Bug 1218132
| Summary: | SELinux is preventing docker from 'getattr' accesses on the directory /etc/audit. | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | autarch princeps <autarch> |
| Component: | selinux-policy | Assignee: | Miroslav Grepl <mgrepl> |
| Status: | CLOSED DUPLICATE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 22 | CC: | dominick.grift, dwalsh, lvrabec, mgrepl |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | x86_64 | ||
| OS: | Unspecified | ||
| Whiteboard: | abrt_hash:1966335d4ea3b31fbd034bc696ce4fd21fd613091a57b2dc0155126659697b61 | ||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2015-05-05 06:09:39 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
*** This bug has been marked as a duplicate of bug 1218138 *** |
Description of problem: SELinux is preventing docker from 'getattr' accesses on the directory /etc/audit. ***** Plugin catchall (100. confidence) suggests ************************** If sie denken, dass es docker standardmässig erlaubt sein sollte, getattr Zugriff auf audit directory zu erhalten. Then sie sollten dies als Fehler melden. Um diesen Zugriff zu erlauben, können Sie ein lokales Richtlinien-Modul erstellen. Do zugriff jetzt erlauben, indem Sie die nachfolgenden Befehle ausführen: # grep docker /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context system_u:system_r:docker_t:s0 Target Context system_u:object_r:auditd_etc_t:s0 Target Objects /etc/audit [ dir ] Source docker Source Path docker Port <Unknown> Host (removed) Source RPM Packages Target RPM Packages audit-2.4.1-1.fc22.x86_64 audit-2.4.2-1.fc22.x86_64 Policy RPM selinux-policy-3.13.1-122.fc22.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Permissive Host Name (removed) Platform Linux (removed) 4.0.0-1.fc22.x86_64 #1 SMP Mon Apr 13 10:03:33 UTC 2015 x86_64 x86_64 Alert Count 1 First Seen 2015-05-02 14:43:07 CEST Last Seen 2015-05-02 14:43:07 CEST Local ID 6a0470eb-fed2-4b03-8368-6dded8212947 Raw Audit Messages type=AVC msg=audit(1430570587.938:2640): avc: denied { getattr } for pid=5366 comm="docker" path="/etc/audit" dev="sdc1" ino=268435590 scontext=system_u:system_r:docker_t:s0 tcontext=system_u:object_r:auditd_etc_t:s0 tclass=dir permissive=1 Hash: docker,docker_t,auditd_etc_t,dir,getattr Version-Release number of selected component: selinux-policy-3.13.1-122.fc22.noarch Additional info: reporter: libreport-2.5.1 hashmarkername: setroubleshoot kernel: 4.0.1-300.fc22.x86_64 type: libreport