Bug#732857: selinux-policy-default: SELINUX_ERR invalid context, since update to 2:2.20131214-1

Sun, 22 Dec 2013 08:39:40 -0800 

Package: selinux-policy-default
Version: 2:2.20131214-1
Severity: normal

Bonjour,

Since I upgraded to 2:2.20131214-1, I have lots of logs in audit.log and syslog.

They are about sshd and hddtemp.

type=SELINUX_ERR msg=audit(1387729606.524:178): security_compute_sid:  invalid 
context unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 for 
scontext=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 
tcontext=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 tclass=unix_stream_socket

type=SELINUX_ERR msg=audit(1387729606.556:181): security_compute_sid:  invalid 
context unconfined_u:system_r:unconfined_t:s0-s0:c0.c1023 for 
scontext=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 
tcontext=system_u:object_r:shell_exec_t:s0 tclass=process

type=SELINUX_ERR msg=audit(1387729595.732:156): security_compute_sid:  invalid 
context unconfined_u:system_r:hddtemp_t:s0-s0:c0.c1023 for 
scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 
tcontext=system_u:object_r:hddtemp_exec_t:s0 tclass=process

audit2log suggests adding:
        role system_r types unconfined_t;
        role system_r types sshd_t;
        role system_r types hddtemp_t;

"seinfo -rsystem_r -x" shows system_r does have those types.

I don't understand where it goes wrong.  I'm a beginner with selinux.

Merci,
Benoit

-- System Information:
Debian Release: jessie/sid
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable'), (500, 'stable'), (1, 
'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.12-trunk-amd64 (SMP w/4 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages selinux-policy-default depends on:
ii  libpam-modules   1.1.3-9
ii  libselinux1      2.2.1-1
ii  libsepol1        2.2-1
ii  policycoreutils  2.2.4-1
ii  python           2.7.5-5
ii  selinux-utils    2.2.1-1

Versions of packages selinux-policy-default recommends:
ii  checkpolicy  2.2-1
ii  setools      3.3.8-1+b1

Versions of packages selinux-policy-default suggests:
ii  logcheck        1.3.15
pn  syslog-summary  <none>

-- Configuration Files:
/etc/selinux/default/modules/active/file_contexts.local [Errno 13] Permission 
non accordée: u'/etc/selinux/default/modules/active/file_contexts.local'

-- no debconf information


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Reply via email to