Bug 1266670
| Summary: | SELinux is preventing iscsid from 'create' accesses on the netlink_iscsi_socket Unknown. | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Ermanno Scaglione <erm67> |
| Component: | selinux-policy | Assignee: | Miroslav Grepl <mgrepl> |
| Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 23 | CC: | dominick.grift, dwalsh, lvrabec, mgrepl, plautrba, tomek |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | x86_64 | ||
| OS: | Unspecified | ||
| Whiteboard: | abrt_hash:02161e38e192158f112bddf4f549f2c3b8d15ebddbaf46bd565487e8aefacf57; | ||
| Fixed In Version: | selinux-policy-3.13.1-150.fc23 | Doc Type: | Bug Fix |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2015-10-13 00:05:18 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
Rawhide has the same problem. https://github.com/fedora-selinux/selinux-policy/commit/386c71e3e7bb581e683acb63238ce51ab4c6cf5d Fixed also in Rawhide. selinux-policy-3.13.1-150.fc23 has been submitted as an update to Fedora 23. https://bodhi.fedoraproject.org/updates/FEDORA-2015-f4305656a5 selinux-policy-3.13.1-150.fc23 has been pushed to the Fedora 23 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with $ su -c 'dnf --enablerepo=updates-testing update selinux-policy' You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2015-f4305656a5 selinux-policy-3.13.1-150.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report. |
Description of problem: starting iscsi initiator SELinux is preventing iscsid from 'create' accesses on the netlink_iscsi_socket Unknown. ***** Plugin catchall (100. confidence) suggests ************************** If si crede che iscsid dovrebbe avere possibilità di accesso create sui Unknown netlink_iscsi_socket in modo predefinito. Then si dovrebbe riportare il problema come bug. E' possibile generare un modulo di politica locale per consentire questo accesso. Do consentire questo accesso per il momento eseguendo: # grep iscsid /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context system_u:system_r:iscsid_t:s0 Target Context system_u:system_r:iscsid_t:s0 Target Objects Unknown [ netlink_iscsi_socket ] Source iscsid Source Path iscsid Port <Unknown> Host (removed) Source RPM Packages Target RPM Packages Policy RPM selinux-policy-3.13.1-147.fc23.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 4.2.1-300.fc23.x86_64 #1 SMP Mon Sep 21 22:13:13 UTC 2015 x86_64 x86_64 Alert Count 10 First Seen 2015-09-26 13:05:17 CEST Last Seen 2015-09-26 13:07:53 CEST Local ID cbeba51e-a5c4-4256-83d2-54abd98efe1c Raw Audit Messages type=AVC msg=audit(1443265673.39:892): avc: denied { create } for pid=1263 comm="iscsid" scontext=system_u:system_r:iscsid_t:s0 tcontext=system_u:system_r:iscsid_t:s0 tclass=netlink_iscsi_socket permissive=0 Hash: iscsid,iscsid_t,iscsid_t,netlink_iscsi_socket,create Version-Release number of selected component: selinux-policy-3.13.1-147.fc23.noarch Additional info: reporter: libreport-2.6.2 hashmarkername: setroubleshoot kernel: 4.2.1-300.fc23.x86_64 type: libreport