| Summary: | SELinux is preventing /usr/sbin/bumblebeed from 'write' accesses on the file bbswitch. | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | nuno ferreira <self> |
| Component: | selinux-policy | Assignee: | Miroslav Grepl <mgrepl> |
| Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 20 | CC: | arno.m, blazej.nowak, dominick.grift, dwalsh, lvrabec, mgrepl, sayak.bugsmith, shawnx, tony_hawks, van.zantvoort, yanuarrisah |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | x86_64 | ||
| OS: | Unspecified | ||
| Whiteboard: | abrt_hash:e0cbfcd1de11c88ccecbdb687dfa6661095deafbeaa3237d356636fdaaea48fd | ||
| Fixed In Version: | selinux-policy-3.12.1-116.fc20 | Doc Type: | Bug Fix |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2014-01-16 07:09:29 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
commit 4b26b7506948aa738585ae4ad56dcf7d9033bf7c
Author: Miroslav Grepl <mgrepl>
Date: Mon Dec 9 11:01:51 2013 +0100
Dontaudit access check on /proc for bumblebee
commit 4296386a26ff7693fd98b5be8aac18d5ae4ddbf8
Author: Miroslav Grepl <mgrepl>
Date: Mon Dec 9 10:54:47 2013 +0100
bumblebee wants to load nvidia modules
Description of problem: Install bumblebee, bbswitch, primus for fedora 20 from http://install.linux.ncsu.edu/pub/yum/itecs/public Additional info: reporter: libreport-2.1.10 hashmarkername: setroubleshoot kernel: 3.12.5-302.fc20.x86_64 type: libreport Yanuar can you explain a bit better what needs to get installed on fedora 20. i have installed everyting i think shuold be installed, and it dosent follow. every time i restart the computer i get this "selinux is preventing the bumblebeed from write acces on the file bbswitch" , /usr/sbin/bumblebeed selinux-policy-3.12.1-116.fc20 has been submitted as an update for Fedora 20. https://admin.fedoraproject.org/updates/selinux-policy-3.12.1-116.fc20 Package selinux-policy-3.12.1-116.fc20: * should fix your issue, * was pushed to the Fedora 20 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing selinux-policy-3.12.1-116.fc20' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2014-0806/selinux-policy-3.12.1-116.fc20 then log in and leave karma (feedback). selinux-policy-3.12.1-116.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report. SELinux is preventing /usr/sbin/bumblebeed from 'write' accesses on the file bbswitch.
***** Plugin catchall (100. confidence) suggests **************************
If you believe that bumblebeed should be allowed write access on the bbswitch file by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# grep bumblebeed /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp
Additional Information:
Source Context system_u:system_r:bumblebee_t:s0
Target Context system_u:object_r:proc_t:s0
Target Objects bbswitch [ file ]
Source bumblebeed
Source Path /usr/sbin/bumblebeed
Port <Unknown>
Host (removed)
Source RPM Packages bumblebee-3.2.1-4.fc20.x86_64
Target RPM Packages
Policy RPM selinux-policy-3.12.1-119.fc20.noarch
Selinux Enabled True
Policy Type targeted
Enforcing Mode Enforcing
Host Name (removed)
Platform Linux (removed) 3.12.8-300.fc20.x86_64 #1 SMP Thu
Jan 16 01:07:50 UTC 2014 x86_64 x86_64
Alert Count 1
First Seen 2014-01-23 15:39:55 CET
Last Seen 2014-01-23 15:39:55 CET
Local ID 52549042-7511-4bb6-a265-b6826c20ec24
Raw Audit Messages
type=AVC msg=audit(1390487995.948:382): avc: denied { write } for pid=492 comm="bumblebeed" name="bbswitch" dev="proc" ino=4026532372 scontext=system_u:system_r:bumblebee_t:s0 tcontext=system_u:object_r:proc_t:s0 tclass=file
type=SYSCALL msg=audit(1390487995.948:382): arch=x86_64 syscall=open success=yes exit=ENXIO a0=409895 a1=241 a2=1b6 a3=22 items=0 ppid=1 pid=492 auid=4294967295 uid=0 gid=1001 euid=0 suid=0 fsuid=0 egid=1001 sgid=1001 fsgid=1001 ses=4294967295 tty=(none) comm=bumblebeed exe=/usr/sbin/bumblebeed subj=system_u:system_r:bumblebee_t:s0 key=(null)
Hash: bumblebeed,bumblebee_t,proc_t,file,write
same here still:
SELinux is preventing /usr/sbin/bumblebeed from write access on the file bbswitch.
***** Plugin catchall (100. confidence) suggests **************************
If you believe that bumblebeed should be allowed write access on the bbswitch file by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# grep bumblebeed /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp
Additional Information:
Source Context system_u:system_r:bumblebee_t:s0
Target Context system_u:object_r:proc_t:s0
Target Objects bbswitch [ file ]
Source bumblebeed
Source Path /usr/sbin/bumblebeed
Port <Unknown>
Host <Unknown>
Source RPM Packages bumblebee-3.2.1-4.fc20.x86_64
Target RPM Packages
Policy RPM selinux-policy-3.12.1-119.fc20.noarch
Selinux Enabled True
Policy Type targeted
Enforcing Mode Enforcing
Host Name lianxiang.the-loeki.net
Platform Linux lianxiang.the-loeki.net
3.12.9-301.fc20.x86_64 #1 SMP Wed Jan 29 15:56:22
UTC 2014 x86_64 x86_64
Alert Count 11
First Seen 2014-02-06 10:28:04 CET
Last Seen 2014-02-08 12:12:12 CET
Local ID 61ea4377-0310-490c-b83f-69437ad2f3dc
Raw Audit Messages
type=AVC msg=audit(1391857932.475:19): avc: denied { write } for pid=475 comm="bumblebeed" name="bbswitch" dev="proc" ino=4026532369 scontext=system_u:system_r:bumblebee_t:s0 tcontext=system_u:object_r:proc_t:s0 tclass=file
type=SYSCALL msg=audit(1391857932.475:19): arch=x86_64 syscall=open success=yes exit=EIO a0=409895 a1=241 a2=1b6 a3=22 items=0 ppid=1 pid=475 auid=4294967295 uid=0 gid=1001 euid=0 suid=0 fsuid=0 egid=1001 sgid=1001 fsgid=1001 ses=4294967295 tty=(none) comm=bumblebeed exe=/usr/sbin/bumblebeed subj=system_u:system_r:bumblebee_t:s0 key=(null)
Hash: bumblebeed,bumblebee_t,proc_t,file,write
Verifying this annoying problem:
SELinux is preventing /usr/sbin/bumblebeed from 'write' accesses on the file bbswitch.
***** Plugin catchall (100. confidence) suggests **************************
If sie denken, dass es bumblebeed standardmässig erlaubt sein sollte, write Zugriff auf bbswitch file zu erhalten.
Then sie sollten dies als Fehler melden.
Um diesen Zugriff zu erlauben, können Sie ein lokales Richtlinien-Modul erstellen.
Do
zugriff jetzt erlauben, indem Sie die nachfolgenden Befehle ausführen:
# grep bumblebeed /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp
Additional Information:
Source Context system_u:system_r:bumblebee_t:s0
Target Context system_u:object_r:proc_t:s0
Target Objects bbswitch [ file ]
Source bumblebeed
Source Path /usr/sbin/bumblebeed
Port <Unknown>
Host (removed)
Source RPM Packages bumblebee-3.2.1-4.fc20.x86_64
Target RPM Packages
Policy RPM selinux-policy-3.12.1-119.fc20.noarch
Selinux Enabled True
Policy Type targeted
Enforcing Mode Enforcing
Host Name (removed)
Platform Linux (removed) 3.12.9-301.fc20.x86_64 #1 SMP Wed
Jan 29 15:56:22 UTC 2014 x86_64 x86_64
Alert Count 1
First Seen 2014-02-09 15:30:29 CET
Last Seen 2014-02-09 15:30:29 CET
Local ID d26ee5e4-f410-4ac8-b132-dc5b0017eba4
Raw Audit Messages
type=AVC msg=audit(1391956229.265:27): avc: denied { write } for pid=647 comm="bumblebeed" name="bbswitch" dev="proc" ino=4026532316 scontext=system_u:system_r:bumblebee_t:s0 tcontext=system_u:object_r:proc_t:s0 tclass=file
type=SYSCALL msg=audit(1391956229.265:27): arch=x86_64 syscall=open success=yes exit=EIO a0=409895 a1=241 a2=1b6 a3=22 items=0 ppid=1 pid=647 auid=4294967295 uid=0 gid=1001 euid=0 suid=0 fsuid=0 egid=1001 sgid=1001 fsgid=1001 ses=4294967295 tty=(none) comm=bumblebeed exe=/usr/sbin/bumblebeed subj=system_u:system_r:bumblebee_t:s0 key=(null)
Hash: bumblebeed,bumblebee_t,proc_t,file,write
|
Description of problem: SELinux is preventing /usr/sbin/bumblebeed from 'write' accesses on the file bbswitch. ***** Plugin catchall (100. confidence) suggests ************************** If you believe that bumblebeed should be allowed write access on the bbswitch file by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # grep bumblebeed /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context system_u:system_r:bumblebee_t:s0 Target Context system_u:object_r:proc_t:s0 Target Objects bbswitch [ file ] Source bumblebeed Source Path /usr/sbin/bumblebeed Port <Unknown> Host (removed) Source RPM Packages bumblebee-3.1-1.fc18.x86_64 Target RPM Packages Policy RPM selinux-policy-3.12.1-105.fc20.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 3.11.10-300.fc20.x86_64 #1 SMP Fri Nov 29 19:16:48 UTC 2013 x86_64 x86_64 Alert Count 5 First Seen 2013-12-06 19:16:25 WET Last Seen 2013-12-08 11:18:01 WET Local ID 9f737a13-6215-48b0-93d4-8eb867076f8a Raw Audit Messages type=AVC msg=audit(1386501481.5:615): avc: denied { write } for pid=5051 comm="bumblebeed" name="bbswitch" dev="proc" ino=4026532263 scontext=system_u:system_r:bumblebee_t:s0 tcontext=system_u:object_r:proc_t:s0 tclass=file type=SYSCALL msg=audit(1386501481.5:615): arch=x86_64 syscall=access success=yes exit=0 a0=409375 a1=6 a2=4074be a3=0 items=0 ppid=1 pid=5051 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 ses=4294967295 tty=(none) comm=bumblebeed exe=/usr/sbin/bumblebeed subj=system_u:system_r:bumblebee_t:s0 key=(null) Hash: bumblebeed,bumblebee_t,proc_t,file,write Additional info: reporter: libreport-2.1.9 hashmarkername: setroubleshoot kernel: 3.11.10-300.fc20.x86_64 type: libreport