[DSE-Dev] Bug#757444: selinux-policy-default: restorecond gets a permission denied

Jeroen Pulles jeroen.pulles at redslider.net
Fri Aug 8 00:16:58 UTC 2014

Package: selinux-policy-default
Version: 2:2.20140421-4
Severity: important

Dear Maintainer,

In enforced mode, restorecond does not work:

# restorecond --help
restorecond: error while loading shared libraries: libffi.so.6: cannot enable executable stack as shared object requires: Permission denied

How ironic. 

I followed the guidelines from the Debian wiki for SELinux. 

(I have the impression restorecon is not doing what it is supposed to do
either; I'm seeing files with the wrong labels for postfix and redis-server. A
`fixfiles onreboot` and reboot later and some labels are fixed, but the
restorecond error pertains. I'm also seeing errors with postfix caused by a
mismatch in postdrop/pickup role/type blah, where from the policy source it
seems fair to complain. This is my first stab at selinux on debian. I'm
abandoning that idea right away.)

kind regards,

-- System Information:
Debian Release: jessie/sid
  APT prefers testing-updates
  APT policy: (500, 'testing-updates'), (500, 'testing')
Architecture: i386 (i686)

Kernel: Linux 3.14-2-686-pae (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages selinux-policy-default depends on:
ii  libpam-modules   1.1.8-3
ii  libselinux1      2.3-1
ii  libsepol1        2.3-1
ii  policycoreutils  2.3-1
ii  python           2.7.8-1
ii  selinux-utils    2.3-1

Versions of packages selinux-policy-default recommends:
ii  checkpolicy  2.3-1
ii  setools      3.3.8-3

Versions of packages selinux-policy-default suggests:
pn  logcheck        <none>
pn  syslog-summary  <none>

-- no debconf information

More information about the SELinux-devel mailing list