Hello everyone, does anybody have an idea about this bug? https://bugs.gentoo.org/show_bug.cgi?id=457618 It looks like help from SELinux kernel developers would be really helpful here, as everything is going on in-kernel here. It would be especially helpful if someone could explain why there are no avc denial messages. If it helps, this is the userland script which mounts the cgroup filesystems and therefore causes the messages: local agent="/lib64/rc/sh/cgroup-release-agent.sh" mkdir /sys/fs/cgroup/openrc mount -n -t cgroup \ -o none,nodev,noexec,nosuid,name=openrc,release_agent="$agent" \ openrc /sys/fs/cgroup/openrc echo 1 > /sys/fs/cgroup/openrc/notify_on_release yesno ${rc_controller_cgroups:-YES} && [ -e /proc/cgroups ] || return 0 while read name hier groups enabled rest; do case "${enabled}" in 1) mkdir /sys/fs/cgroup/${name} mount -n -t cgroup -o nodev,noexec,nosuid,${name} \ ${name} /sys/fs/cgroup/${name} ;; esac done < /proc/cgroups The "echo 1" line yields a "permission denied" error, but apart from that there are no other messages. If you need more details, just ask me. Any feedback will be greatly appreciated! Regards, Luis "aranea" Ressel
Attachment:
signature.asc
Description: PGP signature
