| Summary: | SELinux is preventing /usr/bin/cat from 'read' accesses on the file environ. | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 7 | Reporter: | Gerd Hoffmann <kraxel> |
| Component: | selinux-policy | Assignee: | Miroslav Grepl <mgrepl> |
| Status: | CLOSED CURRENTRELEASE | QA Contact: | Milos Malik <mmalik> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 7.0 | CC: | mmalik |
| Target Milestone: | rc | ||
| Target Release: | --- | ||
| Hardware: | x86_64 | ||
| OS: | Linux | ||
| Whiteboard: | abrt_hash:c891ec5197f4524131f9a04f6537ef889398f8baea205e69598809f3b7f87a71 | ||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2014-06-13 09:34:32 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
commit f4cdb96ef01b1ebf89194f69c3fd9120e63c6087
Author: Miroslav Grepl <mgrepl>
Date: Tue Aug 27 16:28:33 2013 +0200
Allow rhsmcertd to read init state
This request was resolved in Red Hat Enterprise Linux 7.0. Contact your manager or support representative in case you have further questions about the request. |
Description of problem: SELinux is preventing /usr/bin/cat from 'read' accesses on the file environ. ***** Plugin catchall (100. confidence) suggests ************************** If you believe that cat should be allowed read access on the environ file by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # grep cat /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context system_u:system_r:rhsmcertd_t:s0 Target Context system_u:system_r:init_t:s0 Target Objects environ [ file ] Source cat Source Path /usr/bin/cat Port <Unknown> Host (removed) Source RPM Packages coreutils-8.21-12.el7.x86_64 Target RPM Packages Policy RPM selinux-policy-3.12.1-70.el7.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Permissive Host Name (removed) Platform Linux (removed) 3.10.0-9.el7.x86_64 #1 SMP Tue Aug 13 14:35:28 EDT 2013 x86_64 x86_64 Alert Count 8 First Seen 2013-08-21 22:12:56 CEST Last Seen 2013-08-23 06:12:57 CEST Local ID 9f62e958-9751-4b7f-82ba-7652a681d7ed Raw Audit Messages type=AVC msg=audit(1377231177.327:6164): avc: denied { read } for pid=3576 comm="cat" name="environ" dev="proc" ino=1125 scontext=system_u:system_r:rhsmcertd_t:s0 tcontext=system_u:system_r:init_t:s0 tclass=file type=AVC msg=audit(1377231177.327:6164): avc: denied { open } for pid=3576 comm="cat" path="/proc/1/environ" dev="proc" ino=1125 scontext=system_u:system_r:rhsmcertd_t:s0 tcontext=system_u:system_r:init_t:s0 tclass=file type=SYSCALL msg=audit(1377231177.327:6164): arch=x86_64 syscall=open success=yes exit=EIO a0=7fffb8ab3f20 a1=0 a2=1fffffffffff0000 a3=3976c854d0 items=0 ppid=3564 pid=3576 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=cat exe=/usr/bin/cat subj=system_u:system_r:rhsmcertd_t:s0 key=(null) Hash: cat,rhsmcertd_t,init_t,file,read Additional info: reporter: libreport-2.1.6 hashmarkername: setroubleshoot kernel: 3.10.0-10.el7.x86_64 type: libreport