Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 445196 - sec-policy/selinux-bind-2.20120725-r8: missing init_daemon_run_dir
Summary: sec-policy/selinux-bind-2.20120725-r8: missing init_daemon_run_dir
Status: VERIFIED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: SELinux (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Sven Vermeulen (RETIRED)
URL:
Whiteboard: sec-policy r9
Keywords:
Depends on:
Blocks:
 
Reported: 2012-11-29 12:54 UTC by Vincent Brillault
Modified: 2013-01-19 21:18 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Vincent Brillault 2012-11-29 12:54:59 UTC 
The /run/named folder is now created by the init script ('checkpath -q -d -o root:named -m 0770 "${piddir}"') but there is no corresponding init_daemon_run_dir rule. As a result, named doesn't starts ("exiting (due to fatal error)") because of the following avs:

[   21.287321] type=1400 audit(1354165077.761:203): avc:  denied  { getattr } for  pid=1918 comm="named" path="/run/named" dev="tmpfs" ino=4651 scontext=system_u:system_r:named_t tcontext=system_u:object_r:initrc_var_run_t tclass=dir
[   21.288670] type=1400 audit(1354165077.762:204): avc:  denied  { search } for  pid=1918 comm="named" name="named" dev="tmpfs" ino=4651 scontext=system_u:system_r:named_t tcontext=system_u:object_r:initrc_var_run_t tclass=dir
[   21.290563] type=1400 audit(1354165077.764:205): avc:  denied  { getattr } for  pid=1918 comm="named" path="/run/named" dev="tmpfs" ino=4651 scontext=system_u:system_r:named_t tcontext=system_u:object_r:initrc_var_run_t tclass=dir
[   21.290783] type=1400 audit(1354165077.764:206): avc:  denied  { search } for  pid=1918 comm="named" name="named" dev="tmpfs" ino=4651 scontext=system_u:system_r:named_t tcontext=system_u:object_r:initrc_var_run_t tclass=dir

Adding 'init_daemon_run_dir(named_var_run_t, "named")' fixes the issue
Comment 1 Sven Vermeulen (RETIRED) gentoo-dev 2012-11-29 18:58:42 UTC 
Thanks! Made available in the repo, will be in r9
Comment 2 Sven Vermeulen (RETIRED) gentoo-dev 2012-12-17 18:54:14 UTC 
r9 in hardened-dev overlay
Comment 3 Sven Vermeulen (RETIRED) gentoo-dev 2012-12-21 20:53:13 UTC 
r9 in main repo, ~arch'ed
Comment 4 Sven Vermeulen (RETIRED) gentoo-dev 2013-01-19 21:18:50 UTC 
Forgot to mention... stabilized a while ago ;)