From: dominick.grift@gmail.com (Dominick Grift)
Date: Thu, 26 Jun 2014 17:51:28 +0200
Subject: [refpolicy] strange systemctl audit messages
In-Reply-To: <1552420.sQKKNUdSRH@xev>
References: <1552420.sQKKNUdSRH@xev>
Message-ID: <1403797888.9852.32.camel@x220.localdomain>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On Thu, 2014-06-26 at 21:20 +1000, Russell Coker wrote:
> type=USER_AVC msg=audit(1403767163.112:2422): pid=1 uid=0 auid=4294967295 
> ses=4294967295 subj=system_u:system_r:init_t:s0 msg='avc:  denied  { stop } 
> for auid=0 uid=0 gid=0 path="/dev/null" cmdline="systemctl stop udev.service 
> udev-control.socket udev-kernel.socket" 
> scontext=unconfined_u:unconfined_r:dpkg_script_t:s0-s0:c0.c1023 
> tcontext=system_u:object_r:null_device_t:s0 tclass=service  
> exe="/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?'                                                                                                                                                                                                                                                             
> type=USER_AVC msg=audit(1403767163.116:2423): pid=1 uid=0 auid=4294967295 
> ses=4294967295 subj=system_u:system_r:init_t:s0 msg='avc:  denied  { status } 
> for auid=0 uid=0 gid=0 path="/dev/null" cmdline="systemctl stop udev.service 
> udev-control.socket udev-kernel.socket" 
> scontext=unconfined_u:unconfined_r:dpkg_script_t:s0-s0:c0.c1023 
> tcontext=system_u:object_r:null_device_t:s0 tclass=service  
> exe="/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?'
> 
> What's the cause of these messages?  Why am I seeing an access check on 
> null_device_t?
> 

At least you're getting some AVC denials. I suspect you may need to
upgrade systemd as this seems to me to be a bug in the systemd selinux
code.

By the way, you should probably send this to Walsh instead as this has
little to do with refpolicy and the systemd selinux code was written by
Walsh.