https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851143 I've filed a Debian bug report about systemd not using the context= mount option. root@swssmtp:/tmp# grep unlabeled_t /var/log/audit/audit.log|head -1 type=AVC msg=audit(1484976198.164:160): avc: denied { search } for pid=1090 comm="maildrop" name="/" dev="0:40" ino=256 scontext=system_u:system_r:procmail_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=dir permissive=0 root@swssmtp:/tmp# grep unlabeled_t /var/log/audit/audit.log|tail -1 type=AVC msg=audit(1484976262.152:222): avc: denied { search } for pid=1173 comm="maildrop" name="/" dev="0:40" ino=256 scontext=system_u:system_r:procmail_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=dir permissive=0 Also I've got a problem with kernel 4.9.2 apparently having an NFS mount as unlabeled_t for a minute after it's first mounted. -- My Main Blog http://etbe.coker.com.au/ My Documents Blog http://doc.coker.com.au/ _______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
