Hide Forgot
Description of problem: (originally reported on the CentOS bug tracker and someone suggested that I should report here instead) /sys/fs/cgroup is currently assigned the incorrect SELinux label of system_u:object_r:tmpfs_t:s0 but restorecon reports that it should be system_u:object_r:cgroup_t:s0 restorecon is unable to fix the issue as it returns an error: Read-only file system Version-Release number of selected component (if applicable): CentOS 7.2.1511 selinux-policy 3.13.1 (release 60.el7_2.3, Based off of reference policy: Checked out revision 2.20091117) How reproducible: always Steps to Reproduce: 1. run ls -aZ /sys/fs/cgroup to verify directory has label of system_u:object_r:tmpfs_t:s0 2. run sudo restorecon -v /sys/fs/cgroup to correct the label Actual results: You will see the following error message: restorecon set context /sys/fs/cgroup->system_u:object_r:cgroup_t:s0 failed:'Read-only file system' Expected results: restorecon should have have corrected the label of /sys/fs/cgroup to system_u:object_r:cgroup_t Additional info: You can confirm the correct label here: https://github.com/TresysTechnology/refpolicy/blob/778dfaf776800887d1f9c320a7ac6199139b694b/policy/modules/kernel/filesystem.fc#L14 [^]
I cannot remember. But I don't think so.
This should be fixed in systemd code. Michal, Could you add labeling for /sys/fs/cgroup dir cgroup_t ? Thanks.
any news about this issue?
https://github.com/lnykryn/systemd-rhel/pull/207
fix merged to staging branch -> https://github.com/lnykryn/systemd-rhel/pull/207 -> post
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2018:3245