[DSE-Dev] Bug#874191: gdm3 started users start in wrong context
Sam Morris
sam at robots.org.uk
Mon Mar 30 11:34:42 BST 2020
Package: selinux-policy-default
Version: 2:2.20190201-7
Followup-For: Bug #874191
I've noticed that the processes that are part of my login session have
the correct label. But systemd --user (and the processes underneath it)
largely run with init_t and initrc_t.
Adding 'verbose debug' to the 'pam_selinux.so open' line in
/etc/pam.d/systemd-user reveals:
systemd[140316]: pam_selinux(systemd-user:session): Open Session
systemd[140316]: pam_selinux(systemd-user:session): Username= Debian-gdm SELinux User= unconfined_u Level= s0-s0:c0.c1023
systemd[140316]: pam_selinux(systemd-user:session): Unable to get valid context for Debian-gdm
systemd[140316]: pam_selinux(systemd-user:session): conversation failed
systemd[140316]: pam_unix(systemd-user:session): session opened for user Debian-gdm by (uid=0)
By contrast, on a system running Fedora, systemd --user and most of its
child processes are running with the expected label, and these messages
are logged:
systemd[224172]: pam_selinux(systemd-user:session): Open Session
systemd[224172]: pam_selinux(systemd-user:session): Username= gdm SELinux User= unconfined_u Level= s0-s0:c0.c1023
systemd[224172]: pam_selinux(systemd-user:session): Set executable context: [] -> [unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023]
systemd[224172]: pam_selinux(systemd-user:session): Security Context unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 Assigned
systemd[224172]: pam_selinux(systemd-user:session): conversation failed
systemd[224172]: pam_selinux(systemd-user:session): Set key creation context to unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
systemd[224172]: pam_selinux(systemd-user:session): Key Creation Context unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 Assigned
systemd[224172]: pam_selinux(systemd-user:session): conversation failed
Here's a handy command for examining the relationship between parent
process, login session, user and selinux context:
$ ps f -e -o user,lsession,label,cmd
USER SESSION LABEL CMD
root - system_u:system_r:kernel_t:s0 [kthreadd]
root - system_u:system_r:kernel_t:s0 \_ [rcu_gp]
root - system_u:system_r:kernel_t:s0 \_ [rcu_par_gp]
root - system_u:system_r:kernel_t:s0 \_ [kworker/0:0H]
root - system_u:system_r:kernel_t:s0 \_ [mm_percpu_wq]
root - system_u:system_r:kernel_t:s0 \_ [ksoftirqd/0]
root - system_u:system_r:kernel_t:s0 \_ [rcu_sched]
root - system_u:system_r:kernel_t:s0 \_ [migration/0]
root - system_u:system_r:kernel_t:s0 \_ [cpuhp/0]
root - system_u:system_r:kernel_t:s0 \_ [cpuhp/1]
root - system_u:system_r:kernel_t:s0 \_ [migration/1]
root - system_u:system_r:kernel_t:s0 \_ [ksoftirqd/1]
root - system_u:system_r:kernel_t:s0 \_ [kworker/1:0H-kblockd]
root - system_u:system_r:kernel_t:s0 \_ [cpuhp/2]
root - system_u:system_r:kernel_t:s0 \_ [migration/2]
root - system_u:system_r:kernel_t:s0 \_ [ksoftirqd/2]
root - system_u:system_r:kernel_t:s0 \_ [kworker/2:0H-events_highpri]
root - system_u:system_r:kernel_t:s0 \_ [cpuhp/3]
root - system_u:system_r:kernel_t:s0 \_ [migration/3]
root - system_u:system_r:kernel_t:s0 \_ [ksoftirqd/3]
root - system_u:system_r:kernel_t:s0 \_ [kworker/3:0H-events_highpri]
root - system_u:system_r:kernel_t:s0 \_ [kdevtmpfs]
root - system_u:system_r:kernel_t:s0 \_ [netns]
root - system_u:system_r:kernel_t:s0 \_ [kauditd]
root - system_u:system_r:kernel_t:s0 \_ [khungtaskd]
root - system_u:system_r:kernel_t:s0 \_ [oom_reaper]
root - system_u:system_r:kernel_t:s0 \_ [writeback]
root - system_u:system_r:kernel_t:s0 \_ [kcompactd0]
root - system_u:system_r:kernel_t:s0 \_ [ksmd]
root - system_u:system_r:kernel_t:s0 \_ [khugepaged]
root - system_u:system_r:kernel_t:s0 \_ [kintegrityd]
root - system_u:system_r:kernel_t:s0 \_ [kblockd]
root - system_u:system_r:kernel_t:s0 \_ [blkcg_punt_bio]
root - system_u:system_r:kernel_t:s0 \_ [edac-poller]
root - system_u:system_r:kernel_t:s0 \_ [devfreq_wq]
root - system_u:system_r:kernel_t:s0 \_ [kswapd0]
root - system_u:system_r:kernel_t:s0 \_ [kthrotld]
root - system_u:system_r:kernel_t:s0 \_ [irq/122-aerdrv]
root - system_u:system_r:kernel_t:s0 \_ [irq/123-aerdrv]
root - system_u:system_r:kernel_t:s0 \_ [irq/124-aerdrv]
root - system_u:system_r:kernel_t:s0 \_ [irq/125-aerdrv]
root - system_u:system_r:kernel_t:s0 \_ [acpi_thermal_pm]
root - system_u:system_r:kernel_t:s0 \_ [ipv6_addrconf]
root - system_u:system_r:kernel_t:s0 \_ [kstrp]
root - system_u:system_r:kernel_t:s0 \_ [nvme-wq]
root - system_u:system_r:kernel_t:s0 \_ [nvme-reset-wq]
root - system_u:system_r:kernel_t:s0 \_ [cryptd]
root - system_u:system_r:kernel_t:s0 \_ [nvme-delete-wq]
root - system_u:system_r:kernel_t:s0 \_ [kworker/3:1H-events_highpri]
root - system_u:system_r:kernel_t:s0 \_ [kworker/2:1H-events_highpri]
root - system_u:system_r:kernel_t:s0 \_ [kworker/1:1H-kblockd]
root - system_u:system_r:kernel_t:s0 \_ [kdmflush]
root - system_u:system_r:kernel_t:s0 \_ [kcryptd_io/254:]
root - system_u:system_r:kernel_t:s0 \_ [kcryptd/254:0]
root - system_u:system_r:kernel_t:s0 \_ [dmcrypt_write/2]
root - system_u:system_r:kernel_t:s0 \_ [kdmflush]
root - system_u:system_r:kernel_t:s0 \_ [kdmflush]
root - system_u:system_r:kernel_t:s0 \_ [jbd2/dm-2-8]
root - system_u:system_r:kernel_t:s0 \_ [ext4-rsv-conver]
root - system_u:system_r:kernel_t:s0 \_ [kworker/0:1H-events_highpri]
root - system_u:system_r:kernel_t:s0 \_ [tpm_dev_wq]
root - system_u:system_r:kernel_t:s0 \_ [kmemstick]
root - system_u:system_r:kernel_t:s0 \_ [watchdogd]
root - system_u:system_r:kernel_t:s0 \_ [cfg80211]
root - system_u:system_r:kernel_t:s0 \_ [jbd2/nvme0n1p2-]
root - system_u:system_r:kernel_t:s0 \_ [ext4-rsv-conver]
root - system_u:system_r:kernel_t:s0 \_ [irq/141-iwlwifi]
root - system_u:system_r:kernel_t:s0 \_ [krfcommd]
root - system_u:system_r:kernel_t:s0 \_ [cifsiod]
root - system_u:system_r:kernel_t:s0 \_ [smb3decryptd]
root - system_u:system_r:kernel_t:s0 \_ [cifsfileinfoput]
root - system_u:system_r:kernel_t:s0 \_ [cifsoplockd]
root - system_u:system_r:kernel_t:s0 \_ [kworker/u9:2-rb_allocator]
root - system_u:system_r:kernel_t:s0 \_ [kworker/2:4-events]
root - system_u:system_r:kernel_t:s0 \_ [kworker/u8:41-kcryptd/254:0]
root - system_u:system_r:kernel_t:s0 \_ [kworker/2:1-cgroup_destroy]
root - system_u:system_r:kernel_t:s0 \_ [kworker/0:78-events]
root - system_u:system_r:kernel_t:s0 \_ [kworker/1:127-events]
root - system_u:system_r:kernel_t:s0 \_ [kworker/u8:5-kcryptd/254:0]
root - system_u:system_r:kernel_t:s0 \_ [kworker/u8:6-kcryptd/254:0]
root - system_u:system_r:kernel_t:s0 \_ [kworker/u8:23-kcryptd/254:0]
root - system_u:system_r:kernel_t:s0 \_ [kworker/u8:24-events_unbound]
root - system_u:system_r:kernel_t:s0 \_ [irq/126-mei_me]
root - system_u:system_r:kernel_t:s0 \_ [kworker/u9:0-hci0]
root - system_u:system_r:kernel_t:s0 \_ [kworker/0:0-events]
root - system_u:system_r:kernel_t:s0 \_ [kworker/1:1-events]
root - system_u:system_r:kernel_t:s0 \_ [kworker/3:1-events]
root - system_u:system_r:kernel_t:s0 \_ [kworker/3:3-events]
root - system_u:system_r:kernel_t:s0 \_ [kworker/1:0-cgroup_destroy]
root - system_u:system_r:init_t:s0 /sbin/init splash splash
root - system_u:system_r:syslogd_t:s0 /lib/systemd/systemd-journald
root - system_u:system_r:udev_t:s0-s0:c0.c1023 /lib/systemd/systemd-udevd
root - system_u:system_r:udev_t:s0-s0:c0.c1023 \_ /lib/systemd/systemd-udevd
root - system_u:system_r:udev_t:s0-s0:c0.c1023 \_ /lib/systemd/systemd-udevd
root - system_u:system_r:udev_t:s0-s0:c0.c1023 \_ /lib/systemd/systemd-udevd
root - system_u:system_r:udev_t:s0-s0:c0.c1023 \_ /lib/systemd/systemd-udevd
root - system_u:system_r:udev_t:s0-s0:c0.c1023 \_ /lib/systemd/systemd-udevd
root - system_u:system_r:udev_t:s0-s0:c0.c1023 \_ /lib/systemd/systemd-udevd
root - system_u:system_r:udev_t:s0-s0:c0.c1023 \_ /lib/systemd/systemd-udevd
root - system_u:system_r:udev_t:s0-s0:c0.c1023 \_ /lib/systemd/systemd-udevd
root - system_u:system_r:udev_t:s0-s0:c0.c1023 \_ /lib/systemd/systemd-udevd
systemd+ - system_u:system_r:systemd_resolved_t:s0 /lib/systemd/systemd-resolved
root - system_u:system_r:auditd_t:s0 /sbin/auditd
root - system_u:system_r:modemmanager_t:s0 /usr/sbin/ModemManager --filter-policy=strict
avahi - system_u:system_r:avahi_t:s0 avahi-daemon: running [fragarach.local]
avahi - system_u:system_r:avahi_t:s0 \_ avahi-daemon: chroot helper
message+ - system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
root - system_u:system_r:firewalld_t:s0 /usr/bin/python3 /usr/sbin/firewalld --nofork --nopid
root - system_u:system_r:initrc_t:s0 /usr/libexec/iwd
root - system_u:system_r:sssd_t:s0 /usr/sbin/sssd -i --logger=files
root - system_u:system_r:sssd_t:s0 \_ /usr/libexec/sssd/sssd_be --domain ipa.example.com --uid 0 --gid 0 --logger=files
root - system_u:system_r:sssd_t:s0 \_ /usr/libexec/sssd/sssd_pac --uid 0 --gid 0 --logger=files
root - system_u:system_r:devicekit_disk_t:s0 /usr/lib/udisks2/udisksd
root - system_u:system_r:initrc_t:s0 /usr/sbin/atopacctd
root - system_u:system_r:initrc_t:s0 /usr/sbin/usbguard-daemon -f -s -c /etc/usbguard/usbguard-daemon.conf
root - system_u:system_r:policykit_t:s0 /usr/lib/policykit-1/polkitd --no-debug
root - system_u:system_r:alsa_t:s0 /usr/sbin/alsactl -E HOME=/run/alsa -s -n 19 -c rdaemon
root - system_u:system_r:bluetooth_t:s0 /usr/lib/bluetooth/bluetoothd
root - system_u:system_r:NetworkManager_t:s0 /usr/sbin/NetworkManager --no-daemon
root - system_u:system_r:initrc_t:s0 /usr/sbin/dockerd -H fd://
root - system_u:system_r:initrc_t:s0 \_ docker-containerd --config /var/run/docker/containerd/containerd.toml --log-level info
root - system_u:system_r:accountsd_t:s0 /usr/lib/accountsservice/accounts-daemon
root - system_u:system_r:crond_t:s0-s0:c0.c1023 /usr/sbin/cron -f
root - system_u:system_r:systemd_logind_t:s0 /lib/systemd/systemd-logind
root - system_u:system_r:sshd_t:s0-s0:c0.c1023 /usr/sbin/sshd -D
root - system_u:system_r:xdm_t:s0-s0:c0.c1023 /usr/sbin/gdm3
root 126 system_u:system_r:xdm_t:s0-s0:c0.c1023 \_ gdm-session-worker [pam/gdm-password]
sam.mor+ 126 unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 \_ /usr/libexec/gdm-wayland-session /usr/bin/gnome-session
sam.mor+ 126 unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 \_ /usr/libexec/gnome-session-binary --systemd
colord - system_u:system_r:colord_t:s0 /usr/lib/colord/colord
root - system_u:system_r:NetworkManager_t:s0 /sbin/wpa_supplicant -u -s -O /run/wpa_supplicant
rtkit - system_u:system_r:rtkit_daemon_t:s0 /usr/lib/rtkit/rtkit-daemon
nobody - system_u:system_r:dnsmasq_t:s0-s0:c0.c1023 /usr/sbin/dnsmasq --conf-file=/var/lib/libvirt/dnsmasq/default.conf --leasefile-ro --dhcp-script=/usr/lib/libvirt/libvirt_leaseshelper
root - system_u:system_r:dnsmasq_t:s0-s0:c0.c1023 \_ /usr/sbin/dnsmasq --conf-file=/var/lib/libvirt/dnsmasq/default.conf --leasefile-ro --dhcp-script=/usr/lib/libvirt/libvirt_leaseshelper
root - system_u:system_r:devicekit_power_t:s0 /usr/lib/upower/upowerd
sam.mor+ - system_u:system_r:init_t:s0 /lib/systemd/systemd --user
sam.mor+ - system_u:system_r:init_t:s0 \_ (sd-pam)
sam.mor+ - system_u:system_r:pulsudio_t:s0 \_ /usr/bin/pulseaudio --daemonize=no
sam.mor+ - system_u:system_r:init_t:s0 \_ ssh-agent -D -a /run/user/876099160/openssh_agent
sam.mor+ - system_u:system_r:initrc_t:s0 \_ /usr/bin/onedrive --monitor
sam.mor+ - system_u:system_r:init_t:s0 \_ /usr/bin/gpg-agent --supervised
sam.mor+ - system_u:system_r:syst:c0.c1023 \_ /usr/bin/dbus-daemon --session --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
sam.mor+ - system_u:system_r:initrc_t:s0 \_ /usr/libexec/gnome-session-ctl --monitor
sam.mor+ - system_u:system_r:initrc_t:s0 \_ /usr/libexec/gnome-session-binary --systemd-service --session=gnome
sam.mor+ - system_u:system_r:initrc_t:s0 | \_ /usr/lib/at-spi2-core/at-spi-bus-launcher --launch-immediately
sam.mor+ - system_u:system_rtem_dbusd_t:s0 | | \_ /usr/bin/dbus-daemon --config-file=/usr/share/defaults/at-spi2/accessibility.conf --nofork --print-address 3
sam.mor+ - system_u:system_r:initrc_t:s0 | \_ /usr/bin/python3 /usr/bin/firewall-applet
sam.mor+ - system_u:system_r:initrc_t:s0 | \_ usbguard-applet-qt
sam.mor+ - system_u:system_r:initrc_t:s0 | \_ /usr/lib/tracker/tracker-miner-apps
sam.mor+ - system_u:system_r:initrc_t:s0 | \_ /usr/lib/gnome-disk-utility/gsd-disk-utility-notify
sam.mor+ - system_u:system_r:initrc_t:s0 | \_ /usr/libexec/evolution-data-server/evolution-alarm-notify
sam.mor+ - system_u:system_r:initrc_t:s0 | \_ /usr/bin/nextcloud
sam.mor+ - system_u:system_r:initrc_t:s0 | \_ /usr/lib/tracker/tracker-miner-fs
sam.mor+ - system_u:system_r:initrc_t:s0 | \_ /usr/bin/gnome-software --gapplication-service
sam.mor+ - system_u:system_r:initrc_t:s0 | \_ /usr/bin/owncloud
sam.mor+ - system_u:system_r:init_t:s0 \_ /usr/bin/gnome-shell
sam.mor+ - system_u:system_r:initrc_t:s0 | \_ /usr/bin/Xwayland :0 -rootless -noreset -accessx -core -auth /run/user/876099160/.mutter-Xwaylandauth.DQ66H0 -listen 4 -listen 5 -displayfd 6
sam.mor+ - system_u:system_r:initrc_t:s0 | \_ ibus-daemon --panel disable -r --xim
sam.mor+ - system_u:system_r:initrc_t:s0 | | \_ /usr/lib/ibus/ibus-dconf
sam.mor+ - system_u:system_r:initrc_t:s0 | | \_ /usr/lib/ibus/ibus-extension-gtk3
sam.mor+ - system_u:system_r:initrc_t:s0 | | \_ /usr/lib/ibus/ibus-engine-simple
sam.mor+ - system_u:system_r:initrc_t:s0 | \_ pidgin
sam.mor+ - system_u:system_r:initrc_t:s0 | \_ /usr/lib/firefox/firefox
sam.mor+ - system_u:system_r:initrc_t:s0 | | \_ /usr/lib/firefox/firefox -contentproc -childID 1 -isForBrowser -prefsLen 1 -prefMapSize 223666 -parentBuildID 20200309095159 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appdir /usr/lib/firefox/browser 63179 true tab
sam.mor+ - system_u:system_r:initrc_t:s0 | | \_ /usr/lib/firefox/firefox -contentproc -childID 2 -isForBrowser -prefsLen 497 -prefMapSize 223666 -parentBuildID 20200309095159 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appdir /usr/lib/firefox/browser 63179 true tab
sam.mor+ - system_u:system_r:initrc_t:s0 | | \_ /usr/lib/firefox/firefox -contentproc -childID 4 -isForBrowser -prefsLen 497 -prefMapSize 223666 -parentBuildID 20200309095159 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appdir /usr/lib/firefox/browser 63179 true tab
sam.mor+ - system_u:system_r:initrc_t:s0 | | \_ /usr/lib/firefox/firefox -contentproc -childID 5 -isForBrowser -prefsLen 497 -prefMapSize 223666 -parentBuildID 20200309095159 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appdir /usr/lib/firefox/browser 63179 true tab
sam.mor+ - system_u:system_r:initrc_t:s0 | | \_ /usr/lib/firefox/firefox -contentproc -childID 6 -isForBrowser -prefsLen 497 -prefMapSize 223666 -parentBuildID 20200309095159 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appdir /usr/lib/firefox/browser 63179 true tab
sam.mor+ - system_u:system_r:initrc_t:s0 | | \_ /usr/lib/firefox/firefox -contentproc -childID 7 -isForBrowser -prefsLen 497 -prefMapSize 223666 -parentBuildID 20200309095159 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appdir /usr/lib/firefox/browser 63179 true tab
sam.mor+ - system_u:system_r:initrc_t:s0 | | \_ /usr/lib/firefox/firefox -contentproc -childID 8 -isForBrowser -prefsLen 497 -prefMapSize 223666 -parentBuildID 20200309095159 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appdir /usr/lib/firefox/browser 63179 true tab
sam.mor+ - system_u:system_r:initrc_t:s0 | | \_ /usr/lib/firefox/firefox -contentproc -childID 10 -isForBrowser -prefsLen 6590 -prefMapSize 223666 -parentBuildID 20200309095159 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appdir /usr/lib/firefox/browser 63179 true tab
sam.mor+ - system_u:system_r:initrc_t:s0 | | \_ /usr/bin/python3 /usr/bin/chrome-gnome-shell /usr/lib/mozilla/native-messaging-hosts/org.gnome.chrome_gnome_shell.json chrome-gnome-shell at gnome.org
sam.mor+ - system_u:system_r:initrc_t:s0 | | \_ /usr/lib/firefox/firefox -contentproc -childID 18 -isForBrowser -prefsLen 8118 -prefMapSize 223666 -parentBuildID 20200309095159 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appdir /usr/lib/firefox/browser 63179 true tab
sam.mor+ - system_u:system_r:initrc_t:s0 | | \_ /usr/lib/firefox/firefox -contentproc -parentBuildID 20200309095159 -prefsLen 12960 -prefMapSize 223666 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appdir /usr/lib/firefox/browser 63179 true rdd
root - system_u:system_r:initrc_t:s0 | \_ bwrap --args 33 keepassxc
sam.mor+ - system_u:system_r:initrc_t:s0 | \_ bwrap --args 33 keepassxc
sam.mor+ - system_u:system_r:initrc_t:s0 | \_ keepassxc
sam.mor+ - system_u:system_r:initrc_t:s0 \_ /usr/lib/gvfs/gvfsd
sam.mor+ - system_u:system_r:initrc_t:s0 | \_ /usr/lib/gvfs/gvfsd-trash --spawner :1.19 /org/gtk/gvfs/exec_spaw/0
sam.mor+ - system_u:system_r:initrc_t:s0 | \_ /usr/lib/gvfs/gvfsd-network --spawner :1.19 /org/gtk/gvfs/exec_spaw/5
sam.mor+ - system_u:system_r:initrc_t:s0 | \_ /usr/lib/gvfs/gvfsd-dnssd --spawner :1.19 /org/gtk/gvfs/exec_spaw/9
sam.mor+ - system_u:system_r:initrc_t:s0 \_ /usr/lib/gvfs/gvfsd-fuse /run/user/876099160/gvfs -f -o big_writes
sam.mor+ - system_u:system_r:system_dbusd_t:s0 \_ /usr/lib/at-spi2-core/at-spi2-registryd --use-gnome-session
sam.mor+ - system_u:system_r:initrc_t:s0 \_ /usr/libexec/xdg-permission-store
sam.mor+ - system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 \_ /usr/lib/gnome-shell/gnome-shell-calendar-server
sam.mor+ - system_u:system_r:initrc_t:s0 \_ /usr/libexec/evolution-source-registry
sam.mor+ - system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 \_ /usr/lib/dconf/dconf-service
sam.mor+ - system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 \_ /usr/libexec/goa-daemon
sam.mor+ - system_u:system_r:initrc_t:s0 \_ /usr/lib/gvfs/gvfs-udisks2-volume-monitor
sam.mor+ - system_u:system_r:initrc_t:s0 \_ /usr/lib/gvfs/gvfsd-metadata
sam.mor+ - system_u:system_r:initrc_t:s0 \_ /usr/lib/gvfs/gvfs-gphoto2-volume-monitor
sam.mor+ - system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 \_ /usr/libexec/goa-identity-service
sam.mor+ - system_u:system_r:initrc_t:s0 \_ /usr/lib/gvfs/gvfs-goa-volume-monitor
sam.mor+ - system_u:system_r:initrc_t:s0 \_ /usr/lib/gvfs/gvfs-mtp-volume-monitor
sam.mor+ - system_u:system_r:initrc_t:s0 \_ /usr/lib/gvfs/gvfs-afc-volume-monitor
sam.mor+ - system_u:system_r:initrc_t:s0 \_ /usr/lib/ibus/ibus-x11 --kill-daemon
sam.mor+ - system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 \_ /usr/lib/ibus/ibus-portal
sam.mor+ - system_u:system_r:initrc_t:s0 \_ /usr/libexec/gsd-a11y-settings
sam.mor+ - system_u:system_r:initrc_t:s0 \_ /usr/libexec/gsd-color
sam.mor+ - system_u:system_r:initrc_t:s0 \_ /usr/libexec/gsd-datetime
sam.mor+ - system_u:system_r:initrc_t:s0 \_ /usr/libexec/gsd-housekeeping
sam.mor+ - system_u:system_r:initrc_t:s0 \_ /usr/libexec/gsd-keyboard
sam.mor+ - system_u:system_r:initrc_t:s0 \_ /usr/libexec/gsd-media-keys
sam.mor+ - system_u:system_r:initrc_t:s0 \_ /usr/libexec/gsd-power
sam.mor+ - system_u:system_r:initrc_t:s0 \_ /usr/libexec/gsd-print-notifications
sam.mor+ - system_u:system_r:initrc_t:s0 \_ /usr/libexec/gsd-rfkill
sam.mor+ - system_u:system_r:initrc_t:s0 \_ /usr/libexec/gsd-screensaver-proxy
sam.mor+ - system_u:system_r:initrc_t:s0 \_ /usr/libexec/gsd-sharing
sam.mor+ - system_u:system_r:initrc_t:s0 \_ /usr/libexec/gsd-smartcard
sam.mor+ - system_u:system_r:initrc_t:s0 \_ /usr/libexec/gsd-sound
sam.mor+ - system_u:system_r:initrc_t:s0 \_ /usr/libexec/gsd-usb-protection
sam.mor+ - system_u:system_r:initrc_t:s0 \_ /usr/libexec/gsd-wacom
sam.mor+ - system_u:system_r:initrc_t:s0 \_ /usr/libexec/gsd-wwan
sam.mor+ - system_u:system_r:initrc_t:s0 \_ /usr/libexec/gsd-xsettings
sam.mor+ - system_u:system_r:initrc_t:s0 \_ /usr/libexec/evolution-calendar-factory
sam.mor+ - system_u:system_r:init_t:s0 \_ /usr/lib/tracker/tracker-store
sam.mor+ - system_u:system_r:initrc_t:s0 \_ /usr/libexec/gsd-printer
sam.mor+ - system_u:system_r:initrc_t:s0 \_ /usr/libexec/evolution-addressbook-factory
sam.mor+ - system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 \_ /usr/bin/gnome-calendar --gapplication-service
sam.mor+ - system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 \_ /usr/bin/seahorse --gapplication-service
sam.mor+ - system_u:system_r:initrc_t:s0 \_ /usr/bin/python3 /usr/share/virt-manager/virt-manager
sam.mor+ - system_u:system_r:initrc_t:s0 \_ /usr/libexec/gnome-terminal-server
sam.mor+ - system_u:system_r:initrc_t:s0 | \_ bash
sam.mor+ - system_u:system_r:initrc_t:s0 | \_ bash
sam.mor+ - system_u:system_r:initrc_t:s0 | \_ bash
root - system_u:system_r:initrc_t:s0 | | \_ sudo apt install -t buster-backports libreoffice
root - system_u:system_r:initrc_t:s0 | | \_ sudo apt install -t buster-backports libreoffice
root - system_u:system_r:apt_t:s0 | | \_ apt install -t buster-backports libreoffice
root - system_u:system_r:apt_t:s0 | | \_ apt install -t buster-backports libreoffice
root - system_u:system_r:apt_t:s0 | | \_ sh -c test -x /usr/lib/needrestart/apt-pinvoke && /usr/lib/needrestart/apt-pinvoke || true
root - system_u:system_r:apt_t:s0 | | \_ /usr/bin/perl -w /usr/share/debconf/frontend /usr/sbin/needrestart
root - system_u:system_r:apt_t:s0 | | \_ /usr/bin/perl /usr/sbin/needrestart
root - system_u:system_r:apt_t:s0 | | \_ whiptail --backtitle Package configuration --title Daemons using outdated libraries --output-fd 12 --separate-output --checklist Which services should be restarted? 11 47 1 -- libvirtd.service off
sam.mor+ - system_u:system_r:initrc_t:s0 | \_ bash
sam.mor+ - system_u:system_r:initrc_t:s0 | | \_ vim selinux-process-tree
sam.mor+ - system_u:system_r:initrc_t:s0 | \_ bash
sam.mor+ - system_u:system_r:initrc_t:s0 | | \_ /usr/bin/python3 /usr/bin/reportbug -N 874191
sam.mor+ - system_u:system_r:initrc_t:s0 | | \_ sh -c gvim -c :6 '/tmp/reportbug-874191-20200330-126232-3b7z1tcz'
sam.mor+ - system_u:system_r:initrc_t:s0 | | \_ gvim -c :6 /tmp/reportbug-874191-20200330-126232-3b7z1tcz
sam.mor+ - system_u:system_r:initrc_t:s0 | \_ bash
sam.mor+ - system_u:system_r:initrc_t:s0 | \_ vim /etc/selinux/default/contexts/default_contexts
sam.mor+ - system_u:system_r:initrc_t:s0 | \_ ps f -e -o user,lsession,label,cmd
sam.mor+ - system_u:system_r:initrc_t:s0 \_ /usr/libexec/flatpak-session-helper
sam.mor+ - system_u:system_r:initrc_t:s0 \_ server --sh -n /run/user/876099160/.flatpak-helper/pkcs11-flatpak-80340 --provider p11-kit-trust.so pkcs11:model=p11-kit-trust?write-protected=yes
sam.mor+ - system_u:system_r:initrc_t:s0 \_ /usr/libexec/xdg-document-portal
root - system_u:system_r:initrc_t:s0 \_ bwrap --args 32 xdg-dbus-proxy --args=36
sam.mor+ - system_u:system_r:initrc_t:s0 | \_ xdg-dbus-proxy --args=36
sam.mor+ - system_u:system_r:initrc_t:s0 \_ /usr/libexec/xdg-desktop-portal
sam.mor+ - system_u:system_r:initrc_t:s0 \_ /usr/libexec/xdg-desktop-portal-gtk
root - system_u:system_r:init_t:s0 /usr/lib/bolt/boltd
root - system_u:system_r:initrc_t:s0 /usr/libexec/sssd/sssd_sudo --socket-activated
root - system_u:system_r:virtd_t:s0-s0:c0.c1023 /usr/sbin/libvirtd
root - system_u:system_r:getty_t:s0 /sbin/agetty -o -p -- \u --noclear tty6 linux
root - system_u:system_r:getty_t:s0 /sbin/agetty -o -p -- \u --noclear tty3 linux
sam.mor+ 126 unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 /usr/bin/gnome-keyring-daemon --daemonize --login
sam.mor+ 126 unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 \_ /usr/bin/ssh-agent -D -a /run/user/876099160/keyring/.ssh
root - system_u:system_r:virtlogd_t:s0-s0:c0.c1023 /usr/sbin/virtlogd
root - system_u:system_r:initrc_t:s0 /usr/sbin/oddjobd -n -p /var/run/oddjobd.pid -t 300
root - system_u:system_r:init_t:s0 /usr/lib/fwupd/fwupd
root - system_u:system_r:initrc_t:s0 /usr/bin/via-vpn-srv -f -d 2
_chrony - system_u:system_r:chronyd_t:s0 /usr/sbin/chronyd -F -1
_chrony - system_u:system_r:chronyd_t:s0 \_ /usr/sbin/chronyd -F -1
root - system_u:system_r:initrc_t:s0 /usr/libexec/sssd/sssd_nss --logger=files --socket-activated
root - system_u:system_r:initrc_t:s0 /usr/bin/atop -R -w /var/log/atop/atop_20200330 600
root - system_u:system_r:cupsd_t:s0-s0:c0.c1023 /usr/sbin/cupsd -l
-- System Information:
Debian Release: 10.3
APT prefers stable-debug
APT policy: (570, 'stable-debug'), (570, 'stable'), (550, 'testing-debug'), (550, 'testing'), (530, 'unstable-debug'), (530, 'unstable'), (500, 'stable-updates'), (1, 'experimental-debug'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 5.4.0-4-amd64 (SMP w/4 CPU cores)
Kernel taint flags: TAINT_USER
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE=en_GB:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: SELinux: enabled - Mode: Permissive - Policy name: default
Versions of packages selinux-policy-default depends on:
ii libselinux1 2.8-1+b1
ii libsemanage1 2.8-2
ii libsepol1 2.8-1
ii policycoreutils 2.8-1
ii selinux-utils 2.8-1+b1
Versions of packages selinux-policy-default recommends:
ii checkpolicy 2.8-1
ii setools 4.2.0-1
Versions of packages selinux-policy-default suggests:
pn logcheck <none>
pn syslog-summary <none>
-- Configuration Files:
/etc/selinux/default/contexts/default_contexts changed:
system_r:crond_t:s0 user_r:user_t:s0 staff_r:staff_t:s0 sysadm_r:sysadm_t:s0 unconfined_r:unconfined_t:s0 user_r:cronjob_t:s0 staff_r:cronjob_t:s0 sysadm_r:cronjob_t:s0 system_r:system_cronjob_t:s0 unconfined_r:unconfined_cronjob_t:s0
system_r:local_login_t:s0 user_r:user_t:s0 staff_r:staff_t:s0 sysadm_r:sysadm_t:s0 unconfined_r:unconfined_t:s0
system_r:remote_login_t:s0 user_r:user_t:s0 staff_r:staff_t:s0 unconfined_r:unconfined_t:s0
system_r:sshd_t:s0 user_r:user_t:s0 staff_r:staff_t:s0 sysadm_r:sysadm_t:s0 unconfined_r:unconfined_t:s0
system_r:sulogin_t:s0 sysadm_r:sysadm_t:s0
system_r:xdm_t:s0 user_r:user_t:s0 staff_r:staff_t:s0 sysadm_r:sysadm_t:s0 unconfined_r:unconfined_t:s0
staff_r:staff_su_t:s0 user_r:user_t:s0 staff_r:staff_t:s0 sysadm_r:sysadm_t:s0
staff_r:staff_sudo_t:s0 sysadm_r:sysadm_t:s0 staff_r:staff_t:s0
sysadm_r:sysadm_su_t:s0 user_r:user_t:s0 staff_r:staff_t:s0 sysadm_r:sysadm_t:s0
sysadm_r:sysadm_sudo_t:s0 sysadm_r:sysadm_t:s0
user_r:user_su_t:s0 user_r:user_t:s0 staff_r:staff_t:s0 sysadm_r:sysadm_t:s0
user_r:user_sudo_t:s0 sysadm_r:sysadm_t:s0 user_r:user_t:s0
system_r:init_t:s0 user_r:user_t:s0 staff_r:staff_t:s0 sysadm_r:sysadm_t:s0 unconfined_r:unconfined_t:s0
-- no debconf information
More information about the SELinux-devel
mailing list