From: dominick.grift@gmail.com (Dominick Grift) Date: Thu, 26 Jun 2014 17:51:28 +0200 Subject: [refpolicy] strange systemctl audit messages In-Reply-To: <1552420.sQKKNUdSRH@xev> References: <1552420.sQKKNUdSRH@xev> Message-ID: <1403797888.9852.32.camel@x220.localdomain> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On Thu, 2014-06-26 at 21:20 +1000, Russell Coker wrote: > type=USER_AVC msg=audit(1403767163.112:2422): pid=1 uid=0 auid=4294967295 > ses=4294967295 subj=system_u:system_r:init_t:s0 msg='avc: denied { stop } > for auid=0 uid=0 gid=0 path="/dev/null" cmdline="systemctl stop udev.service > udev-control.socket udev-kernel.socket" > scontext=unconfined_u:unconfined_r:dpkg_script_t:s0-s0:c0.c1023 > tcontext=system_u:object_r:null_device_t:s0 tclass=service > exe="/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?' > type=USER_AVC msg=audit(1403767163.116:2423): pid=1 uid=0 auid=4294967295 > ses=4294967295 subj=system_u:system_r:init_t:s0 msg='avc: denied { status } > for auid=0 uid=0 gid=0 path="/dev/null" cmdline="systemctl stop udev.service > udev-control.socket udev-kernel.socket" > scontext=unconfined_u:unconfined_r:dpkg_script_t:s0-s0:c0.c1023 > tcontext=system_u:object_r:null_device_t:s0 tclass=service > exe="/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?' > > What's the cause of these messages? Why am I seeing an access check on > null_device_t? > At least you're getting some AVC denials. I suspect you may need to upgrade systemd as this seems to me to be a bug in the systemd selinux code. By the way, you should probably send this to Walsh instead as this has little to do with refpolicy and the systemd selinux code was written by Walsh.