Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 397535

Summary: dracut fails to create initramfs on SELinux systems when not using unconfined
Product: Gentoo Linux Reporter: Sven Vermeulen (RETIRED) <swift>
Component: HardenedAssignee: SE Linux Bugs <selinux>
Status: VERIFIED FIXED    
Severity: normal    
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard:
Package list:
Runtime testing required: ---

Description Sven Vermeulen (RETIRED) gentoo-dev 2012-01-03 19:44:27 UTC 
When the policy loaded doesn't allow unconfined domains, then dracut fails to create and manage initramfs files as it doesn't hold the necessary privileges to work (amongst other things) with /var/tmp (actually, transition towards depmod which fails to work in /var/tmp). Looks like dracut might need its own domain.

Reproducible: Always

Steps to Reproduce:
~# dracut "" 3.1.6-hardened
Actual Results:  
Fails with "Unable to read file /var/tmp/...", AVC denials show that depmod cannot get attributes.


Will put up a dracut_t domain to work with.
Comment 1 Sven Vermeulen (RETIRED) gentoo-dev 2012-01-03 22:50:49 UTC 
selinux-dracut module will be up with rev11 of base policy
Comment 2 Sven Vermeulen (RETIRED) gentoo-dev 2012-01-29 09:36:21 UTC 
Is ~arch since 2012/01/03
Comment 3 Sven Vermeulen (RETIRED) gentoo-dev 2012-02-26 10:09:51 UTC 
Stabilized