[DSE-Dev] Bug#756729: Problem also occurs in Jessie with systemd installed

Andreas Florath andre at flonatel.org
Tue Aug 5 08:49:17 UTC 2014 

Hello!

Some more thoughts to this problem:

@Russel: I think you are right: these AVCs are logged, but (maybe) do
not influence the system.

In one of my earlier mails to this problem, I reported, that this was
not reproducible on Jessie. This is correct - as long as SYSV-init is
used.  Today I installed systemd on Jessie and run into exactly this
problem.

Also here always the '/sys/class/net/eth0/operstate' is 'down'.

One observation (which might have nothing to do with this problem):
When using Jessie with SYSV-init, it takes quiet a long time to boot.
Most of the time is spend in:
 'Waiting for /dev to be fully populated': 30sec
Using systemd the whole booting takes about 2sec.

When disabling SELinux (setting to permissive), the problem vanishes.
Here the 'operstate' is 'up' - and the network device is initialized.
I do not see any logged AVC either in permissive nor in enforcing
mode.  And I'm not sure if this is a really problem of
selinux-policy-default or some other package.

All tests were done on a minimal installation of Debian in a VM.
The host system is Debian Jessie running KVM 2.0.0+dfsg-6+b1.

If you want, I can provide the VM where this problem occurs every
boot.

Kind regards

Andre

root at debselinux01:~# dpkg -l | grep selinux
ii  libselinux1:amd64              2.3-1                       amd64        SELinux runtime shared libraries
ii  python-selinux                 2.3-1                       amd64        Python bindings to SELinux shared libraries
ii  selinux-basics                 0.5.2                       all          SELinux basic support
ii  selinux-policy-default         2:2.20140421-4              all          Strict and Targeted variants of the SELinux policy
ii  selinux-utils                  2.3-1                       amd64        SELinux utility programs
root at debselinux01:~# dpkg -l | grep systemd
ii  libpam-systemd:amd64           208-6                       amd64        system and service manager - PAM module
ii  libsystemd-daemon0:amd64       208-6                       amd64        systemd utility library
ii  libsystemd-journal0:amd64      208-6                       amd64        systemd journal utility library
ii  libsystemd-login0:amd64        208-6                       amd64        systemd login utility library
ii  systemd                        208-6                       amd64        system and service manager
ii  systemd-sysv                   208-6                       amd64        system and service manager - SysV links

More information about the SELinux-devel mailing list