn systemd-ui none -- Configuration Files: /etc/systemd/journald.conf changed: [Journal] SystemMaxUse=25M -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org