Bug 1086047
| Summary: | systemd-sysctl - Permission denied | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | poma <pomidorabelisima> |
| Component: | selinux-policy | Assignee: | Miroslav Grepl <mgrepl> |
| Status: | CLOSED DUPLICATE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 20 | CC: | dominick.grift, dwalsh, lvrabec, mgrepl |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | x86_64 | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2014-04-10 08:30:18 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
# cat systemd-sysctl-aio-max-nr-mypol.te
module systemd-sysctl-aio-max-nr-mypol 1.0;
require {
type proc_t;
type systemd_sysctl_t;
class file write;
}
#============= systemd_sysctl_t ==============
allow systemd_sysctl_t proc_t:file write;
*** This bug has been marked as a duplicate of bug 1084829 *** |
# systemctl restart systemd-sysctl Job for systemd-sysctl.service failed. ... # ausearch -m avc -c systemd-sysctl ---- time->Thu Apr 10 04:04:32 2014 type=SYSCALL msg=audit(1397095472.690:822): arch=c000003e syscall=2 success=no exit=-13 a0=7fe3fc418190 a1=80241 a2=1b6 a3=22 items=0 ppid=1 pid=4746 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 ses=4294967295 tty=(none) comm="systemd-sysctl" exe="/usr/lib/systemd/systemd-sysctl" subj=system_u:system_r:systemd_sysctl_t:s0 key=(null) type=AVC msg=audit(1397095472.690:822): avc: denied { write } for pid=4746 comm="systemd-sysctl" name="core_uses_pid" dev="proc" ino=1213 scontext=system_u:system_r:systemd_sysctl_t:s0 tcontext=system_u:object_r:proc_t:s0 tclass=file ---- time->Thu Apr 10 04:04:32 2014 type=SYSCALL msg=audit(1397095472.690:823): arch=c000003e syscall=2 success=no exit=-13 a0=7fe3fc40f110 a1=80241 a2=1b6 a3=e items=0 ppid=1 pid=4746 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 ses=4294967295 tty=(none) comm="systemd-sysctl" exe="/usr/lib/systemd/systemd-sysctl" subj=system_u:system_r:systemd_sysctl_t:s0 key=(null) type=AVC msg=audit(1397095472.690:823): avc: denied { write } for pid=4746 comm="systemd-sysctl" name="rp_filter" dev="proc" ino=1217 scontext=system_u:system_r:systemd_sysctl_t:s0 tcontext=system_u:object_r:proc_t:s0 tclass=file ---- time->Thu Apr 10 04:04:32 2014 type=SYSCALL msg=audit(1397095472.690:824): arch=c000003e syscall=2 success=no exit=-13 a0=7fe3fc40f110 a1=80241 a2=1b6 a3=e items=0 ppid=1 pid=4746 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 ses=4294967295 tty=(none) comm="systemd-sysctl" exe="/usr/lib/systemd/systemd-sysctl" subj=system_u:system_r:systemd_sysctl_t:s0 key=(null) type=AVC msg=audit(1397095472.690:824): avc: denied { write } for pid=4746 comm="systemd-sysctl" name="accept_source_route" dev="proc" ino=1218 scontext=system_u:system_r:systemd_sysctl_t:s0 tcontext=system_u:object_r:proc_t:s0 tclass=file ---- time->Thu Apr 10 04:04:32 2014 type=SYSCALL msg=audit(1397095472.690:825): arch=c000003e syscall=2 success=no exit=-13 a0=7fe3fc418190 a1=80241 a2=1b6 a3=e items=0 ppid=1 pid=4746 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 ses=4294967295 tty=(none) comm="systemd-sysctl" exe="/usr/lib/systemd/systemd-sysctl" subj=system_u:system_r:systemd_sysctl_t:s0 key=(null) type=AVC msg=audit(1397095472.690:825): avc: denied { write } for pid=4746 comm="systemd-sysctl" name="protected_hardlinks" dev="proc" ino=1220 scontext=system_u:system_r:systemd_sysctl_t:s0 tcontext=system_u:object_r:proc_t:s0 tclass=file ---- time->Thu Apr 10 04:04:32 2014 type=SYSCALL msg=audit(1397095472.690:826): arch=c000003e syscall=2 success=no exit=-13 a0=7fe3fc418190 a1=80241 a2=1b6 a3=e items=0 ppid=1 pid=4746 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 ses=4294967295 tty=(none) comm="systemd-sysctl" exe="/usr/lib/systemd/systemd-sysctl" subj=system_u:system_r:systemd_sysctl_t:s0 key=(null) type=AVC msg=audit(1397095472.690:826): avc: denied { write } for pid=4746 comm="systemd-sysctl" name="protected_symlinks" dev="proc" ino=1221 scontext=system_u:system_r:systemd_sysctl_t:s0 tcontext=system_u:object_r:proc_t:s0 tclass=file ---- time->Thu Apr 10 04:04:32 2014 type=SYSCALL msg=audit(1397095472.690:827): arch=c000003e syscall=2 success=no exit=-13 a0=7fe3fc418190 a1=80241 a2=1b6 a3=e items=0 ppid=1 pid=4746 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 ses=4294967295 tty=(none) comm="systemd-sysctl" exe="/usr/lib/systemd/systemd-sysctl" subj=system_u:system_r:systemd_sysctl_t:s0 key=(null) type=AVC msg=audit(1397095472.690:827): avc: denied { write } for pid=4746 comm="systemd-sysctl" name="max_user_watches" dev="proc" ino=1223 scontext=system_u:system_r:systemd_sysctl_t:s0 tcontext=system_u:object_r:proc_t:s0 tclass=file ---- time->Thu Apr 10 04:04:32 2014 type=SYSCALL msg=audit(1397095472.690:828): arch=c000003e syscall=2 success=no exit=-13 a0=7fe3fc418190 a1=80241 a2=1b6 a3=e items=0 ppid=1 pid=4746 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 ses=4294967295 tty=(none) comm="systemd-sysctl" exe="/usr/lib/systemd/systemd-sysctl" subj=system_u:system_r:systemd_sysctl_t:s0 key=(null) type=AVC msg=audit(1397095472.690:828): avc: denied { write } for pid=4746 comm="systemd-sysctl" name="ip_forward" dev="proc" ino=1224 scontext=system_u:system_r:systemd_sysctl_t:s0 tcontext=system_u:object_r:proc_t:s0 tclass=file ---- time->Thu Apr 10 04:04:32 2014 type=SYSCALL msg=audit(1397095472.690:829): arch=c000003e syscall=2 success=no exit=-13 a0=7fe3fc40d0f0 a1=80241 a2=1b6 a3=1 items=0 ppid=1 pid=4746 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 ses=4294967295 tty=(none) comm="systemd-sysctl" exe="/usr/lib/systemd/systemd-sysctl" subj=system_u:system_r:systemd_sysctl_t:s0 key=(null) type=AVC msg=audit(1397095472.690:829): avc: denied { write } for pid=4746 comm="systemd-sysctl" name="sysrq" dev="proc" ino=1225 scontext=system_u:system_r:systemd_sysctl_t:s0 tcontext=system_u:object_r:proc_t:s0 tclass=file ---- time->Thu Apr 10 04:04:32 2014 type=SYSCALL msg=audit(1397095472.690:830): arch=c000003e syscall=2 success=no exit=-13 a0=7fe3fc40d0f0 a1=80241 a2=1b6 a3=3 items=0 ppid=1 pid=4746 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 ses=4294967295 tty=(none) comm="systemd-sysctl" exe="/usr/lib/systemd/systemd-sysctl" subj=system_u:system_r:systemd_sysctl_t:s0 key=(null) type=AVC msg=audit(1397095472.690:830): avc: denied { write } for pid=4746 comm="systemd-sysctl" name="aio-max-nr" dev="proc" ino=1226 scontext=system_u:system_r:systemd_sysctl_t:s0 tcontext=system_u:object_r:proc_t:s0 tclass=file