Bug 1260275

Summary: SELinux is preventing named from 'search' accesses on the directory net.
Product: [Fedora] Fedora Reporter: Nicolas Mailhot <nicolas.mailhot>
Component: selinux-policyAssignee: Miroslav Grepl <mgrepl>
Status: CLOSED DUPLICATE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: rawhideCC: dominick.grift, dwalsh, lvrabec, mgrepl, plautrba
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Unspecified   
Whiteboard: abrt_hash:30bdb7dcae1d8e0ceb33304222ad95fc8f66fcd72a1b63ee1f04352a6d37c7d2
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-09-11 12:10:02 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Nicolas Mailhot 2015-09-05 12:36:30 UTC 
Description of problem:
SELinux is preventing named from 'search' accesses on the directory net.

*****  Plugin catchall (100. confidence) suggests   **************************

If vous pensez que named devrait être autorisé à accéder search sur net directory par défaut.
Then vous devriez rapporter ceci en tant qu'anomalie.
Vous pouvez générer un module de stratégie local pour autoriser cet accès.
Do
autoriser cet accès pour le moment en exécutant :
# grep named /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp

Additional Information:
Source Context                system_u:system_r:named_t:s0
Target Context                system_u:object_r:sysctl_net_t:s0
Target Objects                net [ dir ]
Source                        named
Source Path                   named
Port                          <Unknown>
Host                          (removed)
Source RPM Packages           
Target RPM Packages           
Policy RPM                    selinux-policy-3.13.1-146.fc24.noarch
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Permissive
Host Name                     (removed)
Platform                      Linux (removed) 4.3.0-0.rc0.git7.1.fc24.x86_64 #1
                              SMP Fri Sep 4 14:36:30 UTC 2015 x86_64 x86_64
Alert Count                   11
First Seen                    2015-09-05 14:09:06 CEST
Last Seen                     2015-09-05 14:33:32 CEST
Local ID                      849dea69-6455-4a69-93b7-7d1b6227d99f

Raw Audit Messages
type=AVC msg=audit(1441456412.169:789): avc:  denied  { search } for  pid=1592 comm="named" name="net" dev="proc" ino=11457 scontext=system_u:system_r:named_t:s0 tcontext=system_u:object_r:sysctl_net_t:s0 tclass=dir permissive=1


Hash: named,named_t,sysctl_net_t,dir,search

Version-Release number of selected component:
selinux-policy-3.13.1-146.fc24.noarch

Additional info:
reporter:       libreport-2.6.2
hashmarkername: setroubleshoot
kernel:         4.3.0-0.rc0.git7.1.fc24.x86_64
type:           libreport
Comment 1 Miroslav Grepl 2015-09-11 12:10:02 UTC 

*** This bug has been marked as a duplicate of bug 1260272 ***