[DSE-Dev] Bug#732857: selinux-policy-default: SELINUX_ERR invalid context, since update to 2:2.20131214-1

Benoit Friry benoit at friry.net
Sun Dec 22 16:37:08 UTC 2013

Package: selinux-policy-default
Version: 2:2.20131214-1
Severity: normal


Since I upgraded to 2:2.20131214-1, I have lots of logs in audit.log and syslog.

They are about sshd and hddtemp.

type=SELINUX_ERR msg=audit(1387729606.524:178): security_compute_sid:  invalid context unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 for scontext=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 tclass=unix_stream_socket

type=SELINUX_ERR msg=audit(1387729606.556:181): security_compute_sid:  invalid context unconfined_u:system_r:unconfined_t:s0-s0:c0.c1023 for scontext=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:shell_exec_t:s0 tclass=process

type=SELINUX_ERR msg=audit(1387729595.732:156): security_compute_sid:  invalid context unconfined_u:system_r:hddtemp_t:s0-s0:c0.c1023 for scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=system_u:object_r:hddtemp_exec_t:s0 tclass=process

audit2log suggests adding:
	role system_r types unconfined_t;
	role system_r types sshd_t;
	role system_r types hddtemp_t;

"seinfo -rsystem_r -x" shows system_r does have those types.

I don't understand where it goes wrong.  I'm a beginner with selinux.


-- System Information:
Debian Release: jessie/sid
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable'), (500, 'stable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.12-trunk-amd64 (SMP w/4 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages selinux-policy-default depends on:
ii  libpam-modules   1.1.3-9
ii  libselinux1      2.2.1-1
ii  libsepol1        2.2-1
ii  policycoreutils  2.2.4-1
ii  python           2.7.5-5
ii  selinux-utils    2.2.1-1

Versions of packages selinux-policy-default recommends:
ii  checkpolicy  2.2-1
ii  setools      3.3.8-1+b1

Versions of packages selinux-policy-default suggests:
ii  logcheck        1.3.15
pn  syslog-summary  <none>

-- Configuration Files:
/etc/selinux/default/modules/active/file_contexts.local [Errno 13] Permission non accordée: u'/etc/selinux/default/modules/active/file_contexts.local'

-- no debconf information

More information about the SELinux-devel mailing list