Hello,
I just got the following bugreport in debian that I've been able to
reproduce myself:
When booting with a kernel cmdline 'security=selinux' and a
/etc/selinux/config setting 'SELINUX=disabled', dbus fails to start
and thereby systemd-logind and the system is unusable:
Jun 08 16:23:43 server02 systemd[1]: Started D-Bus System Message Bus.
Jun 08 16:23:43 server02 dbus-daemon[703]: Failed to set up security
class mapping (selinux_set_mapping():Invalid argument).
Jun 08 16:24:08 server02 systemd[1]: dbus.service: Main process
exited, code=exited, status=1/FAILURE
Jun 08 16:24:08 server02 systemd[1]: dbus.service: Unit entered failed state.
Jun 08 16:24:08 server02 systemd[1]: dbus.service: Failed with result
'exit-code'.
When accessing the system using a debug shell, I can see that the
selinuxfs is mounted and sestatus is telling me that selinux is enabled.
I can manually unmount the selinuxfs and then sestatus is telling me
that selinux is disabled on the system.
Looking quickly at the code, the selinux_init_load_policy() function
(which is used in systemd) is supposed to unmount the selinuxfs itself
if the SELINUX parameter is set to disabled in /etc/selinux/config file.
I'm not too sure why it's not happening or maybe something else is
remounting it? I don't think anything else on the system is trying to
load the policy though.
An idea?
Laurent Bigonville
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864479
