[DSE-Dev] Bug#757444: selinux-policy-default: restorecond gets a permission denied
Jeroen Pulles
jeroen.pulles at redslider.net
Fri Aug 8 00:16:58 UTC 2014
Package: selinux-policy-default
Version: 2:2.20140421-4
Severity: important
Dear Maintainer,
In enforced mode, restorecond does not work:
# restorecond --help
restorecond: error while loading shared libraries: libffi.so.6: cannot enable executable stack as shared object requires: Permission denied
How ironic.
I followed the guidelines from the Debian wiki for SELinux.
(I have the impression restorecon is not doing what it is supposed to do
either; I'm seeing files with the wrong labels for postfix and redis-server. A
`fixfiles onreboot` and reboot later and some labels are fixed, but the
restorecond error pertains. I'm also seeing errors with postfix caused by a
mismatch in postdrop/pickup role/type blah, where from the policy source it
seems fair to complain. This is my first stab at selinux on debian. I'm
abandoning that idea right away.)
kind regards,
Jeroen
-- System Information:
Debian Release: jessie/sid
APT prefers testing-updates
APT policy: (500, 'testing-updates'), (500, 'testing')
Architecture: i386 (i686)
Kernel: Linux 3.14-2-686-pae (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages selinux-policy-default depends on:
ii libpam-modules 1.1.8-3
ii libselinux1 2.3-1
ii libsepol1 2.3-1
ii policycoreutils 2.3-1
ii python 2.7.8-1
ii selinux-utils 2.3-1
Versions of packages selinux-policy-default recommends:
ii checkpolicy 2.3-1
ii setools 3.3.8-3
Versions of packages selinux-policy-default suggests:
pn logcheck <none>
pn syslog-summary <none>
-- no debconf information
More information about the SELinux-devel
mailing list