Bug 1159347

Summary: SELinux is preventing unbound-control from write access on the file /run/dnssec-trigger/lock.
Product: [Fedora] Fedora Reporter: Luke Macken <lmacken>
Component: selinux-policyAssignee: Miroslav Grepl <mgrepl>
Status: CLOSED DUPLICATE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 21CC: dominick.grift, dwalsh, lvrabec, mgrepl, pfrields, plautrba
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-11-03 11:42:42 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Luke Macken 2014-10-31 16:08:00 UTC 
Description of problem:

Source Context                system_u:system_r:named_t:s0
Target Context                system_u:object_r:dnssec_trigger_var_run_t:s0
Target Objects                /run/dnssec-trigger/lock [ file ]
Source                        unbound-control
Source Path                   unbound-control
Port                          <Unknown>
Host                          ogresmasher
Source RPM Packages           
Target RPM Packages           
Policy RPM                    selinux-policy-3.13.1-90.fc21.noarch
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Enforcing
Host Name                     ogresmasher
Platform                      Linux ogresmasher 3.17.0-300.fc21.x86_64 #1 SMP
                              Mon Oct 6 17:19:04 UTC 2014 x86_64 x86_64
Alert Count                   451
First Seen                    2014-10-15 08:28:23 MDT
Last Seen                     2014-10-31 10:00:43 MDT
Local ID                      6938719a-e860-4431-b77a-ac20bd114dba

Raw Audit Messages
type=AVC msg=audit(1414771243.99:53679): avc:  denied  { write } for  pid=1963 comm="unbound-control" path="/run/dnssec-trigger/lock" dev="tmpfs" ino=26653 scontext=system_u:system_r:named_t:s0 tcontext=system_u:object_r:dnssec_trigger_var_run_t:s0 tclass=file permissive=0



Version-Release number of selected component (if applicable):

dnssec-trigger-0.12-15.fc21.x86_64
selinux-policy-3.13.1-90.fc21.noarch
Comment 1 Lukas Vrabec 2014-11-03 11:42:42 UTC 

*** This bug has been marked as a duplicate of bug 1147705 ***