[DSE-Dev] Bug#678564: selinux-policy-default: Several process are running in incorrect context when using systemd
Laurent Bigonville
bigon at debian.org
Sun Jun 24 20:23:39 UTC 2012
Le Mon, 25 Jun 2012 02:23:57 +1000,
Russell Coker <russell at coker.com.au> a écrit :
> On Sat, 23 Jun 2012, Laurent Bigonville <bigon at debian.org> wrote:
> > Several processes (like dbus) are running in an incorrect context
> > (init_t) when booting using systemd
> >
> > Using sysvinit it's running as system_dbusd_t
>
> Please give me the output of "ps axZ|grep init_t" and also the "ls
> -Z" output for the executables in question.
>
With SysV init:
system_u:system_r:init_t:s0 1 ? Ss 0:00 init [2]
system_u:system_r:initrc_t:s0 2979 ? Ss 0:00 /usr/sbin/tcsd
system_u:system_r:initrc_t:s0 3240 ? Ss 0:00 /usr/sbin/acpi_fakekeyd
system_u:system_r:initrc_t:s0 3259 ? Ssl 0:06 /usr/sbin/apt-cacher-ng -c /etc/apt-cacher-ng pidfile=/var/run/apt-cacher-ng/pid SocketPath=/var/run/apt-cacher-ng/socket foreground=0
system_u:system_r:initrc_t:s0 3295 ? Ss 0:00 /usr/sbin/irqbalance
system_u:system_r:initrc_t:s0 3348 ? Ss 0:00 /usr/sbin/kerneloops
system_u:system_r:initrc_t:s0 3628 ? Ss 0:00 /usr/sbin/bluetoothd
system_u:system_r:initrc_t:s0 3658 ? Ss 0:00 /sbin/upsd
system_u:system_r:initrc_t:s0 3703 ? Ss 0:00 /sbin/upsmon
system_u:system_r:initrc_t:s0 3706 ? S 0:00 /sbin/upsmon
system_u:system_r:initrc_t:s0 3736 ? S 0:00 /usr/sbin/smartd --pidfile /var/run/smartd.pid
system_u:system_r:initrc_t:s0 3820 ? Ss 0:07 /lib/nut/usbhid-ups -a ellipse
system_u:system_r:initrc_t:s0 4100 ? Ss 0:00 /usr/sbin/minissdpd -i 0.0.0.0
With systemd:
system_u:system_r:init_t:s0 1 ? Ss 0:01 /bin/systemd
system_u:system_r:init_t:s0 1414 ? Ss 0:00 /usr/sbin/bluetoothd -n
system_u:system_r:init_t:s0 1459 ? Ss 0:00 avahi-daemon: running [fornost.local]
system_u:system_r:init_t:s0 1504 ? Ssl 0:00 /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
system_u:system_r:init_t:s0 1642 ? S 0:00 avahi-daemon: chroot helper
system_u:system_r:init_t:s0 1960 ? Ssl 0:00 /usr/lib/x86_64-linux-gnu/colord/colord
system_u:system_r:init_t:s0 2000 ? Ssl 0:00 /usr/lib/policykit-1/polkitd --no-debug
system_u:system_r:init_t:s0 2006 ? Ssl 0:00 /usr/lib/x86_64-linux-gnu/colord/colord-sane
system_u:system_r:init_t:s0 2011 ? S 0:00 /usr/sbin/modem-manager
system_u:system_r:init_t:s0 2023 ? Ss 0:00 /usr/sbin/acpid
system_u:system_r:init_t:s0 2167 ? Sl 0:00 /usr/lib/accountsservice/accounts-daemon
system_u:system_r:init_t:s0 2170 ? Ssl 0:00 /usr/sbin/console-kit-daemon --no-daemon
system_u:system_r:init_t:s0 2294 ? Ssl 0:00 /usr/lib/upower/upowerd
system_u:system_r:init_t:s0 2552 ? SNsl 0:00 /usr/lib/rtkit/rtkit-daemon
system_u:system_r:initrc_t:s0 1539 ? Ss 0:00 /usr/sbin/minissdpd -i 0.0.0.0
system_u:system_r:initrc_t:s0 1550 ? Ss 0:00 /usr/sbin/tcsd
system_u:system_r:initrc_t:s0 1635 ? Ss 0:00 /usr/sbin/irqbalance
system_u:system_r:initrc_t:s0 1712 ? Ss 0:00 /usr/sbin/kerneloops
system_u:system_r:initrc_t:s0 1726 ? Ss 0:00 /usr/sbin/acpi_fakekeyd
system_u:system_r:initrc_t:s0 1894 ? Ss 0:00 /usr/sbin/apt-cacher-ng -c /etc/apt-cacher-ng pidfile=/var/run/apt-cacher-ng/pid SocketPath=/var/run/apt-cacher-ng/socket foreground=0
system_u:system_r:initrc_t:s0 1958 ? S 0:00 /usr/sbin/smartd --pidfile /var/run/smartd.pid
system_u:system_r:initrc_t:s0 1963 ? Ss 0:00 /sbin/upsd
system_u:system_r:initrc_t:s0 1985 ? Ss 0:00 /sbin/upsmon
system_u:system_r:initrc_t:s0 1987 ? S 0:00 /sbin/upsmon
system_u:system_r:initrc_t:s0 2081 ? Ss 0:00 /lib/nut/usbhid-ups -a ellipse
I did a complete relabel before so I guess everything should be ok from
that side.
$ ls -Z /usr/bin/dbus-daemon
system_u:object_r:dbusd_exec_t:SystemLow /usr/bin/dbus-daemon
Cheers
Laurent Bigonville
More information about the SELinux-devel
mailing list