Bug 1256334

Summary: Failed to write '0' to '/proc/sys/kernel/yama/ptrace_scope': Operation not permitted
Product: [Fedora] Fedora Reporter: Sudhir Khanger <sudhir>
Component: selinux-policyAssignee: Miroslav Grepl <mgrepl>
Status: CLOSED DUPLICATE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 22CC: dominick.grift, dwalsh, gansalmon, itamar, jonathan, kernel-maint, lvrabec, madhu.chinakonda, mchehab, mgrepl, plautrba
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-08-24 14:30:28 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
journalctl -xe none

Description Sudhir Khanger 2015-08-24 11:31:13 UTC 
Description of problem: Failed to start Apply Kernel Variables. systemd-sysctl.service fails to load


Version-Release number of selected component (if applicable):
kernel-4.1.4-200.fc22.x86_64
systemd-219-21.fc22.x86_64


How reproducible: Always


Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info:

systemctl status systemd-sysctl.service
● systemd-sysctl.service - Apply Kernel Variables
   Loaded: loaded (/usr/lib/systemd/system/systemd-sysctl.service; static; vendor preset: disabled)
   Active: failed (Result: exit-code) since Mon 2015-08-24 16:49:14 IST; 7min ago
     Docs: man:systemd-sysctl.service(8)
           man:sysctl.d(5)
  Process: 3569 ExecStart=/usr/lib/systemd/systemd-sysctl (code=exited, status=1/FAILURE)
 Main PID: 3569 (code=exited, status=1/FAILURE)

Aug 24 16:49:14 fedora systemd[1]: Starting Apply Kernel Variables...
Aug 24 16:49:14 fedora systemd[1]: systemd-sysctl.service: main process exited, code=exited, status=1/FAILURE
Aug 24 16:49:14 fedora systemd[1]: Failed to start Apply Kernel Variables.
Aug 24 16:49:14 fedora systemd[1]: Unit systemd-sysctl.service entered failed state.
Aug 24 16:49:14 fedora systemd[1]: systemd-sysctl.service failed.
Comment 1 Sudhir Khanger 2015-08-24 11:31:54 UTC 
Created attachment 1066331 [details]
journalctl -xe
Comment 2 Josh Boyer 2015-08-24 13:41:36 UTC 
You're getting an avc denial for this.  Probably an SELinux policy problem.  Let's see what they have to say.

-- Unit systemd-sysctl.service has begun starting up.
Aug 24 16:58:44 fedora audit[4157]: <audit-1400> avc:  denied  { sys_ptrace } for  pid=4157 comm="systemd-sysctl" capability=19  scontext=system_u:system_r:systemd_sysctl_t:s0 tcontext=system_u:system_r:systemd_sysctl_t:s0 tclass=capability permissive=0
Aug 24 16:58:44 fedora systemd-sysctl[4157]: Failed to write '0' to '/proc/sys/kernel/yama/ptrace_scope': Operation not permitted
Aug 24 16:58:44 fedora systemd[1]: systemd-sysctl.service: main process exited, code=exited, status=1/FAILURE
Aug 24 16:58:44 fedora systemd[1]: Failed to start Apply Kernel Variables.
-- Subject: Unit systemd-sysctl.service has failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit systemd-sysctl.service has failed.
Comment 3 Lukas Vrabec 2015-08-24 14:30:28 UTC 

*** This bug has been marked as a duplicate of bug 1253926 ***