> We don't support SELinux in Ubuntu (only AppArmor), That sounds more than strange: There are many hints, that Ubuntu (also) supports SELinux [1] [2].
I'm not sure how you work together with the people of AppArmor or SELinux: typically the application developers / maintainers should discuss the MAC rules with the maintainers of the appropriate MAC implementation (because those are the people who should know what the application should be allowed to). Therefore my idea was, that you tell those people: my application needs those rules , please implement them. One thing I could imagine (after reading your answer) is, that this bug might be related to the selinux-policy-default package? I'm somewhat convinced, that the problem is Ubuntu-related: the appropriate policy packages were especially created for Debian / Ubuntu - this has nothing to do with the upstream systemd (therefore I see no sense in reporting this there). (I have a running Debian Jessie using systemd with SELinux set to enforcing for a year now - without these problems.) Would it be possible that you discuss this with the SELinux-Ubuntu people, how to handle such kind of problem? [1] https://wiki.ubuntu.com/Security/Features [2] http://packages.ubuntu.com/search?keywords=selinux&searchon=names&suite=xenial§ion=all -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to systemd in Ubuntu. https://bugs.launchpad.net/bugs/1563354 Title: systemd-tmpfiles-setup.service fails after switching SELinux to enforcing Status in systemd package in Ubuntu: New Bug description: After switching SELinux to enforcing, the systemd-tmpfiles- setup.service failed: Mar 29 16:12:42 systemd-tmpfiles[546]: [/usr/lib/tmpfiles.d/var.conf:14] Duplicate line for path "/var/log", ignoring. Mar 29 16:12:42 systemd-tmpfiles[546]: Unable to fix SELinux security context of /var: Permission denied Mar 29 16:12:42 systemd-tmpfiles[546]: Unable to fix SELinux security context of /var/log: Permission denied Mar 29 16:12:42 systemd-tmpfiles[546]: Unable to fix SELinux security context of /var/lib: Permission denied Mar 29 16:12:42 systemd-tmpfiles[546]: Unable to fix SELinux security context of /home: Permission denied Mar 29 16:12:42 systemd-tmpfiles[546]: Unable to fix SELinux security context of /srv: Permission denied Mar 29 16:12:42 systemd-tmpfiles[546]: Unable to fix SELinux security context of /var/lib/systemd: Permission denied Mar 29 16:12:42 systemd-tmpfiles[546]: Unable to fix SELinux security context of /var/lib/systemd/coredump: Permission denied Mar 29 16:12:43 systemd-tmpfiles[546]: Unable to fix SELinux security context of /var/cache: Permission denied Mar 29 16:12:43 systemd[1]: systemd-tmpfiles-setup.service: Main process exited, code=exited, status=1/FAILURE Mar 29 16:12:43 systemd[1]: Failed to start Create Volatile Files and Directories. Mar 29 16:12:43 systemd[1]: systemd-tmpfiles-setup.service: Unit entered failed state. Mar 29 16:12:43 systemd[1]: systemd-tmpfiles-setup.service: Failed with result 'exit-code'. No further AVC or audit.log is logged. When manually setting 'setenforce 0' and starting this service, it obviously works fine. My environment: # lsb_release -rd Description: Ubuntu Xenial Xerus (development branch) Release: 16.04 (Build / packages from last night) # apt-cache policy systemd systemd: Installed: 229-3ubuntu1 Candidate: 229-3ubuntu1 If you need more infos, please drop a short note. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1563354/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : [email protected] Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
