Package: selinux-basics
Version: 0.3.8
Severity: normal
When I setup SELINUX=permissive in /etc/selinux/config, the
computer fails to boot correctly (cannot start X11, but the console is
ok).
The following entries are written in kern.log
The interesting one is « 119 Oct 19 17:30:33 portable kernel: [13.724544]
mount[371]: segfault at 120 20f4000 ip 00007fb1e8fbbb20 sp 00007fff52ae4998
error 6 in 121 libc-2.13.so[7fb1e8f41000+17a000] »
If I setup SELINUX=permissive in /etc/selinux/config, the
computer works fine.
So it looks like I can install SELinux, but not use it.
___
…
Oct 19 17:30:33 portable kernel: [ 13.130469] SELinux: 2048 avtab
hash slots, 37945 rules.
Oct 19 17:30:33 portable kernel: [ 13.141483] SELinux: 2048 avtab hash
slots, 37945 rules.
Oct 19 17:30:33 portable kernel: [ 13.143325] SELinux: 6 users, 6
roles, 1464 types, 69 bools, 1 sens, 1024 cats
Oct 19 17:30:33 portable kernel: [ 13.143328] SELinux: 77 classes,
37945 rules
Oct 19 17:30:33 portable kernel: [ 13.145131] SELinux: Permission
read_policy in class security not defined in policy.
Oct 19 17:30:33 portable kernel: [ 13.145156] SELinux: Permission
audit_access in class file not defined in policy.
Oct 19 17:30:33 portable kernel: [ 13.145163] SELinux: Permission
audit_access in class dir not defined in policy.
Oct 19 17:30:33 portable kernel: [ 13.145166] SELinux: Permission
execmod in class dir not defined in policy.
Oct 19 17:30:33 portable kernel: [ 13.145172] SELinux: Permission
audit_access in class lnk_file not defined in policy.
Oct 19 17:30:33 portable kernel: [ 13.145175] SELinux: Permission
open in class lnk_file not defined in policy.
Oct 19 17:30:33 portable kernel: [ 13.145177] SELinux: Permission
execmod in class lnk_file not defined in policy.
Oct 19 17:30:33 portable kernel: [ 13.145183] SELinux: Permission
audit_access in class chr_file not defined in policy.
Oct 19 17:30:33 portable kernel: [ 13.145188] SELinux: Permission
audit_access in class blk_file not defined in policy.
Oct 19 17:30:33 portable kernel: [ 13.145191] SELinux: Permission
execmod in class blk_file not defined in policy.
Oct 19 17:30:33 portable kernel: [ 13.145196] SELinux: Permission
audit_access in class sock_file not defined in policy.
Oct 19 17:30:33 portable kernel: [ 13.145199] SELinux: Permission
execmod in class sock_file not defined in policy.
Oct 19 17:30:33 portable kernel: [ 13.145204] SELinux: Permission
audit_access in class fifo_file not defined in policy.
Oct 19 17:30:33 portable kernel: [ 13.145207] SELinux: Permission
execmod in class fifo_file not defined in policy.
Oct 19 17:30:33 portable kernel: [ 13.145306] SELinux: Permission
syslog in class capability2 not defined in policy.
Oct 19 17:30:33 portable kernel: [ 13.145313] SELinux: the above
unknown classes and permissions will be denied
Oct 19 17:30:33 portable kernel: [ 13.145321] SELinux: Completing
initialization.
Oct 19 17:30:33 portable kernel: [ 13.145323] SELinux: Setting up
existing superblocks.
Oct 19 17:30:33 portable kernel: [ 13.145331] SELinux: initialized
(dev sysfs, type sysfs), uses genfs_contexts
Oct 19 17:30:33 portable kernel: [ 13.145338] SELinux: initialized
(dev rootfs, type rootfs), uses genfs_contexts
Oct 19 17:30:33 portable kernel: [ 13.145344] SELinux: initialized
(dev bdev, type bdev), uses genfs_contexts
Oct 19 17:30:33 portable kernel: [ 13.145350] SELinux: initialized
(dev proc, type proc), uses genfs_contexts
Oct 19 17:30:33 portable kernel: [ 13.145363] SELinux: initialized
(dev tmpfs, type tmpfs), uses transition SIDs
Oct 19 17:30:33 portable kernel: [ 13.145370] SELinux: initialized
(dev devtmpfs, type devtmpfs), uses transition SIDs
Oct 19 17:30:33 portable kernel: [ 13.145708] SELinux: initialized
(dev debugfs, type debugfs), uses genfs_contexts
Oct 19 17:30:33 portable kernel: [ 13.146252] SELinux: initialized
(dev sockfs, type sockfs), uses task SIDs
Oct 19 17:30:33 portable kernel: [ 13.146256] SELinux: initialized
(dev pipefs, type pipefs), uses task SIDs
Oct 19 17:30:33 portable kernel: [ 13.146261] SELinux: initialized
(dev anon_inodefs, type anon_inodefs), uses genfs_contexts
Oct 19 17:30:33 portable kernel: [ 13.146266] SELinux: initialized
(dev devpts, type devpts), uses transition SIDs
Oct 19 17:30:33 portable kernel: [ 13.146275] SELinux: initialized
(dev hugetlbfs, type hugetlbfs), uses transition SIDs
Oct 19 17:30:33 portable kernel: [ 13.146281] SELinux: initialized
(dev mqueue, type mqueue), uses transition SIDs
Oct 19 17:30:33 portable kernel: [ 13.146286] SELinux: initialized
(dev selinuxfs, type selinuxfs), uses genfs_contexts
Oct 19 17:30:33 portable kernel: [ 13.146312] SELinux: initialized
(dev sysfs, type sysfs), uses genfs_contexts
Oct 19 17:30:33 portable kernel: [ 13.147011] SELinux: initialized
(dev tmpfs, type tmpfs), uses transition SIDs
Oct 19 17:30:33 portable kernel: [ 13.147244] SELinux: initialized
(dev usbfs, type usbfs), uses genfs_contexts
Oct 19 17:30:33 portable kernel: [ 13.147263] SELinux: initialized
(dev dm-1, type ext4), uses xattr
Oct 19 17:30:33 portable kernel: [ 13.154059] type=1403
audit(1319038221.846:2): policy loaded auid=4294967295 ses=4294967295
Oct 19 17:30:33 portable kernel: [ 13.242243] type=1400
audit(1319038221.934:3): avc: denied { read write } for pid=356
comm="sh" name="console" dev=devtmpfs ino=896
scontext=system_u:system_r:sysadm_t:s0
tcontext=system_u:object_r:device_t:s0 tclass=chr_file
Oct 19 17:30:33 portable kernel: [ 13.462096] type=1400
audit(1319038222.154:4): avc: denied { ioctl } for pid=361
comm="stty" path="/dev/console" dev=devtmpfs ino=896
scontext=system_u:system_r:sysadm_t:s0
tcontext=system_u:object_r:device_t:s0 tclass=chr_file
Oct 19 17:30:33 portable kernel: [ 13.503104] type=1400
audit(1319038222.198:5): avc: denied { open } for pid=360 comm="rc"
name="null" dev=devtmpfs ino=888 scontext=system_u:system_r:sysadm_t:s0
tcontext=system_u:object_r:device_t:s0 tclass=chr_file
Oct 19 17:30:33 portable kernel: [ 13.677109] type=1400
audit(1319038222.370:6): avc: denied { read } for pid=370
comm="mountpoint" path="pipe:[1783]" dev=pipefs ino=1783
scontext=system_u:system_r:mount_t:s0
tcontext=system_u:system_r:init_t:s0 tclass=fifo_file
Oct 19 17:30:33 portable kernel: [ 13.724240] type=1400
audit(1319038222.418:7): avc: denied { read } for pid=371
comm="mount" name="run" dev=dm-1 ino=786435
scontext=system_u:system_r:mount_t:s0
tcontext=system_u:object_r:var_t:s0 tclass=lnk_file
Oct 19 17:30:33 portable kernel: [ 13.724544] mount[371]: segfault at
20f4000 ip 00007fb1e8fbbb20 sp 00007fff52ae4998 error 6 in
libc-2.13.so[7fb1e8f41000+17a000]
Oct 19 17:30:33 portable kernel: [ 13.744483] type=1400
audit(1319038222.438:8): avc: denied { read } for pid=372
comm="restorecon" path="pipe:[1783]" dev=pipefs ino=1783
scontext=system_u:system_r:setfiles_t:s0
tcontext=system_u:system_r:init_t:s0 tclass=fifo_file
Oct 19 17:30:33 portable kernel: [ 13.851365] type=1400
audit(1319038222.542:9): avc: denied { read } for pid=375
comm="restorecon" name="run" dev=dm-1 ino=786435
scontext=system_u:system_r:setfiles_t:s0
tcontext=system_u:object_r:var_t:s0 tclass=lnk_file
Oct 19 17:30:33 portable kernel: [ 13.903820] type=1400
audit(1319038222.594:10): avc: denied { write } for pid=383
comm="mount" name="/" dev=tmpfs ino=1050
scontext=system_u:system_r:mount_t:s0
tcontext=system_u:object_r:var_run_t:s0 tclass=dir
Oct 19 17:30:33 portable kernel: [ 13.903940] SELinux: initialized
(dev tmpfs, type tmpfs), uses transition SIDs
…
___
-- System Information:
Debian Release: wheezy/sid
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 3.0.0-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8) (ignored: LC_ALL
set to fr_FR.UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages selinux-basics depends on:
ii checkpolicy 2.1.0-1
ii policycoreutils 2.0.82-5
ii python 2.7.2-8
ii selinux-utils 2.1.0-1
Versions of packages selinux-basics recommends:
pn selinux-policy-default 2:0.2.20100524-12
pn setools <none>
Versions of packages selinux-basics suggests:
pn logcheck <none>
pn syslog-summary <none>
-- no debconf information
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
