Bug 1070961
| Summary: | SELinux is preventing /usr/sbin/apcupsd from 'create' accesses on the file . | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Nicolas Berrehouc <nberrehouc> |
| Component: | selinux-policy | Assignee: | Miroslav Grepl <mgrepl> |
| Status: | CLOSED DUPLICATE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 20 | CC: | dominick.grift, dwalsh, lvrabec, mgrepl |
| Target Milestone: | --- | Keywords: | Reopened |
| Target Release: | --- | ||
| Hardware: | x86_64 | ||
| OS: | Unspecified | ||
| Whiteboard: | abrt_hash:6bae2a2b3ecdf8c1bfff8c9f4dc31b6a2710b5990405138334d1e01ab1fa61cb | ||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2014-02-28 12:37:40 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
*** Bug 1070962 has been marked as a duplicate of this bug. *** *** This bug has been marked as a duplicate of bug 1047535 *** *** This bug has been marked as a duplicate of bug 1064099 *** |
Description of problem: SELinux is preventing /usr/sbin/apcupsd from 'create' accesses on the file . ***** Plugin catchall_labels (83.8 confidence) suggests ******************* If you want to allow apcupsd to have create access on the file Then l'étiquette sur $FIX_TARGET_PATH doit être modifiée. Do # semanage fcontext -a -t FILE_TYPE '$FIX_TARGET_PATH' où FILE_TYPE est l'une des valeurs suivantes : apcupsd_lock_t, apcupsd_log_t, apcupsd_power_t, apcupsd_tmp_t, apcupsd_var_run_t, etc_runtime_t, systemd_passwd_var_run_t. Puis exécutez : restorecon -v '$FIX_TARGET_PATH' ***** Plugin catchall (17.1 confidence) suggests ************************** If vous pensez que apcupsd devrait être autorisé à accéder create sur file par défaut. Then vous devriez rapporter ceci en tant qu'anomalie. Vous pouvez générer un module de stratégie local pour autoriser cet accès. Do autoriser cet accès pour le moment en exécutant : # grep apcupsd /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context system_u:system_r:apcupsd_t:s0 Target Context system_u:object_r:etc_t:s0 Target Objects [ file ] Source apcupsd Source Path /usr/sbin/apcupsd Port <Unknown> Host (removed) Source RPM Packages apcupsd-3.14.11-1.fc20.x86_64 Target RPM Packages Policy RPM selinux-policy-3.12.1-127.fc20.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Permissive Host Name (removed) Platform Linux (removed) 3.13.5-200.fc20.x86_64 #1 SMP Mon Feb 24 16:51:35 UTC 2014 x86_64 x86_64 Alert Count 6 First Seen 2014-02-23 07:47:27 CET Last Seen 2014-02-27 20:26:15 CET Local ID 6324f4b9-7660-4da6-a45b-0019d7111dcb Raw Audit Messages type=AVC msg=audit(1393529175.493:356): avc: denied { create } for pid=1279 comm="apcupsd" name="LCK.." scontext=system_u:system_r:apcupsd_t:s0 tcontext=system_u:object_r:etc_t:s0 tclass=file type=AVC msg=audit(1393529175.493:356): avc: denied { write } for pid=1279 comm="apcupsd" path="/etc/apcupsd/LCK.." dev="dm-0" ino=654507 scontext=system_u:system_r:apcupsd_t:s0 tcontext=system_u:object_r:etc_t:s0 tclass=file type=SYSCALL msg=audit(1393529175.493:356): arch=x86_64 syscall=open success=yes exit=EINTR a0=7f57d294e2cc a1=c2 a2=1a4 a3=506 items=0 ppid=1 pid=1279 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 ses=4294967295 tty=(none) comm=apcupsd exe=/usr/sbin/apcupsd subj=system_u:system_r:apcupsd_t:s0 key=(null) Hash: apcupsd,apcupsd_t,etc_t,file,create Additional info: reporter: libreport-2.1.12 hashmarkername: setroubleshoot kernel: 3.13.3-201.fc20.x86_64 type: libreport