[DSE-Dev] Bug#771482: systemd-tmpfiles errors with selinux

[Frederik Himpe]

I'm seeing these errors are boot up with systemd and selinux:

[    1.718397] audit: type=1400 audit(1421330080.604:5): avc:  denied  { setattr } for  pid=218 comm="systemd-tmpfile" name="var" dev="vda1" ino=262145 scontext=system_u:system_r:systemd_tmpfiles_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=dir permissive=1
[    1.719814] audit: type=1400 audit(1421330080.604:6): avc:  denied  { relabelfrom } for  pid=218 comm="systemd-tmpfile" name="var" dev="vda1" ino=262145 scontext=system_u:system_r:systemd_tmpfiles_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=dir permissive=1
[    1.719823] audit: type=1400 audit(1421330080.604:7): avc:  denied  { relabelto } for  pid=218 comm="systemd-tmpfile" name="var" dev="vda1" ino=262145 scontext=system_u:system_r:systemd_tmpfiles_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=dir permissive=1
[    1.719967] audit: type=1400 audit(1421330080.604:8): avc:  denied  { setattr } for  pid=218 comm="systemd-tmpfile" name="log" dev="vda1" ino=262371 scontext=system_u:system_r:systemd_tmpfiles_t:s0 tcontext=system_u:object_r:var_log_t:s0 tclass=dir permissive=1
[    1.720000] audit: type=1400 audit(1421330080.604:9): avc:  denied  { relabelfrom } for  pid=218 comm="systemd-tmpfile" name="log" dev="vda1" ino=262371 scontext=system_u:system_r:systemd_tmpfiles_t:s0 tcontext=system_u:object_r:var_log_t:s0 tclass=dir permissive=1
[    1.720037] audit: type=1400 audit(1421330080.604:10): avc:  denied  { relabelto } for  pid=218 comm="systemd-tmpfile" name="log" dev="vda1" ino=262371 scontext=system_u:system_r:systemd_tmpfiles_t:s0 tcontext=system_u:object_r:var_log_t:s0 tclass=dir permissive=1

I guess these would be fixed by updating the systemd support in the
default policy?


-- 
Frederik Himpe <frederik at frehi.be>