Bug#775651: systemd: /run/user/$UID directories are created with type tmpfs_t on SE Linux
Michael Biebl
biebl at debian.org
Sun Jan 18 20:22:25 GMT 2015
control: tags -1 moreinfo help
control: tags 775613 moreinfo help
Am 18.01.2015 um 08:06 schrieb Russell Coker:
> # grep auditallow local.te
> auditallow domain tmpfs_t:dir create;
> # grep granted /var/log/audit/audit.log
> type=AVC msg=audit(1421563773.398:239): avc: granted { create } for pid=4302 comm="systemd" name="systemd" scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:tmpfs_t:s0 tclass=dir
> type=AVC msg=audit(1421563773.398:240): avc: granted { create } for pid=4302 comm="systemd" name="generator" scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:tmpfs_t:s0 tclass=dir
> type=AVC msg=audit(1421563773.398:241): avc: granted { create } for pid=4302 comm="systemd" name="generator.early" scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:tmpfs_t:s0 tclass=dir
> type=AVC msg=audit(1421563773.398:242): avc: granted { create } for pid=4302 comm="systemd" name="generator.late" scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:tmpfs_t:s0 tclass=dir
> # ls -laZ /run/user
> total 0
> drwxr-xr-x. 4 root root system_u:object_r:var_auth_t:SystemLow 80 Jan 18 17:58 .
> drwxr-xr-x. 26 root root system_u:object_r:var_run_t:SystemLow 1080 Jan 18 17:58 ..
> drwx------. 3 root root system_u:object_r:var_auth_t:SystemLow 60 Jan 18 17:34 0
> drwx------. 3 rjc rjc system_u:object_r:tmpfs_t:SystemLow 60 Jan 18 17:58 1001
>
> I have an auditallow rule to audit creation of tmpfs_t directories. As you can
> see systemd creates such directories when I login. The directory "0" has the
> correct context because I ran "restorecon" but the directory "1001" has the
> wrong context because I just logged in as that user.
>
> There are no auto trans rules to give it the type tmpfs_t and the file_contexts
> also specify var_auth_t. I think that systemd is requesting tmpfs_t as the
> type.
Hi Russel,
unfortunately I don't have any selinux knowledge at all, so I don't have
the slightest idea how this (or your earlier bug #775613) should be
addressed.
Help is most welcome.
Michael
--
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://alioth-lists.debian.net/pipermail/pkg-systemd-maintainers/attachments/20150118/ab3f7a2e/attachment-0002.sig>
More information about the Pkg-systemd-maintainers
mailing list