Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 821520 - sys-apps/openrc-0.44.7: openrc-init does not initialize SELinux policy
Summary: sys-apps/openrc-0.44.7: openrc-init does not initialize SELinux policy
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: OpenRC Team
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2021-11-03 19:28 UTC by Jonathan Davies
Modified: 2021-11-13 18:58 UTC (History)
3 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
openrc-init selinux dmesg (dmesg-openrc-init,2.95 KB, text/plain)
2021-11-03 19:28 UTC, Jonathan Davies 		Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Jonathan Davies 2021-11-03 19:28:38 UTC 
Created attachment 748314 [details]
openrc-init selinux dmesg

I just upgraded an SELinux box to openrc-0.44.7 and had some bizarre failures on it... I then found that SELinux wasn't being correctly initialized by openrc-init.

I reverted over to normal sysvinit init and everything came up fine with:

[    0.000000] Command line: BOOT_IMAGE=/@/vmlinuz-5.10.75-gentoo-dist root=ZFS=/system/root ro console=tty0 console=ttyS0,115200n8 lsm=selinux,yama root=ZFS=rpool/system/root
[    0.079506] Kernel command line: BOOT_IMAGE=/@/vmlinuz-5.10.75-gentoo-dist root=ZFS=/system/root ro console=tty0 console=ttyS0,115200n8 lsm=selinux,yama root=ZFS=rpool/system/root
[    1.110085] SELinux:  Initializing.
[    5.658662] evm: security.selinux
[    8.581227] SELinux:  policy capability network_peer_controls=1
[    8.587195] SELinux:  policy capability open_perms=1
[    8.592173] SELinux:  policy capability extended_socket_class=1
[    8.598103] SELinux:  policy capability always_check_network=0
[    8.603952] SELinux:  policy capability cgroup_seclabel=1
[    8.609359] SELinux:  policy capability nnp_nosuid_transition=1
[    8.615297] SELinux:  policy capability genfs_seclabel_symlinks=0
[    8.707174] audit: type=1403 audit(1635967004.889:2): auid=4294967295 ses=4294967295 lsm=selinux res=1

Attached is dmesg from the openrc-init run, where only the first SELinux line is shown.
Comment 1 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2021-11-13 04:43:11 UTC 
Does https://github.com/OpenRC/openrc/commit/a850651f5ce29a37574f7d76ae40ef9e1d2d4a62 help at all? It is in 0.44.8.
Comment 2 William Hubbs gentoo-dev 2021-11-13 18:58:38 UTC 
This is fixed in 0.44.8.