[DSE-Dev] Bug#678564: selinux-policy-default: Several process are running in incorrect context when using systemd
Laurent Bigonville
bigon at debian.org
Mon Jun 25 08:11:54 UTC 2012
Le Mon, 25 Jun 2012 16:23:39 +1000,
Russell Coker <russell at coker.com.au> a écrit :
> On Mon, 25 Jun 2012, Laurent Bigonville <bigon at debian.org> wrote:
[...]
> > system_u:system_r:initrc_t:s0 3259 ? Ssl
> > 0:06 /usr/sbin/apt-cacher-ng -c /etc/apt-cacher-ng
> > pidfile=/var/run/apt-cacher-ng/pid
> > SocketPath=/var/run/apt-cacher-ng/socket foreground=0
>
> What exactly does that do? We need to run that in a different domain.
This is a proxy for apt, to cache the packages locally, that would
indeed be nice if it was protected.
>
> > system_u:system_r:initrc_t:s0 3295 ? Ss 0:00
> > /usr/sbin/irqbalance
>
> I'll add the irqbalance.pp to an initial load if the Debian package
> is installed.
>
> > system_u:system_r:initrc_t:s0 3348 ? Ss
> > 0:00 /usr/sbin/kerneloops
>
> Need kerneloops.pp
>
> > system_u:system_r:initrc_t:s0 3628 ?
> > Ss 0:00 /usr/sbin/bluetoothd
>
> Need bluetooth.pp
These two are pulled by the desktop-task (and by gnome) metapackage.
Could also be interesting to autoload them if the debian pkg is
installed.
[...]
> I will upload a new policy package to Unstable shortly to give you
> nut.pp and tcsd.pp for testing. Probably they will have some issues
> and I'll do another upload tomorrow to fix them.
Thanks, and what about the processes that are running under init_t
domains when using systemd? Dbus seems the main problem here.
Cheers
Laurent Bigonville
More information about the SELinux-devel
mailing list