From mboxrd@z Thu Jan 1 00:00:00 1970 From: Laura Lazzati Subject: Re: SELinux log Date: Fri, 7 Jun 2019 20:08:18 -0300 Message-ID: References: <87sgsocqx5.fsf@elephly.net> <87k1dyk33n.fsf@elephly.net> <87ef4586oh.fsf@elephly.net> Mime-Version: 1.0 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Return-path: Received: from eggs.gnu.org ([2001:470:142:3::10]:39555) by lists.gnu.org with esmtp (Exim 4.86_2) (envelope-from ) id 1hZNyn-0001ku-5l for guix-devel@gnu.org; Fri, 07 Jun 2019 19:09:02 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1hZNyl-0007nh-F3 for guix-devel@gnu.org; Fri, 07 Jun 2019 19:09:01 -0400 Received: from mail-wm1-x342.google.com ([2a00:1450:4864:20::342]:53953) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1hZNyk-0007hv-GZ for guix-devel@gnu.org; Fri, 07 Jun 2019 19:08:59 -0400 Received: by mail-wm1-x342.google.com with SMTP id x15so3495400wmj.3 for ; Fri, 07 Jun 2019 16:08:56 -0700 (PDT) In-Reply-To: <87ef4586oh.fsf@elephly.net> List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: "Guix-devel" To: Ricardo Wurmus Cc: Guix-devel Hi! > Thank you, the log is helpful (even though it looks like your mail > client reformatted it, which makes it very hard to read). Sorry for that :/ > Did you run =E2=80=9Crestorecon=E2=80=9D on the store to recursively labe= l all files? I did, but I have just found that you are right, looking at the log that it is not labeling properly (I am running the commands like they are in the manual, with the proper path to the policy, and `restorecon -r /`), weird, see: --8<---------------cut here---------------start------------->8--- type=3DFS_RELABEL msg=3Daudit(1559947443.686:26389): pid=3D2658 uid=3D0 auid=3D1000 ses=3D3 subj=3Dunconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg=3D'op=3Dmass relabel exe=3D"/usr/sbin/setfiles" hostname=3Dlocalhost.localdomain addr=3D? terminal=3Dpts/1 res=3Dfailed'UID=3D"root" AUID=3D"laura" type=3DMAC_POLICY_LOAD msg=3Daudit(1559947618.423:26390): auid=3D1000 ses= =3D3 lsm=3Dselinux res=3D1AUID=3D"laura" addr=3D? terminal=3D?'UID=3D"dbus" AUID=3D"unset" SAUID=3D"dbus" type=3DUSER_AVC msg=3Daudit(1559947745.466:39283): pid=3D1 uid=3D0 auid=3D4294967295 ses=3D4294967295 subj=3Dsystem_u:system_r:init_t:s0 msg=3D'avc: received policyload notice (seqno=3D3) exe=3D"/usr/lib/systemd/systemd" sauid=3D0 hostname=3D? addr=3D? terminal=3D?'UID=3D"root" AUID=3D"unset" SAUID=3D"root" type=3DUSER_AVC msg=3Daudit(1559947745.467:39284): pid=3D1 uid=3D0 auid=3D4294967295 ses=3D4294967295 subj=3Dsystem_u:system_r:init_t:s0 msg=3D'avc: received policyload notice (seqno=3D4) exe=3D"/usr/lib/systemd/systemd" sauid=3D0 hostname=3D? addr=3D? terminal=3D?'UID=3D"root" AUID=3D"unset" SAUID=3D"root" type=3DAVC msg=3Daudit(1559947746.785:39285): avc: denied { relabelto } for pid=3D2688 comm=3D"restorecon" name=3D"guix" dev=3D"dm-0" ino=3D311508 scontext=3Dunconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=3Dunconfined_u:object_r:guix_daemon.guix_daemon_conf_t:s0 tclass=3Ddir permissive=3D0 type=3DAVC msg=3Daudit(1559947746.787:39286): avc: denied { relabelto } for pid=3D2688 comm=3D"restorecon" name=3D"acl" dev=3D"dm-0" ino=3D306189 scontext=3Dunconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=3Dunconfined_u:object_r:guix_daemon.guix_daemon_conf_t:s0 tclass=3Dfile permissive=3D0 --8<---------------cut here---------------end--------------->8--- And taking a look at /gnu I get: d?????????? ? ? ? ? ? gnu :S Regards :) Laura