[DSE-Dev] Bug#757994: selinux-policy-default: Patch

Andreas Florath andre at flonatel.org
Wed Aug 13 16:43:47 UTC 2014

Package: selinux-policy-default
Version: 2:2.20140421-4
Followup-For: Bug #757994


Attached you can find a patch which fixes this problem.
One cause was similar to #756729.

The cause was, that it is possible to use a link to /dev/null as
systemd service file - which is done for x11-common:

root at debselinux01:~# ls -lZ /lib/systemd/system/x11-common.service
lrwxrwxrwx. 1 root root system_u:object_r:systemd_unit_file_t:SystemLow 9 Jul 16 00:52 /lib/systemd/system/x11-common.service -> /dev/null
root at debselinux01:~# ls -lZ /dev/null 
crw-rw-rw-. 1 root root system_u:object_r:null_device_t:SystemLow 1, 3 Aug 13 16:57 /dev/null
root at debselinux01:~# dpkg -S /lib/systemd/system/x11-common.service
systemd: /lib/systemd/system/x11-common.service

The patch allows to access the null_device_t from systemd and friends.

If it is easier for you, you can also pull the patch from

Kind regards

-------------- next part --------------
A non-text attachment was scrubbed...
Name: selinux-refpolicy-allow-systemd-link-to-dev-null.patch
Type: text/x-diff
Size: 1328 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/selinux-devel/attachments/20140813/dc47ca0b/attachment.patch>

More information about the SELinux-devel mailing list