Summary: | sys-apps/openrc-0.44.7: openrc-init does not initialize SELinux policy | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | Jonathan Davies <jpds> |
Component: | Current packages | Assignee: | OpenRC Team <openrc> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | gentoo, sam, selinux |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
See Also: | https://bugs.gentoo.org/show_bug.cgi?id=822642 | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- | |
Attachments: | openrc-init selinux dmesg |
Does https://github.com/OpenRC/openrc/commit/a850651f5ce29a37574f7d76ae40ef9e1d2d4a62 help at all? It is in 0.44.8. This is fixed in 0.44.8. |
Created attachment 748314 [details] openrc-init selinux dmesg I just upgraded an SELinux box to openrc-0.44.7 and had some bizarre failures on it... I then found that SELinux wasn't being correctly initialized by openrc-init. I reverted over to normal sysvinit init and everything came up fine with: [ 0.000000] Command line: BOOT_IMAGE=/@/vmlinuz-5.10.75-gentoo-dist root=ZFS=/system/root ro console=tty0 console=ttyS0,115200n8 lsm=selinux,yama root=ZFS=rpool/system/root [ 0.079506] Kernel command line: BOOT_IMAGE=/@/vmlinuz-5.10.75-gentoo-dist root=ZFS=/system/root ro console=tty0 console=ttyS0,115200n8 lsm=selinux,yama root=ZFS=rpool/system/root [ 1.110085] SELinux: Initializing. [ 5.658662] evm: security.selinux [ 8.581227] SELinux: policy capability network_peer_controls=1 [ 8.587195] SELinux: policy capability open_perms=1 [ 8.592173] SELinux: policy capability extended_socket_class=1 [ 8.598103] SELinux: policy capability always_check_network=0 [ 8.603952] SELinux: policy capability cgroup_seclabel=1 [ 8.609359] SELinux: policy capability nnp_nosuid_transition=1 [ 8.615297] SELinux: policy capability genfs_seclabel_symlinks=0 [ 8.707174] audit: type=1403 audit(1635967004.889:2): auid=4294967295 ses=4294967295 lsm=selinux res=1 Attached is dmesg from the openrc-init run, where only the first SELinux line is shown.