[CentOS] CentOS 7 selinux policy bug

Fri May 29 14:53:18 UTC 2015
Earl A Ramirez <earlaramirez at gmail.com>

On 29 May 2015 at 16:27, <m.roth at 5-cent.us> wrote:

> Hi, folks,
>
>    CentOS 7.1. Selinux policy, and targetted, updated two days ago.
>
> May 28 17:02:41 <servername> python: SELinux is preventing /usr/bin/bash
> from execute access on the file /usr/bin/bash.#012#012***** <...>
> May 28 17:02:45 <servername> python: SELinux is preventing /usr/bin/bash
> from execute access on the file /usr/bin/uname.#012#012*****  <...> May 28
> 17:02:45 <servername> python: SELinux is preventing /usr/bin/uname from
> execute_no_trans access on the file /usr/bin/uname.#012#012***** <...>
> May 28 17:02:47 <servername> python: SELinux is preventing /usr/bin/bash
> from execute access on the file /usr/bin/mailx.#012#012*****  <...>
>
> I did do an ll =Z /usr/bin, and everything looks correct
> (system_u:object_r:bin_t:s0). Given that, looks to me like a policy bug.
> No? Yes? File a bug report?
>
>         mark
>
>
>
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
>

I saw the same behaviour this morning, however the labels changed to
"unlabelled" for a number of programs; e.g. /etc/ssh/sshd_config,
/etc/shadow, /etc/pam/* and a few others. I saw this after I was not able
to login to my laptop, login to single user mode and saw tonnes of SELinux
errors and changed it from enforcing to permissive and then I was able to
restore the labels.

Most certainly believe its a bug.


-- 
Kind Regards
Earl Ramirez