[DSE-Dev] Bug#875669: selinux-policy-default: brctl can't create sysfs files

[Russell Coker]

Package: selinux-policy-default
Version: 2:2.20161023.1-9
Severity: normal

type=AVC msg=audit(1505299977.725:20): avc:  denied  { add_name } for  pid=565 comm="brctl" name="hello_time" scontext=system_u:system_r:brctl_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=dir permissive=0
type=AVC msg=audit(1505299977.729:21): avc:  denied  { add_name } for  pid=566 comm="brctl" name="stp_state" scontext=system_u:system_r:brctl_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=dir permissive=0
type=AVC msg=audit(1505299977.729:22): avc:  denied  { add_name } for  pid=568 comm="brctl" name="forward_delay" scontext=system_u:system_r:brctl_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=dir permissive=0

brctl when run from whatever parses /etc/network/interfaces gets the above
when creating a bridge interface.  It still appears to work for basic functions
but presumably doesn't set the hello time and forward delay properly (stp is
set as desired).

-- System Information:
Debian Release: 9.1
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.9.0-3-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_AU, LC_CTYPE=en_AU (charmap=ISO-8859-1), LANGUAGE=en_AU:en (charmap=ISO-8859-1)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages selinux-policy-default depends on:
ii  libselinux1      2.6-3+b1
ii  libsemanage1     2.6-2
ii  libsepol1        2.6-2
ii  policycoreutils  2.6-3
ii  selinux-utils    2.6-3+b1

Versions of packages selinux-policy-default recommends:
ii  checkpolicy  2.6-2
ii  setools      4.0.1-6

Versions of packages selinux-policy-default suggests:
pn  logcheck        <none>
pn  syslog-summary  <none>

-- no debconf information