Bug 1264423
Summary: | SELinux is preventing colord from 'getattr' accesses on the file /proc/<pid>/cgroup. | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Brendan Shephard <brendan.shephard> |
Component: | selinux-policy | Assignee: | Miroslav Grepl <mgrepl> |
Status: | CLOSED NEXTRELEASE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | low | Docs Contact: | |
Priority: | low | ||
Version: | 22 | CC: | brendan.shephard, dominick.grift, dwalsh, lvrabec, mgrepl, plautrba |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | x86_64 | ||
OS: | Unspecified | ||
Whiteboard: | abrt_hash:0d622e32f2b5d6d328366e7d03498b1e0c6bfd3cdeadf3cc8fb0c42372f8ca6a | ||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2015-10-13 11:02:11 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Brendan Shephard
2015-09-18 12:35:53 UTC
What does on your system $ ps -efZ |grep unconfined_service I believe this issue was an issue with the last SELinux and Systemd update (in the same dnf update run). It was something to do with the order that the updates got installed. Trying to reboot the system from the GUI wouldn't do anything. When I tried via $ reboot. I got the error, : Failed to get reboot.service: Permission denied Any process that I tried to start, stop or restart would give me the same error. To resolve the issue, I had to use $ setenforce 0 && reboot After a successful reboot it seemed to be fine with selinux enforcing. I'll mark it as resolved. However, it should be noted that I've experienced the same issue with CentOS after an update that contained SELinux and Systemd in the same run. Maybe we could package those updates separately in the future to avoid disruptions to production machines? Yes, it relates with changes in the policy and daemon reexec was needed. We have fixes for this in libselinux to avoid it in the future. Thank you. |