Not to be fixed
Created: Sep 30, 2013
Updated: Apr 19, 2018
Resolved Date: Apr 17, 2018
Found In Version: 6.0
Severity: Standard
Applicable for: Wind River Linux 6
Component/s: Userspace
During boot after the auto-relabling step has applied the security policy to a system using meta-selinux, the following failures can be observed:
Starting udev
udevd[80]: starting version 182
type=1401 audit(1380566128.073:4): security_validate_transition: denied for oldcontext=system_u:object_r:device_t:s15:c0.c1023 newcontext=system_u:object_r:framebuf_device_t:s0 taskcontext=system_u:system_r:initrc_t:s0-s15:c0.c
1023 tclass=chr_file
udevd[98]: setfilecon /dev/fb0 failed: Operation not permitted
type=1401 audit(1380566137.957:5): security_validate_transition: denied for oldcontext=system_u:object_r:device_t:s15:c0.c1023 newcontext=system_u:object_r:tty_device_t:s0 taskcontext=system_u:system_r:initrc_t:s0-s15:c0.c1023
tclass=chr_file
type=1401 audit(1380566137.999:6): security_validate_transition: denied for oldcontext=system_u:object_r:device_t:s15:c0.c1023 newcontext=system_u:object_r:tty_device_t:s0 taskcontext=system_u:system_r:initrc_t:s0-s15:c0.c1023
tclass=chr_file
udevd[87]: setfilecon /dev/vcs2 failed: Operation not permitted
udevd[83]: setfilecon /dev/vcsa2 failed: Operation not permitted
Starting Bootlog daemon: bootlogd.
Manually re-applying the security context for these devices after boot by means of 'restorecon -F /dev/fb0', for example, applies the correct security label.
Configure a system with meta-selinux.
Boot.