[Pkg-systemd-maintainers] Bug#737006: Bug#737006: systemd: When init=/lib/systemd/systemd, selinux no longer works

Laurent Bigonville bigon at debian.org
Fri Jan 31 14:47:03 GMT 2014


Le Fri, 31 Jan 2014 06:56:49 +0100,
Michael Biebl <biebl at debian.org> a écrit :

> Am 29.01.2014 10:54, schrieb Bart-Jan Vrielink:
> > Package: systemd
> > Version: 204-6
> > Severity: important
> > 
> > Dear Maintainer,
> > 
> > When I boot up under systemd, I get asked if I want to enter a
> > security context when I login. It seems that all processes are
> > running under the kernel_t label (except systemd-udevd, which runs
> > under system_u:system_r:udev_t:s0-s0:c0.c1023)
> > 
> > Because of this, the combination of SELinux and systemd is at the
> > moment unusable. SELinux works fine under init=/sbin/init

Hello Michael!

> Sounds like a bug in the selinux policy package to me, not in systemd
> itself. That said, I basically know nothing about selinux.
> 
> bigon, can you comment on this bug report?
> Let us know whether we should re-assing it to one of the
> selinux-policy-* packages or if there is something which needs to be
> addressed in systemd.

Yes you are correct, this is a bug in the policy and it should be
reassigned to it.

We dropped almost all the debian specific patches that were applied to
the package in the past because it was impossible for us to keep a such
huge delta with upstream. Unfortunately upstream doesn't have ATM
(people are working on it IIRC) systemd support (the patches were
previously coming straight from Fedora).

Bart-Jan: So what I will suggest you is the 2 following commands:

semanage fcontext -a -t init_exec_t /lib/systemd/systemd
restorecon -v /lib/systemd/systemd

This will already help, but unfortunately not all the services will not
run in the correct labels.

Cheers,

Laurent Bigonville




More information about the Pkg-systemd-maintainers mailing list