LinuxLists.cc - [refpolicy] strange systemctl audit messages

2014-06-26 11:20:18

Subject: [refpolicy] strange systemctl audit messages

type=USER_AVC msg=audit(1403767163.112:2422): pid=1 uid=0 auid=4294967295
ses=4294967295 subj=system_u:system_r:init_t:s0 msg='avc: denied { stop }
for auid=0 uid=0 gid=0 path="/dev/null" cmdline="systemctl stop udev.service
udev-control.socket udev-kernel.socket"
scontext=unconfined_u:unconfined_r:dpkg_script_t:s0-s0:c0.c1023
tcontext=system_u:object_r:null_device_t:s0 tclass=service
exe="/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?'
type=USER_AVC msg=audit(1403767163.116:2423): pid=1 uid=0 auid=4294967295
ses=4294967295 subj=system_u:system_r:init_t:s0 msg='avc: denied { status }
for auid=0 uid=0 gid=0 path="/dev/null" cmdline="systemctl stop udev.service
udev-control.socket udev-kernel.socket"
scontext=unconfined_u:unconfined_r:dpkg_script_t:s0-s0:c0.c1023
tcontext=system_u:object_r:null_device_t:s0 tclass=service
exe="/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?'

What's the cause of these messages? Why am I seeing an access check on
null_device_t?

--
My Main Blog http://etbe.coker.com.au/
My Documents Blog http://doc.coker.com.au/

2014-06-26 15:51:28

by dominick.grift

[permalink] [raw]

Subject: [refpolicy] strange systemctl audit messages

On Thu, 2014-06-26 at 21:20 +1000, Russell Coker wrote:
> type=USER_AVC msg=audit(1403767163.112:2422): pid=1 uid=0 auid=4294967295
> ses=4294967295 subj=system_u:system_r:init_t:s0 msg='avc: denied { stop }
> for auid=0 uid=0 gid=0 path="/dev/null" cmdline="systemctl stop udev.service
> udev-control.socket udev-kernel.socket"
> scontext=unconfined_u:unconfined_r:dpkg_script_t:s0-s0:c0.c1023
> tcontext=system_u:object_r:null_device_t:s0 tclass=service
> exe="/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?'
> type=USER_AVC msg=audit(1403767163.116:2423): pid=1 uid=0 auid=4294967295
> ses=4294967295 subj=system_u:system_r:init_t:s0 msg='avc: denied { status }
> for auid=0 uid=0 gid=0 path="/dev/null" cmdline="systemctl stop udev.service
> udev-control.socket udev-kernel.socket"
> scontext=unconfined_u:unconfined_r:dpkg_script_t:s0-s0:c0.c1023
> tcontext=system_u:object_r:null_device_t:s0 tclass=service
> exe="/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?'
>
> What's the cause of these messages? Why am I seeing an access check on
> null_device_t?
>

At least you're getting some AVC denials. I suspect you may need to
upgrade systemd as this seems to me to be a bug in the systemd selinux
code.

By the way, you should probably send this to Walsh instead as this has
little to do with refpolicy and the systemd selinux code was written by
Walsh.