$UID directories are created with type tmpfs_t on SE Linux

Michael Biebl Sun, 18 Jan 2015 12:33:50 -0800

control: tags -1 moreinfo help
control: tags 775613 moreinfo help

Am 18.01.2015 um 08:06 schrieb Russell Coker:
> # grep auditallow local.te
> auditallow domain tmpfs_t:dir create;
> # grep granted /var/log/audit/audit.log
> type=AVC msg=audit(1421563773.398:239): avc:  granted  { create } for  
> pid=4302 comm="systemd" name="systemd" scontext=system_u:system_r:init_t:s0 
> tcontext=system_u:object_r:tmpfs_t:s0 tclass=dir
> type=AVC msg=audit(1421563773.398:240): avc:  granted  { create } for  
> pid=4302 comm="systemd" name="generator" scontext=system_u:system_r:init_t:s0 
> tcontext=system_u:object_r:tmpfs_t:s0 tclass=dir
> type=AVC msg=audit(1421563773.398:241): avc:  granted  { create } for  
> pid=4302 comm="systemd" name="generator.early" 
> scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:tmpfs_t:s0 
> tclass=dir
> type=AVC msg=audit(1421563773.398:242): avc:  granted  { create } for  
> pid=4302 comm="systemd" name="generator.late" 
> scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:tmpfs_t:s0 
> tclass=dir
> # ls -laZ /run/user
> total 0
> drwxr-xr-x.  4 root root system_u:object_r:var_auth_t:SystemLow   80 Jan 18 
> 17:58 .
> drwxr-xr-x. 26 root root system_u:object_r:var_run_t:SystemLow  1080 Jan 18 
> 17:58 ..
> drwx------.  3 root root system_u:object_r:var_auth_t:SystemLow   60 Jan 18 
> 17:34 0
> drwx------.  3 rjc  rjc  system_u:object_r:tmpfs_t:SystemLow      60 Jan 18 
> 17:58 1001
> 
> I have an auditallow rule to audit creation of tmpfs_t directories.  As you 
> can
> see systemd creates such directories when I login. The directory "0" has the
> correct context because I ran "restorecon" but the directory "1001" has the
> wrong context because I just logged in as that user.
> 
> There are no auto trans rules to give it the type tmpfs_t and the 
> file_contexts
> also specify var_auth_t.  I think that systemd is requesting tmpfs_t as the
> type.


Hi Russel,

unfortunately I don't have any selinux knowledge at all, so I don't have
the slightest idea how this (or your earlier bug #775613) should be
addressed.

Help is most welcome.

Michael



-- 
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?

signature.asc
Description: OpenPGP digital signature

_______________________________________________
Pkg-systemd-maintainers mailing list
[email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-systemd-maintainers

Bug#775651: systemd: /run/user/$UID directories are created with type tmpfs_t on SE Linux

Reply via email to