On 23 Jan 2017 14:41, "Russell Coker" <russell@xxxxxxxxxxxx> wrote:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851143
I've filed a Debian bug report about systemd not using the context= mount
option.
root@swssmtp:/tmp# grep unlabeled_t /var/log/audit/audit.log|head -1
type=AVC msg=audit(1484976198.164:160): avc: denied { search } for pid=1090
comm="maildrop" name="/" dev="0:40" ino=256
scontext=system_u:system_r:procmail_t:s0
tcontext=system_u:object_r:unlabeled_t:s0 tclass=dir permissive=0
root@swssmtp:/tmp# grep unlabeled_t /var/log/audit/audit.log|tail -1
type=AVC msg=audit(1484976262.152:222): avc: denied { search } for pid=1173
comm="maildrop" name="/" dev="0:40" ino=256
scontext=system_u:system_r:procmail_t:s0
tcontext=system_u:object_r:unlabeled_t:s0 tclass=dir permissive=0
Also I've got a problem with kernel 4.9.2 apparently having an NFS mount as
unlabeled_t for a minute after it's first mounted.
What NFS version? I am working on a bug I have with labelled NFS v4.2 where it starts as unlabelled and only gets the right context after getattr is done on it (which is hard cuz not much has perms towards unlabelled_t)
--
My Main Blog http://etbe.coker.com.au/
My Documents Blog http://doc.coker.com.au/
_______________________________________________
Selinux mailing list
Selinux@xxxxxxxxxxxxx
To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx.
To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
_______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
