From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id 9C5E21395E1 for ; Sun, 2 Aug 2015 19:06:42 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id AF9301401A; Sun, 2 Aug 2015 19:06:38 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id C79811401A for ; Sun, 2 Aug 2015 19:06:37 +0000 (UTC) Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id 091A0340766 for ; Sun, 2 Aug 2015 19:06:37 +0000 (UTC) Received: from localhost.localdomain (localhost [127.0.0.1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id C12A2128 for ; Sun, 2 Aug 2015 19:06:33 +0000 (UTC) From: "Jason Zaman" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Jason Zaman" Message-ID: <1438538749.bf421d08e93e0e098620587655d9326d826f4a5d.perfinion@gentoo> Subject: [gentoo-commits] proj/hardened-refpolicy:next commit in: policy/modules/contrib/ X-VCS-Repository: proj/hardened-refpolicy X-VCS-Files: policy/modules/contrib/salt.te X-VCS-Directories: policy/modules/contrib/ X-VCS-Committer: perfinion X-VCS-Committer-Name: Jason Zaman X-VCS-Revision: bf421d08e93e0e098620587655d9326d826f4a5d X-VCS-Branch: next Date: Sun, 2 Aug 2015 19:06:33 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Archives-Salt: 2f0622a1-5b9f-4a4f-ba38-b011f844a737 X-Archives-Hash: e9bf9f55a3c7bc9c9a579c721f7dbae2 commit: bf421d08e93e0e098620587655d9326d826f4a5d Author: Sven Vermeulen siphos be> AuthorDate: Sun Aug 2 18:05:49 2015 +0000 Commit: Jason Zaman gentoo org> CommitDate: Sun Aug 2 18:05:49 2015 +0000 URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=bf421d08 Salt minion requires execute rights on init to start Without execute rights, the salt minion continuously restarts with the following in the log: 2015-08-02 20:02:57,671 [salt.scripts ][INFO ][30383] Sleeping random_reauth_delay of 6 seconds 2015-08-02 20:03:13,558 [salt.cli.daemons ][INFO ][30833] Setting up the Salt Minion "salt.internal.genfic.local" 2015-08-02 20:03:13,913 [salt.utils.process][DEBUG ][30833] Created pidfile: /var/run/salt-minion.pid 2015-08-02 20:03:13,914 [salt.config ][DEBUG ][30833] Reading configuration from /etc/salt/minion 2015-08-02 20:03:13,915 [salt.config ][DEBUG ][30833] Including configuration from '/etc/salt/minion.d/_schedule.conf' 2015-08-02 20:03:13,915 [salt.config ][DEBUG ][30833] Reading configuration from /etc/salt/minion.d/_schedule.conf 2015-08-02 20:03:14,188 [salt.utils ][TRACE ][30833] 'init' could not be found in the following search path: ['/bin', '/sbin', '/bin', '/sbin', '/usr/bin', '/usr/sbin', '/usr/bin', '/usr/sbin', '/usr/local/bin', '/usr/local/sbin', '/opt/bin', '/usr/x86_64-pc-linux-gnu/gcc-bin/4.8.4'] 2015-08-02 20:03:14,189 [salt.cli.daemons ][INFO ][30833] The salt minion is shut down 2015-08-02 20:03:14,190 [salt.scripts ][ERROR ][30833] coercing to Unicode: need string or buffer, NoneType found 2015-08-02 20:03:14,190 [salt.scripts ][WARNING ][30833] ** Restarting minion ** The denial: type=AVC msg=audit(1438538594.186:99014): avc: denied { execute } for pid=30833 comm="salt-minion" name="init" dev="vda3" ino=2900377 scontext=system_u:system_r:salt_minion_t:s0 tcontext=system_u:object_r:init_exec_t:s0 tclass=file permissive=0 policy/modules/contrib/salt.te | 1 + 1 file changed, 1 insertion(+) diff --git a/policy/modules/contrib/salt.te b/policy/modules/contrib/salt.te index ab19bf7..c00aa50 100644 --- a/policy/modules/contrib/salt.te +++ b/policy/modules/contrib/salt.te @@ -288,6 +288,7 @@ fstools_domtrans(salt_minion_t) getty_use_fds(salt_minion_t) +init_exec(salt_minion_t) init_exec_rc(salt_minion_t) miscfiles_read_localization(salt_minion_t)