[DSE-Dev] Bug#758082: selinux-policy-default: Installing hddtemp fails with 'Failed to issue method call: Access denied' if enforcing

Andreas Florath andre at flonatel.org
Thu Aug 14 06:05:40 UTC 2014 

Package: selinux-policy-default
Version: 2:2.20140421-4
Severity: normal

Dear Maintainer,

installing hddtemp fails:

root at debselinux01:~# sestatus 
SELinux status:                 enabled
SELinuxfs mount:                /sys/fs/selinux
SELinux root directory:         /etc/selinux
Loaded policy name:             default
Current mode:                   enforcing
Mode from config file:          enforcing
Policy MLS status:              enabled
Policy deny_unknown status:     allowed
Max kernel policy version:      29
root at debselinux01:~# se_apt-get install hddtemp
[...]
Setting up hddtemp (0.3-beta15-52) ...
Failed to issue method call: Access denied
invoke-rc.d: initscript hddtemp, action "start" failed.
dpkg: error processing package hddtemp (--configure):
 subprocess installed post-installation script returned error exit status 4
Errors were encountered while processing:
 hddtemp
E: Sub-process /usr/bin/dpkg returned an error code (1)

These AVCs are logged:

type=USER_AVC msg=audit(1407995529.568:104): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='avc:  denied  { status } for auid=0 uid=0 gid=0 path="/etc/init.d/hddtemp" cmdline="systemctl -p LoadState show hddtemp.service" scontext=system_u:system_r:dpkg_script_t:s0 tcontext=system_u:object_r:hddtemp_initrc_exec_t:s0 tclass=service  exe="/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?'
type=USER_AVC msg=audit(1407995529.596:105): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='avc:  denied  { start } for auid=0 uid=0 gid=0 path="/etc/init.d/hddtemp" cmdline="systemctl start hddtemp.service" scontext=system_u:system_r:dpkg_script_t:s0 tcontext=system_u:object_r:hddtemp_initrc_exec_t:s0 tclass=service  exe="/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?'

Please note that this problem is similar to #758080 - nevertheless the target context differs.

Kind regards

Andre


-- System Information:
Debian Release: jessie/sid
  APT prefers testing-updates
  APT policy: (500, 'testing-updates'), (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 3.14-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages selinux-policy-default depends on:
ii  libpam-modules   1.1.8-3
ii  libselinux1      2.3-1
ii  libsepol1        2.3-1
ii  policycoreutils  2.3-1
ii  python           2.7.8-1
ii  selinux-utils    2.3-1

Versions of packages selinux-policy-default recommends:
ii  checkpolicy  2.3-1
ii  setools      3.3.8-3

Versions of packages selinux-policy-default suggests:
pn  logcheck        <none>
pn  syslog-summary  <none>

-- no debconf information

More information about the SELinux-devel mailing list