Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 516238 - selinux-nut-2.20140311-r3 & sys-power/nut-2.6.5-r1: upsdrv running as system_u:system_r:initrc_t
Summary: selinux-nut-2.20140311-r3 & sys-power/nut-2.6.5-r1: upsdrv running as system_...
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: SELinux (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Sven Vermeulen (RETIRED)
URL:
Whiteboard: sec-policy r4
Keywords:
Depends on:
Blocks:
 
Reported: 2014-07-03 21:41 UTC by Vincent Brillault
Modified: 2014-08-22 17:50 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Vincent Brillault 2014-07-03 21:41:47 UTC 
After restarting upsdrv, the resulting process runs as initrc_t:
system_u:system_r:initrc_t      nut       9026  0.0  0.0  27572   940 ?        Ss   Jun29   2:31 /lib64/nut/usbhid-ups -a Belegaer

The root cause seems to be that /usr/sbin/upsdrvctl is a link to /lib64/nut/upsdrvctl on my system and thus, the file definitions from nut.fc do not apply:
/usr/sbin/upsdrvctl     --      gen_context(system_u:object_r:nut_upsdrvctl_exec_t,s0)

Doing a simple "chcon system_u:object_r:nut_upsdrvctl_exec_t /lib64/nut/upsdrvctl" solves (temporary at least) the issue (after a run_init /etc/init.d/upsdrv restart):
system_u:system_r:nut_upsdrvctl_t nut    29483  0.0  0.0  27572   944 ?        Ss   23:33   0:00 /lib64/nut/usbhid-ups -a Belegaer

Thanks in advance!
Comment 1 Sven Vermeulen (RETIRED) gentoo-dev 2014-07-05 16:27:27 UTC 
Thanks, added to our tree.

Available in -9999 ebuilds, will be in r4
Comment 2 Sven Vermeulen (RETIRED) gentoo-dev 2014-08-01 21:13:44 UTC 
r4 is in the tree (~arch)
Comment 3 Sven Vermeulen (RETIRED) gentoo-dev 2014-08-22 17:50:44 UTC 
r5 is stable