Bug 616136 - System does not boot with systemd in enforcing mode
Summary: System does not boot with systemd in enforcing mode
Status: CLOSED RAWHIDE
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy   
(Show other bugs)
Version: rawhide
Hardware: All
OS: Linux
low
medium
Target Milestone: ---
Assignee: Daniel Walsh
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Keywords:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2010-07-19 18:00 UTC by Orion Poplawski
Modified: 2010-07-20 17:53 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2010-07-20 17:53:48 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

Description Orion Poplawski 2010-07-19 18:00:49 UTC
Description of problem:

System does not boot with systemd in enforcing mode.  Current avcs:

type=AVC msg=audit(1279573506.165:8): avc:  denied  { accept } for  pid=695 comm="dbus-daemon" path="/var/run/dbus/system_bus_socket" scontext=system_u:system_r:system_dbusd_t:s0 tcontext=system_u:system_r:init_t:s0 tclass=unix_stream_socket
type=AVC msg=audit(1279573506.165:9): avc:  denied  { getattr } for  pid=695 comm="dbus-daemon" path="/var/run/dbus/system_bus_socket" scontext=system_u:system_r:system_dbusd_t:s0 tcontext=system_u:system_r:init_t:s0 tclass=unix_stream_socket
type=AVC msg=audit(1279573506.166:10): avc:  denied  { getopt } for  pid=695 comm="dbus-daemon" path="/var/run/dbus/system_bus_socket" scontext=system_u:system_r:system_dbusd_t:s0 tcontext=system_u:system_r:init_t:s0 tclass=unix_stream_socket

Version-Release number of selected component (if applicable):
systemd-3-3.fc14.x86_64
selinux-policy-3.8.7-2.fc14.noarch

Comment 1 Daniel Walsh 2010-07-20 17:53:48 UTC
Fixed in selinux-policy-3.8.8-1.fc14

ALthough the real fix is to get systemd to be selinux aware.


Note You need to log in before you can comment on or make changes to this bug.