Bug 1213574
| Summary: | SELinux is preventing bluetoothd from 'read' accesses on the lnk_file /etc/localtime. | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Sergey Kurtsev <skurtsev> |
| Component: | selinux-policy | Assignee: | Miroslav Grepl <mgrepl> |
| Status: | CLOSED DUPLICATE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 22 | CC: | dominick.grift, dwalsh, lvrabec, mgrepl |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | x86_64 | ||
| OS: | Unspecified | ||
| Whiteboard: | abrt_hash:bebdbf1d750ee44cc3d441fa978f9c557bbf808c6fd5ec82b0c0393dac74105a | ||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2015-04-22 10:47:02 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
*** This bug has been marked as a duplicate of bug 1190377 *** |
Description of problem: SELinux is preventing bluetoothd from 'read' accesses on the lnk_file /etc/localtime. ***** Plugin catchall_labels (83.8 confidence) suggests ******************* If you want to allow bluetoothd to have read access on the localtime lnk_file Then необходимо изменить метку на /etc/localtime Do # semanage fcontext -a -t FILE_TYPE '/etc/localtime' где FILE_TYPE может принимать значения: admin_home_t, bin_t, bluetooth_conf_rw_t, boot_t, cert_t, device_t, devlog_t, etc_runtime_t, etc_t, file_context_t, fonts_cache_t, fonts_t, hwdata_t, ld_so_t, lib_t, locale_t, man_cache_t, man_t, net_conf_t, proc_t, root_t, rpm_script_tmp_t, security_t, shell_exec_t, src_t, sssd_var_lib_t, sysfs_t, system_conf_t, system_db_t, textrel_shlib_t, tmp_t, udev_var_run_t, usbfs_t, usr_t, var_lock_t, var_run_t, var_t. Затем выполните: restorecon -v '/etc/localtime' ***** Plugin catchall (17.1 confidence) suggests ************************** If вы считаете, что bluetoothd следует разрешить доступ read к localtime lnk_file по умолчанию. Then рекомендуется создать отчет об ошибке. Чтобы разрешить доступ, можно создать локальный модуль политики. Do чтобы разрешить доступ, выполните: # grep bluetoothd /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context system_u:system_r:bluetooth_t:s0 Target Context system_u:object_r:default_t:s0 Target Objects /etc/localtime [ lnk_file ] Source bluetoothd Source Path bluetoothd Port <Unknown> Host (removed) Source RPM Packages Target RPM Packages systemd-219-9.fc22.x86_64 Policy RPM selinux-policy-3.13.1-122.fc22.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 4.0.0-1.fc22.x86_64 #1 SMP Mon Apr 13 10:03:33 UTC 2015 x86_64 x86_64 Alert Count 4 First Seen 2015-04-20 12:59:41 MSK Last Seen 2015-04-20 22:58:06 MSK Local ID eeec1a80-e676-4932-b713-277c7af32be4 Raw Audit Messages type=AVC msg=audit(1429559886.542:610): avc: denied { read } for pid=2261 comm="bluetoothd" name="localtime" dev="dm-1" ino=524813 scontext=system_u:system_r:bluetooth_t:s0 tcontext=system_u:object_r:default_t:s0 tclass=lnk_file permissive=0 Hash: bluetoothd,bluetooth_t,default_t,lnk_file,read Version-Release number of selected component: selinux-policy-3.13.1-122.fc22.noarch Additional info: reporter: libreport-2.5.1 hashmarkername: setroubleshoot kernel: 4.0.0-1.fc22.x86_64 type: libreport