Seems like they changed location of udev binary due to merging udev with systemd * Starting udev ... Failed to initialize SELinux context: Permission denied error getting socket: Permission denied error initializing netlink socket error initializing netlink socket * start-stop-daemon: failed to start `/usr/lib/systemd/systemd-udevd’ * Failed to start udev * ERROR: udev failed to start ls -lZ /usr/lib/systemd/systemd-udevd -rwxr-xr-x. 1 root root system_u:object_r:lib_t 202896 Jul 15 15:46 /usr/lib/systemd/systemd-udevd In enforcing: Jul 17 10:29:11 lain kernel: [ 14.334421] type=1400 audit(1342513745.096:3): avc: denied { create } for pid=1342 comm="systemd-udevd" scontext=system_u:system_r:initrc_t tcontext=system_u:system_r:initrc_t tclass=netlink_kobject_uevent_socket In permissive: Jul 17 10:44:44 lain kernel: [ 16.281545] type=1400 audit(1342514679.603:115): avc: denied { read } for pid=1347 comm="systemd-udevd" name="13" dev="tmpfs" ino=3297 scontext=system_u:system_r:initrc_t tcontext=system_u:object_r:udev_var_run_t tclass=lnk_file Jul 17 10:45:04 lain kernel: [ 40.765779] type=1400 audit(1342514704.136:134): avc: denied { read } for pid=2145 comm="X" name="c13:67" dev="tmpfs" ino=2326 scontext=staff_u:staff_r:xserver_t tcontext=system_u:object_r:udev_var_run_t tclass=file Jul 17 10:45:04 lain kernel: [ 40.765804] type=1400 audit(1342514704.136:135): avc: denied { open } for pid=2145 comm="X" name="c13:67" dev="tmpfs" ino=2326 scontext=staff_u:staff_r:xserver_t tcontext=system_u:object_r:udev_var_run_t tclass=file Jul 17 10:45:04 lain kernel: [ 40.765832] type=1400 audit(1342514704.136:136): avc: denied { getattr } for pid=2145 comm="X" path="/run/udev/data/c13:67" dev="tmpfs" ino=2326 scontext=staff_u:staff_r:xserver_t tcontext=system_u:object_r:udev_var_run_t tclass=file Reproducible: Always Portage 2.1.11.7 (hardened/linux/amd64/selinux, gcc-4.6.3, glibc-2.15-r2, 3.4.4-hardened-r2 x86_64) ================================================================= System uname: Linux-3.4.4-hardened-r2-x86_64-Intel-R-_Core-TM-_i3_CPU_M_350_@_2.27GHz-with-gentoo-2.1 Timestamp of tree: Sat, 14 Jul 2012 10:30:01 +0000 app-shells/bash: 4.2_p36 dev-lang/python: 2.7.3-r2, 3.2.3-r1 dev-util/cmake: 2.8.8-r3 dev-util/pkgconfig: 0.27 sys-apps/baselayout: 2.1-r1 sys-apps/openrc: 0.10.5 sys-apps/sandbox: 2.6 sys-devel/autoconf: 2.13, 2.69 sys-devel/automake: 1.9.6-r3, 1.11.6, 1.12.2 sys-devel/binutils: 2.22-r1 sys-devel/gcc: 4.5.3-r2, 4.6.3 sys-devel/gcc-config: 1.7.3 sys-devel/libtool: 2.4.2 sys-devel/make: 3.82-r3 sys-kernel/linux-headers: 3.4-r1 (virtual/os-headers) sys-libs/glibc: 2.15-r2 Repositories: gentoo hardened-dev my_local_overlay ACCEPT_KEYWORDS="amd64 ~amd64" ACCEPT_LICENSE="* -@EULA AdobeFlash-10.3 PUEL" CBUILD="x86_64-pc-linux-gnu" CFLAGS="-march=native -O2 -pipe" CHOST="x86_64-pc-linux-gnu" CONFIG_PROTECT="/etc" CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/php/apache2-php5.4/ext-active/ /etc/php/cgi-php5.4/ext-active/ /etc/php/cli-php5.4/ext-active/ /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo" CXXFLAGS="-march=native -O2 -pipe" DISTDIR="/usr/portage/distfiles" FCFLAGS="-O2 -pipe" FEATURES="assume-digests binpkg-logs config-protect-if-modified distlocks ebuild-locks fixlafiles news parallel-fetch parse-eapi-ebuild-head protect-owned sandbox selinux sesandbox sfperms strict unknown-features-warn unmerge-logs unmerge-orphans userfetch" FFLAGS="-O2 -pipe" GENTOO_MIRRORS="http://distfiles.gentoo.org" LANG="en_US.utf8" LDFLAGS="-Wl,-O1 -Wl,--as-needed" MAKEOPTS="-j5" PKGDIR="/usr/portage/packages" PORTAGE_CONFIGROOT="/" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --human-readable --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/var/lib/layman/hardened-development /usr/local/portage" SYNC="rsync://rsync.gentoo.org/gentoo-portage" USE="X acpi alsa amd64 apache2 bash-completion berkdb bluetooth bzip2 cli cracklib crypt cxx dbus dri gdbm gif gpm hardened iconv ipv6 jpeg justify mmx modules mp3 mudflap multilib mysql mysqli ncurses nls nptl open_perms opengl openmp pam pax_kernel pcre png pppd readline selinux session sse sse2 sse3 sse4_1 sse4_2 ssl ssse3 tcpd tiff udev unicode urandom vim-syntax xinerama xorg zlib" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" CALLIGRA_FEATURES="kexi words flow plan sheets stage tables krita karbon braindump" CAMERAS="ptp2" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf superstar2 timing tsip tripmate tnt ubx" INPUT_DEVICES="keyboard mouse evdev" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LIBREOFFICE_EXTENSIONS="presenter-console presenter-minimizer" PHP_TARGETS="php5-3" PYTHON_TARGETS="python3_2 python2_7" RUBY_TARGETS="ruby18 ruby19" USERLAND="GNU" VIDEO_CARDS="nouveau" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account" Unset: CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LC_ALL, LINGUAS, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS, USE_PYTHON
If you change the label for this binary (I think it needs to become udev_exec_t but you can verify this using "semanage fcontext -l | grep udevd"), does that resolve it again? And also: seriously? Ffs...
With udev_exec_t it seems to boot ok
Thanks, will be fixed in rev15
Is in hardened-dev overlay. You will need to relabel udev though
In main tree, ~arched
stabilized