Issue 890397 link

Starred by 1 user

Issue metadata

Status:	WontFix
Owner:	----
Closed:	Nov 1
Components:	OS>Kernel
EstimatedDays:	----
NextAction:	----
OS:	Chrome
Pri:	3
Type:	Bug
Kernel-4.19

chromeos-4.19: SELinux error messages

Project Member Reported by groeck@chromium.org, Sep 28

Issue description

The following SELinux messages are seen when booting chromeos-4.19.

[    6.685549] SELinux:  Permission validate_trans in class security not defined in policy.
[    6.694827] SELinux:  Permission getrlimit in class process not defined in policy.
[    6.703311] SELinux:  Class process2 not defined in policy.
[    6.710054] SELinux:  Class sctp_socket not defined in policy.
[    6.716605] SELinux:  Class icmp_socket not defined in policy.
[    6.723151] SELinux:  Class ax25_socket not defined in policy.
[    6.729696] SELinux:  Class ipx_socket not defined in policy.
[    6.736146] SELinux:  Class netrom_socket not defined in policy.
[    6.742893] SELinux:  Class atmpvc_socket not defined in policy.
[    6.749634] SELinux:  Class x25_socket not defined in policy.
[    6.756075] SELinux:  Class rose_socket not defined in policy.
[    6.762613] SELinux:  Class decnet_socket not defined in policy.
[    6.769353] SELinux:  Class atmsvc_socket not defined in policy.
[    6.776115] SELinux:  Class rds_socket not defined in policy.
[    6.783199] SELinux:  Class irda_socket not defined in policy.
[    6.789751] SELinux:  Class pppox_socket not defined in policy.
[    6.796402] SELinux:  Class llc_socket not defined in policy.
[    6.802850] SELinux:  Class can_socket not defined in policy.
[    6.809299] SELinux:  Class tipc_socket not defined in policy.
[    6.815845] SELinux:  Class bluetooth_socket not defined in policy.
[    6.822878] SELinux:  Class iucv_socket not defined in policy.
[    6.829447] SELinux:  Class rxrpc_socket not defined in policy.
[    6.836089] SELinux:  Class isdn_socket not defined in policy.
[    6.842635] SELinux:  Class phonet_socket not defined in policy.
[    6.849375] SELinux:  Class ieee802154_socket not defined in policy.
[    6.856504] SELinux:  Class caif_socket not defined in policy.
[    6.863066] SELinux:  Class alg_socket not defined in policy.
[    6.869516] SELinux:  Class nfc_socket not defined in policy.
[    6.875966] SELinux:  Class vsock_socket not defined in policy.
[    6.882610] SELinux:  Class kcm_socket not defined in policy.
[    6.889058] SELinux:  Class qipcrtr_socket not defined in policy.
[    6.895930] SELinux:  Class smc_socket not defined in policy.
[    6.902378] SELinux:  Class infiniband_pkey not defined in policy.
[    6.909310] SELinux:  Class infiniband_endport not defined in policy.
[    6.916713] SELinux:  Class bpf not defined in policy.
[    6.922484] SELinux:  Class xdp_socket not defined in policy.
[    6.928962] SELinux: the above unknown classes and permissions will be denied
[    6.937474] SELinux:  policy capability network_peer_controls=1
[    6.944120] SELinux:  policy capability open_perms=1
[    6.949695] SELinux:  policy capability extended_socket_class=0
[    6.956337] SELinux:  policy capability always_check_network=0
[    6.962883] SELinux:  policy capability cgroup_seclabel=0
[    6.968944] SELinux:  policy capability nnp_nosuid_transition=0
[    6.976418] SELinux:  Context u:object_r:cros_system_file:s0 is not valid (left unmapped).
[    7.177683] audit: type=1403 audit(1538154424.570:3): auid=4294967295 ses=4294967295 lsm=selinux res=1
[    7.191718] SELinux:  Context u:object_r:cros_init_conf_file:s0 is not valid (left unmapped).

The following SELinux messages are seen when booting chromeos-4.19.

[    6.685549] SELinux:  Permission validate_trans in class security not defined in policy.
[    6.694827] SELinux:  Permission getrlimit in class process not defined in policy.
[    6.703311] SELinux:  Class process2 not defined in policy.
[    6.710054] SELinux:  Class sctp_socket not defined in policy.
[    6.716605] SELinux:  Class icmp_socket not defined in policy.
[    6.723151] SELinux:  Class ax25_socket not defined in policy.
[    6.729696] SELinux:  Class ipx_socket not defined in policy.
[    6.736146] SELinux:  Class netrom_socket not defined in policy.
[    6.742893] SELinux:  Class atmpvc_socket not defined in policy.
[    6.749634] SELinux:  Class x25_socket not defined in policy.
[    6.756075] SELinux:  Class rose_socket not defined in policy.
[    6.762613] SELinux:  Class decnet_socket not defined in policy.
[    6.769353] SELinux:  Class atmsvc_socket not defined in policy.
[    6.776115] SELinux:  Class rds_socket not defined in policy.
[    6.783199] SELinux:  Class irda_socket not defined in policy.
[    6.789751] SELinux:  Class pppox_socket not defined in policy.
[    6.796402] SELinux:  Class llc_socket not defined in policy.
[    6.802850] SELinux:  Class can_socket not defined in policy.
[    6.809299] SELinux:  Class tipc_socket not defined in policy.
[    6.815845] SELinux:  Class bluetooth_socket not defined in policy.
[    6.822878] SELinux:  Class iucv_socket not defined in policy.
[    6.829447] SELinux:  Class rxrpc_socket not defined in policy.
[    6.836089] SELinux:  Class isdn_socket not defined in policy.
[    6.842635] SELinux:  Class phonet_socket not defined in policy.
[    6.849375] SELinux:  Class ieee802154_socket not defined in policy.
[    6.856504] SELinux:  Class caif_socket not defined in policy.
[    6.863066] SELinux:  Class alg_socket not defined in policy.
[    6.869516] SELinux:  Class nfc_socket not defined in policy.
[    6.875966] SELinux:  Class vsock_socket not defined in policy.
[    6.882610] SELinux:  Class kcm_socket not defined in policy.
[    6.889058] SELinux:  Class qipcrtr_socket not defined in policy.
[    6.895930] SELinux:  Class smc_socket not defined in policy.
[    6.902378] SELinux:  Class infiniband_pkey not defined in policy.
[    6.909310] SELinux:  Class infiniband_endport not defined in policy.
[    6.916713] SELinux:  Class bpf not defined in policy.
[    6.922484] SELinux:  Class xdp_socket not defined in policy.
[    6.928962] SELinux: the above unknown classes and permissions will be denied
[    6.937474] SELinux:  policy capability network_peer_controls=1
[    6.944120] SELinux:  policy capability open_perms=1
[    6.949695] SELinux:  policy capability extended_socket_class=0
[    6.956337] SELinux:  policy capability always_check_network=0
[    6.962883] SELinux:  policy capability cgroup_seclabel=0
[    6.968944] SELinux:  policy capability nnp_nosuid_transition=0
[    6.976418] SELinux:  Context u:object_r:cros_system_file:s0 is not valid (left unmapped).
[    7.177683] audit: type=1403 audit(1538154424.570:3): auid=4294967295 ses=4294967295 lsm=selinux res=1
[    7.191718] SELinux:  Context u:object_r:cros_init_conf_file:s0 is not valid (left unmapped).

Subsequently, when logging in (even in permissive mode), the following messages are seen.

[   24.806830] audit: type=1401 audit(1539707025.084:173): op=security_bounded_transition seresult=denied oldcontext=u:r:cros_session_manager:s0 newcontext=u:r:chromeos:s0
[  575.056395] audit: type=1401 audit(1539707574.111:434): op=security_bounded_transition seresult=denied oldcontext=u:r:cros_session_manager:s0 newcontext=u:r:chromeos:s0
[  575.224067] audit: type=1401 audit(1539707574.279:435): op=security_bounded_transition seresult=denied oldcontext=u:r:cros_session_manager:s0 newcontext=u:r:chromeos:s0

Comment 1 by groeck@chromium.org, Oct 16

Description: Show this description

Comment 2 by groeck@chromium.org, Nov 1

Status: WontFix (was: Untriaged)

Messages are either "normal", ie always seen ("not defined in policy"), or due to bugs which since then have been fixed.

►

Issue 890397 link

Issue metadata

chromeos-4.19: SELinux error messages

Issue description

Comment 1 by groeck@chromium.org, Oct 16

Comment 1 Deleted

Comment 2 by groeck@chromium.org, Nov 1

Comment 2 Deleted

Sign in to add a comment