Bug 1014825
Summary: | SELinux is preventing systemd-readahe from 'read' accesses on the chr_file urandom. | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Adam Williamson <awilliam> |
Component: | selinux-policy | Assignee: | Miroslav Grepl <mgrepl> |
Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | unspecified | Docs Contact: | |
Priority: | unspecified | ||
Version: | 20 | CC: | bondhu.paul, brianlamere, bugzilla, cedjo7, dominick.grift, dwalsh, fran, frankly3d, kparal, kuc4iman, lvrabec, marco.kunzli, mbriza, mgrepl, mikhail.v.gavrilov, nonamedotc, pierluigi.fiorini, robatino, satellitgo, sergei.ksmith |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | x86_64 | ||
OS: | Unspecified | ||
Whiteboard: | abrt_hash:33c3d515c9a0e3a66314e80eb21f2baf2f54a5ad6dbab9fbc7dd848508fbdff2 | ||
Fixed In Version: | selinux-policy-3.12.1-90.fc20 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2013-11-10 06:21:32 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 980656 |
Description
Adam Williamson
2013-10-02 20:59:19 UTC
aa94525b8312b39a7c78da0e8bf00ff893762a46 fixes this in git. Description of problem: this happen when the session starts after login, not sure if this should be allowed or not Additional info: reporter: libreport-2.1.7 hashmarkername: setroubleshoot kernel: 3.11.3-301.fc20.x86_64 type: libreport Description of problem: I use a usb stick with "secreykey" for unlocking luks partitions. It works, but this avc is new (yesterday and today) I am uncerain if the setebool is required what has changed? USB still unlocks the partitions. Aside from that, no ideas. Additional info: reporter: libreport-2.1.7 hashmarkername: setroubleshoot kernel: 3.12.0-0.rc3.git4.2.fc20.x86_64 type: libreport Description of problem: I see this on default boot of F20 Beta TC2 Live x86_64 converted to USB using dd. The warning doesn't pop up, but it can be seen after opening SELinux troubleshooter. Additional info: reporter: libreport-2.1.7 hashmarkername: setroubleshoot kernel: 3.11.3-301.fc20.x86_64 type: libreport Proposing as a blocker: "There must be no SELinux denial notifications or crash notifications on boot of or during installation from a release-blocking live image, or at first login after a default install of a release-blocking desktop. " https://fedoraproject.org/wiki/Fedora_20_Final_Release_Criteria#SELinux_and_crash_notifications Please note that there is no actual notification (there might be a bug that prevents notifications from popping up?). But the error is there. Description of problem: happens every time during boot; when I log in, I get a selinux alert I am using rpmfusion repos now, but it was already happening prior to that. Installed as a basic with Mate, then added items. Additional info: reporter: libreport-2.1.8 hashmarkername: setroubleshoot kernel: 3.11.4-301.fc20.x86_64 type: libreport selinux-policy-3.12.1-90.fc20 has been submitted as an update for Fedora 20. https://admin.fedoraproject.org/updates/selinux-policy-3.12.1-90.fc20 Package selinux-policy-3.12.1-90.fc20: * should fix your issue, * was pushed to the Fedora 20 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing selinux-policy-3.12.1-90.fc20' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2013-19129/selinux-policy-3.12.1-90.fc20 then log in and leave karma (feedback). see this in liveusb-creator USB with persistence file of F20 Beta TC-5 Desktop. Initial boot works. Cnges are stored in persitence file. on reboot of USB fails at initial screen but on 2nd boot it finds file and runs. 3rd reboot fails, 4th boot works? ABRT message is identical I see the systemd-readahea messages in almost all F20 systems at present, but I'm not sure it's what is actually breaking your live persistence case. I think it's a fairly 'harmless' error - readahead is really just a mechanism to try and make boot a bit faster, I think, so worst case if it breaks is just that boot runs a bit slower. But I might be missing something. You could try using enforcing=0 or selinux=0 with your persistence tests and see if it changes anything. Description of problem: part of testing Desktop login created 2nd user and tried to log out/in to it: "gnome-keyring-daemon not responding" Could not do shutdown so did shutdown -h now from second user On reboot logged in to user2 and got this error. Keyring asked for password for second user to allow reporting Additional info: reporter: libreport-2.1.8 hashmarkername: setroubleshoot kernel: 3.11.5-302.fc20.x86_64 type: libreport selinux-policy-3.12.1-90.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report. |