Control: tags -1 + confirmed On Fri, 20 Jan 2017 15:39:14 +1100 Russell Coker <russ...@coker.com.au> wrote: > Package: udev > Version: 232-12 > Severity: normal > > The command "systemd-hwdb --usr update" as run from > /var/lib/dpkg/info/udev.postinst creates the file /lib/udev/hwdb.bin and > assigns it the SE Linux context "system_u:object_r:default_t:s0" when it > should have "system_u:object_r:bin_t:s0" with the current policy.
I've setup a test stretch VM enabling SELinux following the instructions from [1] and can reproduce the issue. Running "systemd-hwdb --usr update" creates the cache file as /lib/udev/hwdb.bin with context "system_u:object_r:default_t:s0". Running "systemd-hwdb update" creates the cache file as /etc/udev/hwdb.bin with context "system_u:object_r:etc_t:s0", which seems to be the correct context (as restorecon doesn't change it). The selinux context should be set by label_fix: https://github.com/systemd/systemd/blob/master/src/hwdb/hwdb.c#L682 I haven't debugged yet, why that doesn't work for --usr. [1] https://wiki.debian.org/SELinux/Setup -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth?
signature.asc
Description: OpenPGP digital signature
