[DSE-Dev] Bug#849637: /sys/devices/system/cpu/online SELinux context

Dominick Grift dac.override at gmail.com
Fri Dec 30 21:25:05 UTC 2016 

On Fri, 30 Dec 2016 17:17:24 +0100 cgzones <cgzones at googlemail.com> wrote:
> Hi,
> thanks for your response.
> I assigned this bug to systemd, cause I did not know any better and
> thought the sysfs filesystem is managed by systemd, like /run.
> 
> Btw, /dev/pts/ptmx is also mislabeled:
> 
> root at debianSE:~# restorecon -vv -R -n /dev
> Warning no default label for /dev/mqueue
> Warning no default label for /dev/pts/0
> Would relabel /dev/pts/ptmx from system_u:object_r:devpts_t:s0 to
> system_u:object_r:ptmx_t:s0
> 

That context spec for /dev/pts/ptmx should probably be dropped and just
leave it devpts_t

> 
> Kindly Regards,
>     Christian Göttsche
> 
> 2016-12-30 12:39 GMT+01:00 Laurent Bigonville <bigon at debian.org>:
> > reassign 849637 policycoreutils
> > thanks
> >
> > On Thu, 29 Dec 2016 12:36:30 +0100 cgzones <cgzones at googlemail.com> wrote:
> >
> >> When running a SELinux enabled system /sys/devices/system/cpu/online
> >> is mislabeled after boot:
> >>
> >> root at test1:/root/selinux/policy# restorecon -vv -R -F -n /sys
> >> Would relabel /sys/devices/system/cpu/online from
> >> system_u:object_r:sysfs_t:s0 to system_u:object_r:cpu_online_t:s0
> >
> > Not sure why this is assigned to systemd as this is not created by systemd.
> >
> > It's working with sysvinit because the selinux-autorelabel LSB initscript is
> > explicitly relabeling it during boot.
> >
> > Under systemd, that initscript is masked by the selinux-autorelabel.service.
> >
> > I was planning to add a tmpfiles for this, but apparently I forgot about it.
> >
> > Reassigning to policycoreutils
> >
> > Laurent Bigonville
> 
> 

-- 
Key fingerprint = 5F4D 3CDB D3F8 3652 FBD8  02D5 3B6C 5F1D 2C7B 6B02
https://sks-keyservers.net/pks/lookup?op=get&search=0x3B6C5F1D2C7B6B02
Dominick Grift

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 648 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/selinux-devel/attachments/20161230/bf0afefc/attachment.sig>

More information about the SELinux-devel mailing list