Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 696818 - sys-libs/musl-1.1.23 /etc/ld-musl-x86_64.path ldconfig_tmp_t avc errors
Summary: sys-libs/musl-1.1.23 /etc/ld-musl-x86_64.path ldconfig_tmp_t avc errors
Status: UNCONFIRMED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: SELinux (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: SE Linux Bugs
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2019-10-06 02:42 UTC by lupus
Modified: 2019-10-06 02:42 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description lupus 2019-10-06 02:42:27 UTC
I installed musl/hardened from the stage3 tarball. From there I switched to the musl/hardened/selinux profile and updated @world and followed various SELinux guides.
I am intending to run my system on a strict policy.
Right now it is still in a permissive state, as I'm trying to squash all the errors.
Upon booting my system, I get a huge amount of AVC errors. Most of them relating to /etc/ld-musl-x86_64.path, so i will post them here:
type=AVC msg=audit(1570326927.632:217): avc:  denied  { read } for  pid=20535 comm="init" name="ld-musl-x86_64.path" dev="md0p1" ino=5505026 scontext=sysadm_u:sysadm_r:shutdown_t tcontext=sysadm_u:object_r:ldconfig_tmp_t tclass=file permissive=1
type=AVC msg=audit(1570326927.632:217): avc:  denied  { open } for  pid=20535 comm="init" path="/etc/ld-musl-x86_64.path" dev="md0p1" ino=5505026 scontext=sysadm_u:sysadm_r:shutdown_t tcontext=sysadm_u:object_r:ldconfig_tmp_t tclass=file permissive=1
type=AVC msg=audit(1570326928.635:218): avc:  denied  { read } for  pid=20539 comm="telinit" name="ld-musl-x86_64.path" dev="md0p1" ino=5505026 scontext=system_u:system_r:init_t tcontext=sysadm_u:object_r:ldconfig_tmp_t tclass=file permissive=1
type=AVC msg=audit(1570326928.635:218): avc:  denied  { open } for  pid=20539 comm="telinit" path="/etc/ld-musl-x86_64.path" dev="md0p1" ino=5505026 scontext=system_u:system_r:init_t tcontext=sysadm_u:object_r:ldconfig_tmp_t tclass=file permissive=1
type=AVC msg=audit(1570326928.661:219): avc:  denied  { read } for  pid=20542 comm="local" name="ld-musl-x86_64.path" dev="md0p1" ino=5505026 scontext=system_u:system_r:initrc_t tcontext=sysadm_u:object_r:ldconfig_tmp_t tclass=file permissive=1
type=AVC msg=audit(1570326928.661:219): avc:  denied  { open } for  pid=20542 comm="local" path="/etc/ld-musl-x86_64.path" dev="md0p1" ino=5505026 scontext=system_u:system_r:initrc_t tcontext=sysadm_u:object_r:ldconfig_tmp_t tclass=file permissive=1
type=AVC msg=audit(1570326928.676:220): avc:  denied  { read } for  pid=20565 comm="cgroup-release-" name="ld-musl-x86_64.path" dev="md0p1" ino=5505026 scontext=system_u:system_r:openrc_cgroup_release_t tcontext=sysadm_u:object_r:ldconfig_tmp_t tclass=file permissive=1
type=AVC msg=audit(1570326928.676:220): avc:  denied  { open } for  pid=20565 comm="cgroup-release-" path="/etc/ld-musl-x86_64.path" dev="md0p1" ino=5505026 scontext=system_u:system_r:openrc_cgroup_release_t tcontext=sysadm_u:object_r:ldconfig_tmp_t tclass=file permissive=1
type=AVC msg=audit(1570326929.009:222): avc:  denied  { read } for  pid=20722 comm="umount" name="ld-musl-x86_64.path" dev="md0p1" ino=5505026 scontext=system_u:system_r:mount_t tcontext=sysadm_u:object_r:ldconfig_tmp_t tclass=file permissive=1
type=AVC msg=audit(1570326929.009:222): avc:  denied  { open } for  pid=20722 comm="umount" path="/etc/ld-musl-x86_64.path" dev="md0p1" ino=5505026 scontext=system_u:system_r:mount_t tcontext=sysadm_u:object_r:ldconfig_tmp_t tclass=file permissive=1
type=AVC msg=audit(1570326929.697:227): avc:  denied  { read } for  pid=21027 comm="swapoff" name="ld-musl-x86_64.path" dev="md0p1" ino=5505026 scontext=system_u:system_r:fsadm_t tcontext=sysadm_u:object_r:ldconfig_tmp_t tclass=file permissive=1
type=AVC msg=audit(1570326929.697:227): avc:  denied  { open } for  pid=21027 comm="swapoff" path="/etc/ld-musl-x86_64.path" dev="md0p1" ino=5505026 scontext=system_u:system_r:fsadm_t tcontext=sysadm_u:object_r:ldconfig_tmp_t tclass=file permissive=1
type=AVC msg=audit(1570326929.928:228): avc:  denied  { read } for  pid=21212 comm="udevadm" name="ld-musl-x86_64.path" dev="md0p1" ino=5505026 scontext=system_u:system_r:udev_t tcontext=sysadm_u:object_r:ldconfig_tmp_t tclass=file permissive=1
type=AVC msg=audit(1570326929.928:228): avc:  denied  { open } for  pid=21212 comm="udevadm" path="/etc/ld-musl-x86_64.path" dev="md0p1" ino=5505026 scontext=system_u:system_r:udev_t tcontext=sysadm_u:object_r:ldconfig_tmp_t tclass=file permissive=1
type=AVC msg=audit(1570326930.565:229): avc:  denied  { read } for  pid=21435 comm="auditctl" name="ld-musl-x86_64.path" dev="md0p1" ino=5505026 scontext=system_u:system_r:auditctl_t tcontext=sysadm_u:object_r:ldconfig_tmp_t tclass=file permissive=1
type=AVC msg=audit(1570326930.565:229): avc:  denied  { open } for  pid=21435 comm="auditctl" path="/etc/ld-musl-x86_64.path" dev="md0p1" ino=5505026 scontext=system_u:system_r:auditctl_t tcontext=sysadm_u:object_r:ldconfig_tmp_t tclass=file permissive=1
type=AVC msg=audit(1570326965.562:63): avc:  denied  { read } for  pid=4129 comm="audispd" name="ld-musl-x86_64.path" dev="md0p1" ino=5505026 scontext=system_u:system_r:audisp_t tcontext=sysadm_u:object_r:ldconfig_tmp_t tclass=file permissive=1
type=AVC msg=audit(1570326965.562:64): avc:  denied  { open } for  pid=4129 comm="audispd" path="/etc/ld-musl-x86_64.path" dev="md0p1" ino=5505026 scontext=system_u:system_r:audisp_t tcontext=sysadm_u:object_r:ldconfig_tmp_t tclass=file permissive=1
type=AVC msg=audit(1570326965.565:65): avc:  denied  { read } for  pid=4133 comm="auditctl" name="ld-musl-x86_64.path" dev="md0p1" ino=5505026 scontext=system_u:system_r:auditctl_t tcontext=sysadm_u:object_r:ldconfig_tmp_t tclass=file permissive=1
type=AVC msg=audit(1570326965.565:65): avc:  denied  { open } for  pid=4133 comm="auditctl" path="/etc/ld-musl-x86_64.path" dev="md0p1" ino=5505026 scontext=system_u:system_r:auditctl_t tcontext=sysadm_u:object_r:ldconfig_tmp_t tclass=file permissive=1
type=AVC msg=audit(1570326966.130:69): avc:  denied  { read } for  pid=4302 comm="modprobe" name="ld-musl-x86_64.path" dev="md0p1" ino=5505026 scontext=system_u:system_r:kmod_t tcontext=sysadm_u:object_r:ldconfig_tmp_t tclass=file permissive=1
type=AVC msg=audit(1570326966.130:69): avc:  denied  { open } for  pid=4302 comm="modprobe" path="/etc/ld-musl-x86_64.path" dev="md0p1" ino=5505026 scontext=system_u:system_r:kmod_t tcontext=sysadm_u:object_r:ldconfig_tmp_t tclass=file permissive=1
type=AVC msg=audit(1570326966.143:71): avc:  denied  { read } for  pid=4309 comm="dhcpcd-run-hook" name="ld-musl-x86_64.path" dev="md0p1" ino=5505026 scontext=system_u:system_r:dhcpc_script_t tcontext=sysadm_u:object_r:ldconfig_tmp_t tclass=file permissive=1
type=AVC msg=audit(1570326966.143:71): avc:  denied  { open } for  pid=4309 comm="dhcpcd-run-hook" path="/etc/ld-musl-x86_64.path" dev="md0p1" ino=5505026 scontext=system_u:system_r:dhcpc_script_t tcontext=sysadm_u:object_r:ldconfig_tmp_t tclass=file permissive=1
type=AVC msg=audit(1570326975.188:75): avc:  denied  { read } for  pid=4423 comm="mount" name="ld-musl-x86_64.path" dev="md0p1" ino=5505026 scontext=system_u:system_r:mount_t tcontext=sysadm_u:object_r:ldconfig_tmp_t tclass=file permissive=1
type=AVC msg=audit(1570326975.188:75): avc:  denied  { open } for  pid=4423 comm="mount" path="/etc/ld-musl-x86_64.path" dev="md0p1" ino=5505026 scontext=system_u:system_r:mount_t tcontext=sysadm_u:object_r:ldconfig_tmp_t tclass=file permissive=1
type=AVC msg=audit(1570326987.277:79): avc:  denied  { read } for  pid=4475 comm="unix_chkpwd" name="ld-musl-x86_64.path" dev="md0p1" ino=5505026 scontext=system_u:system_r:chkpwd_t tcontext=sysadm_u:object_r:ldconfig_tmp_t tclass=file permissive=1
type=AVC msg=audit(1570326987.277:79): avc:  denied  { open } for  pid=4475 comm="unix_chkpwd" path="/etc/ld-musl-x86_64.path" dev="md0p1" ino=5505026 scontext=system_u:system_r:chkpwd_t tcontext=sysadm_u:object_r:ldconfig_tmp_t tclass=file permissive=1
type=AVC msg=audit(1570326991.374:87): avc:  denied  { read } for  pid=4480 comm="sudo" name="ld-musl-x86_64.path" dev="md0p1" ino=5505026 scontext=sysadm_u:sysadm_r:sysadm_sudo_t tcontext=sysadm_u:object_r:ldconfig_tmp_t tclass=file permissive=1
type=AVC msg=audit(1570326991.374:87): avc:  denied  { open } for  pid=4480 comm="sudo" path="/etc/ld-musl-x86_64.path" dev="md0p1" ino=5505026 scontext=sysadm_u:sysadm_r:sysadm_sudo_t tcontext=sysadm_u:object_r:ldconfig_tmp_t tclass=file permissive=1
type=AVC msg=audit(1570326991.389:89): avc:  denied  { read } for  pid=4481 comm="unix_chkpwd" name="ld-musl-x86_64.path" dev="md0p1" ino=5505026 scontext=sysadm_u:sysadm_r:chkpwd_t tcontext=sysadm_u:object_r:ldconfig_tmp_t tclass=file permissive=1
type=AVC msg=audit(1570326991.389:89): avc:  denied  { open } for  pid=4481 comm="unix_chkpwd" path="/etc/ld-musl-x86_64.path" dev="md0p1" ino=5505026 scontext=sysadm_u:sysadm_r:chkpwd_t tcontext=sysadm_u:object_r:ldconfig_tmp_t tclass=file permissive=1
type=AVC msg=audit(1570326992.129:94): avc:  denied  { read } for  pid=4484 comm="su" name="ld-musl-x86_64.path" dev="md0p1" ino=5505026 scontext=sysadm_u:sysadm_r:sysadm_su_t tcontext=sysadm_u:object_r:ldconfig_tmp_t tclass=file permissive=1
type=AVC msg=audit(1570326992.129:94): avc:  denied  { open } for  pid=4484 comm="su" path="/etc/ld-musl-x86_64.path" dev="md0p1" ino=5505026 scontext=sysadm_u:sysadm_r:sysadm_su_t tcontext=sysadm_u:object_r:ldconfig_tmp_t tclass=file permissive=1
type=AVC msg=audit(1570327275.102:100): avc:  denied  { read } for  pid=4490 comm="dhcpcd-run-hook" name="ld-musl-x86_64.path" dev="md0p1" ino=5505026 scontext=system_u:system_r:dhcpc_script_t tcontext=sysadm_u:object_r:ldconfig_tmp_t tclass=file permissive=1
type=AVC msg=audit(1570327275.102:100): avc:  denied  { open } for  pid=4490 comm="dhcpcd-run-hook" path="/etc/ld-musl-x86_64.path" dev="md0p1" ino=5505026 scontext=system_u:system_r:dhcpc_script_t tcontext=sysadm_u:object_r:ldconfig_tmp_t tclass=file permissive=1

I tried to switch accept ~amd64 on selinux-base and selinux-base-policy, but it had had no effect.