Bug#851933: udev: /lib/udev/hwdb.bin gets wrong SE Linux label
biebl at debian.org
Wed May 31 18:32:22 BST 2017
Control: tags -1 + confirmed
On Fri, 20 Jan 2017 15:39:14 +1100 Russell Coker <russell at coker.com.au>
> Package: udev
> Version: 232-12
> Severity: normal
> The command "systemd-hwdb --usr update" as run from
> /var/lib/dpkg/info/udev.postinst creates the file /lib/udev/hwdb.bin and
> assigns it the SE Linux context "system_u:object_r:default_t:s0" when it
> should have "system_u:object_r:bin_t:s0" with the current policy.
I've setup a test stretch VM enabling SELinux following the instructions
from  and can reproduce the issue.
Running "systemd-hwdb --usr update" creates the cache file as
/lib/udev/hwdb.bin with context "system_u:object_r:default_t:s0".
Running "systemd-hwdb update" creates the cache file as
/etc/udev/hwdb.bin with context "system_u:object_r:etc_t:s0", which
seems to be the correct context (as restorecon doesn't change it).
The selinux context should be set by label_fix:
I haven't debugged yet, why that doesn't work for --usr.
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 833 bytes
Desc: OpenPGP digital signature
More information about the Pkg-systemd-maintainers