Le Fri, 31 Jan 2014 06:56:49 +0100, Michael Biebl <bi...@debian.org> a écrit :
> Am 29.01.2014 10:54, schrieb Bart-Jan Vrielink: > > Package: systemd > > Version: 204-6 > > Severity: important > > > > Dear Maintainer, > > > > When I boot up under systemd, I get asked if I want to enter a > > security context when I login. It seems that all processes are > > running under the kernel_t label (except systemd-udevd, which runs > > under system_u:system_r:udev_t:s0-s0:c0.c1023) > > > > Because of this, the combination of SELinux and systemd is at the > > moment unusable. SELinux works fine under init=/sbin/init Hello Michael! > Sounds like a bug in the selinux policy package to me, not in systemd > itself. That said, I basically know nothing about selinux. > > bigon, can you comment on this bug report? > Let us know whether we should re-assing it to one of the > selinux-policy-* packages or if there is something which needs to be > addressed in systemd. Yes you are correct, this is a bug in the policy and it should be reassigned to it. We dropped almost all the debian specific patches that were applied to the package in the past because it was impossible for us to keep a such huge delta with upstream. Unfortunately upstream doesn't have ATM (people are working on it IIRC) systemd support (the patches were previously coming straight from Fedora). Bart-Jan: So what I will suggest you is the 2 following commands: semanage fcontext -a -t init_exec_t /lib/systemd/systemd restorecon -v /lib/systemd/systemd This will already help, but unfortunately not all the services will not run in the correct labels. Cheers, Laurent Bigonville -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org