From mboxrd@z Thu Jan 1 00:00:00 1970 From: Ricardo Wurmus Subject: Re: SELinux log Date: Sat, 08 Jun 2019 09:03:05 +0200 Message-ID: <87a7es8spi.fsf@elephly.net> References: <87sgsocqx5.fsf@elephly.net> <87k1dyk33n.fsf@elephly.net> <87ef4586oh.fsf@elephly.net> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Return-path: Received: from eggs.gnu.org ([2001:470:142:3::10]:46908) by lists.gnu.org with esmtp (Exim 4.86_2) (envelope-from ) id 1hZVNv-0007wI-QW for guix-devel@gnu.org; Sat, 08 Jun 2019 03:03:28 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1hZVNu-00009u-MB for guix-devel@gnu.org; Sat, 08 Jun 2019 03:03:27 -0400 Received: from sender4-of-o53.zoho.com ([136.143.188.53]:21344) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1hZVNt-00008d-BI for guix-devel@gnu.org; Sat, 08 Jun 2019 03:03:26 -0400 In-reply-to: List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: "Guix-devel" To: Laura Lazzati Cc: Guix-devel Hi Laura, > --8<---------------cut here---------------start------------->8--- > type=3DFS_RELABEL msg=3Daudit(1559947443.686:26389): pid=3D2658 uid=3D0 a= uid=3D1000 > ses=3D3 subj=3Dunconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 > msg=3D'op=3Dmass relabel exe=3D"/usr/sbin/setfiles" > hostname=3Dlocalhost.localdomain addr=3D? terminal=3Dpts/1 res=3Dfailed'U= ID=3D"root" > AUID=3D"laura" > type=3DMAC_POLICY_LOAD msg=3Daudit(1559947618.423:26390): auid=3D1000 ses= =3D3 > lsm=3Dselinux res=3D1AUID=3D"laura" > > type=3DUSER_AVC msg=3Daudit(1559947745.466:39283): pid=3D1 uid=3D0 auid= =3D4294967295 > ses=3D4294967295 subj=3Dsystem_u:system_r:init_t:s0 msg=3D'avc: received > policyload notice (seqno=3D3) exe=3D"/usr/lib/systemd/systemd" sauid=3D0 > hostname=3D? addr=3D? terminal=3D?'UID=3D"root" AUID=3D"unset" SAUID=3D"r= oot" > type=3DUSER_AVC msg=3Daudit(1559947745.467:39284): pid=3D1 uid=3D0 auid= =3D4294967295 > ses=3D4294967295 subj=3Dsystem_u:system_r:init_t:s0 msg=3D'avc: received > policyload notice (seqno=3D4) exe=3D"/usr/lib/systemd/systemd" sauid=3D0 > hostname=3D? addr=3D? terminal=3D?'UID=3D"root" AUID=3D"unset" SAUID=3D"r= oot" > type=3DAVC msg=3Daudit(1559947746.785:39285): avc: denied { relabelto } = for > pid=3D2688 comm=3D"restorecon" name=3D"guix" dev=3D"dm-0" ino=3D311508 > scontext=3Dunconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 > tcontext=3Dunconfined_u:object_r:guix_daemon.guix_daemon_conf_t:s0 tclass= =3Ddir > permissive=3D0 > type=3DAVC msg=3Daudit(1559947746.787:39286): avc: denied { relabelto } = for > pid=3D2688 comm=3D"restorecon" name=3D"acl" dev=3D"dm-0" ino=3D306189 > scontext=3Dunconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 > tcontext=3Dunconfined_u:object_r:guix_daemon.guix_daemon_conf_t:s0 > tclass=3Dfile permissive=3D0 > --8<---------------cut here---------------end--------------->8--- Uhm, that=E2=80=99s weird, but you=E2=80=99re not in permissive mode, are y= ou? What does =E2=80=9Cgetenforce=E2=80=9D say? To relabel your whole file system according to installed policies run this: touch /.autorelabel reboot as root. Upon rebooting all your files will be relabeled. Before doing this better double check that the guix-daemon policy has in fact been installed, because labeling takes a very long time. -- Ricardo