Bug 1227071
Summary: | SELinux is preventing lxc-start from 'mounton' accesses on the directory /usr/lib64/lxc/rootfs/proc/1/net. | ||||||
---|---|---|---|---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Yogesh Sharma <yogeshsharma> | ||||
Component: | selinux-policy | Assignee: | Miroslav Grepl <mgrepl> | ||||
Status: | CLOSED EOL | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||
Severity: | unspecified | Docs Contact: | |||||
Priority: | unspecified | ||||||
Version: | 22 | CC: | dominick.grift, dwalsh, jclaverogarcia, jorti, lantw44, lvrabec, mgrepl, moath.alhamaideh, plautrba, taylor.m.wagner, tim | ||||
Target Milestone: | --- | ||||||
Target Release: | --- | ||||||
Hardware: | x86_64 | ||||||
OS: | Unspecified | ||||||
Whiteboard: | abrt_hash:9dddaece0a5671e86dcad3e510440aac5655b5a4519193dc0441d26283055c94 | ||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2016-07-19 14:27:41 UTC | Type: | --- | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Attachments: |
|
Description
Yogesh Sharma
2015-06-01 21:59:50 UTC
More error messages: lxc-start: conf.c: lxc_mount_auto_mounts: 819 Permission denied - error mounting /usr/lib64/lxc/rootfs/proc/sys/net on /usr/lib64/lxc/rootfs/proc/net flags 4096 type=AVC msg=audit(1434739703.963:3527): avc: denied { mounton } for pid=9173 comm="lxc-start" path="/usr/lib64/lxc/rootfs/proc/1/net" dev="proc" ino=4117235 scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=dir permissive=0 type=SYSCALL msg=audit(1434739703.963:3527): arch=x86_64 syscall=mount success=no exit=EACCES a0=1e83430 a1=1e81fe0 a2=0 a3=1000 items=0 ppid=9166 pid=9173 auid=1001 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts10 ses=2 comm=lxc-start exe=/usr/bin/lxc-start subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) Description of problem: 1: install lxc 2: create any container 3: config container to use virbr0 instead of lxcbr0 4: attempt to start the container using lxc-start. -denied Version-Release number of selected component: selinux-policy-3.13.1-128.1.fc22.noarch Additional info: reporter: libreport-2.6.0 hashmarkername: setroubleshoot kernel: 4.0.4-303.fc22.x86_64 type: libreport Fedora 22 changed to end-of-life (EOL) status on 2016-07-19. Fedora 22 is no longer maintained, which means that it will not receive any further security or bug fix updates. As a result we are closing this bug. If you can reproduce this bug against a currently maintained version of Fedora please feel free to reopen this bug against that version. If you are unable to reopen this bug, please file a new report against the current release. If you experience problems, please add a comment to this bug. Thank you for reporting this bug and we are sorry it could not be fixed. Created attachment 1918718 [details]
Default install of LXC
The needinfo request[s] on this closed bug have been removed as they have been unresolved for 120 days |