Petr Lautrbach
Petr Lautrbach
Please see https://bugzilla.redhat.com/show_bug.cgi?id=2012943 for more information.
#### What happened: selinuxd container is running with spc_t domain type: system_u:system_r:spc_t:s0 237236 ? Ssl 0:01 /usr/bin/selinuxdctl daemon --datastore-path /var/run/selinuxd/selinuxd.db --socket-path /var/run/selinuxd/selinuxd.sock --socket-uid 0 --socket-gid 65535 #### What you expected...
* `podmansh(1)` mentions `label=user:container_user_u` which is defined in this policy. This repository ships `container_u` file to assign correct context during login - it should follow `seuser_id` so the right file...
SELinux userspace release 3.4 introduced a new command line option [-m|--checksum] to `semodule` which adds sha256 checksum of modules to its output. It can be used to check whether the...
I probably miss some piece of the puzzle but it looks like all datastore functionality could be implemented using `semodule` utility or *libsemanage* library. Bellow are shell snippets describing how...
~~~ {"level":"error","ts":1652443238.6348724,"caller":"policycoreutils/policycoreutils.go:41","msg":"Installing policy","modulePath":"/etc/selinux.d/wrongmodule.cil","output":"Re-declaration of typealias auditadm_ssh_tmpfs_t\nPrevious declaration of typealias at /var/lib/selinux/targeted/tmp/modules/350/wrongmodule/cil:1\nBad typealias declaration at /var/lib/selinux/targeted/tmp/modules/350/wrongmodule/cil:1\nFailed to build AST\n/usr/sbin/semodule: Failed!\n","stacktrace":"github.com/containers/selinuxd/pkg/semodule/policycoreutils.(*SEModulePcuHandler).Install\n\t/home/plautrba/devel/src/selinuxd/pkg/semodule/policycoreutils/policycoreutils.go:41\ngithub.com/containers/selinuxd/pkg/daemon.(*policyInstall).do\n\t/home/plautrba/devel/src/selinuxd/pkg/daemon/action.go:52\ngithub.com/containers/selinuxd/pkg/daemon.InstallPolicies\n\t/home/plautrba/devel/src/selinuxd/pkg/daemon/daemon.go:124"} {"level":"error","ts":1652443238.6350026,"logger":"policy-installer","caller":"daemon/daemon.go:125","msg":"Failed applying operation on policy","operation":"install - /etc/selinux.d/wrongmodule.cil","output":"","error":"failed executing install action: cannot...
Reproducer: ~~~ # cp -r /var/lib/selinux/targeted/ /var/lib/selinux/test # cp -r /etc/selinux/targeted/ /etc/selinux/test # sed -i 's/=targeted/=test/' /etc/selinux/config # reboot # sestatus | grep "policy name" Loaded policy name: test #...