Bug 1276601

Summary: systemd-logind AVC's while shutting down system
Product: [Fedora] Fedora Reporter: Stef Walter <stefw>
Component: selinux-policy-targetedAssignee: Lukas Vrabec <lvrabec>
Status: CLOSED WORKSFORME QA Contact: Ben Levenson <benl>
Severity: medium Docs Contact:
Priority: high    
Version: 23CC: dwalsh, gronki, lvrabec, mvollmer, stefw, systemd-maint
Target Milestone: ---Flags: stefw: needinfo-
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-08-18 12:39:28 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Stef Walter 2015-10-30 09:25:24 UTC 
Description of problem:

In the Cockpit test suite we see these AVC's while systemd-logind is running a system shutdown:

Oct 29 22:11:39 f3 audit[571]: AVC avc:  denied  { create } for  pid=571 comm="systemd-logind" name=".#scheduledVKawcY" scontext=system_u:system_r:systemd_logind_t:s0 tcontext=system_u:object_r:init_var_run_t:s0 tclass=file permissive=1
Oct 29 22:11:39 f3 audit[571]: AVC avc:  denied  { read write open } for  pid=571 comm="systemd-logind" path="/run/systemd/shutdown/.#scheduledVKawcY" dev="tmpfs" ino=18735 scontext=system_u:system_r:systemd_logind_t:s0 tcontext=system_u:object_r:init_var_run_t:s0 tclass=file permissive=1
Oct 29 22:11:39 f3 audit[571]: SYSCALL arch=c000003e syscall=2 success=yes exit=19 a0=55ad25fddb70 a1=800c2 a2=180 a3=0 items=0 ppid=1 pid=571 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="systemd-logind" exe="/usr/lib/systemd/systemd-logind" subj=system_u:system_r:systemd_logind_t:s0 key=(null)
Oct 29 22:11:39 f3 audit: PROCTITLE proctitle="/usr/lib/systemd/systemd-logind"
Oct 29 22:11:39 f3 audit[571]: AVC avc:  denied  { setattr } for  pid=571 comm="systemd-logind" name=".#scheduledVKawcY" dev="tmpfs" ino=18735 scontext=system_u:system_r:systemd_logind_t:s0 tcontext=system_u:object_r:init_var_run_t:s0 tclass=file permissive=1
Oct 29 22:11:39 f3 audit[571]: SYSCALL arch=c000003e syscall=91 success=yes exit=0 a0=13 a1=1a4 a2=0 a3=55ad25fdbdf0 items=0 ppid=1 pid=571 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="systemd-logind" exe="/usr/lib/systemd/systemd-logind" subj=system_u:system_r:systemd_logind_t:s0 key=(null)
Oct 29 22:11:39 f3 audit: PROCTITLE proctitle="/usr/lib/systemd/systemd-logind"
Oct 29 22:11:39 f3 audit[571]: AVC avc:  denied  { getattr } for  pid=571 comm="systemd-logind" path="/run/systemd/shutdown/.#scheduledVKawcY" dev="tmpfs" ino=18735 scontext=system_u:system_r:systemd_logind_t:s0 tcontext=system_u:object_r:init_var_run_t:s0 tclass=file permissive=1
Oct 29 22:11:39 f3 audit[571]: SYSCALL arch=c000003e syscall=5 success=yes exit=0 a0=13 a1=7fff57273750 a2=7fff57273750 a3=55ad25d239f0 items=0 ppid=1 pid=571 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="systemd-logind" exe="/usr/lib/systemd/systemd-logind" subj=system_u:system_r:systemd_logind_t:s0 key=(null)
Oct 29 22:11:39 f3 audit: PROCTITLE proctitle="/usr/lib/systemd/systemd-logind"
Oct 29 22:11:39 f3 audit[571]: AVC avc:  denied  { rename } for  pid=571 comm="systemd-logind" name=".#scheduledVKawcY" dev="tmpfs" ino=18735 scontext=system_u:system_r:systemd_logind_t:s0 tcontext=system_u:object_r:init_var_run_t:s0 tclass=file permissive=1
Oct 29 22:11:39 f3 audit[571]: SYSCALL arch=c000003e syscall=82 success=yes exit=0 a0=55ad25fddb70 a1=55ad25d23990 a2=0 a3=7f2358b708c0 items=0 ppid=1 pid=571 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="systemd-logind" exe="/usr/lib/systemd/systemd-logind" subj=system_u:system_r:systemd_logind_t:s0 key=(null)
Oct 29 22:11:39 f3 audit: PROCTITLE proctitle="/usr/lib/systemd/systemd-logind"
Oct 29 22:11:39 f3 cockpit-bridge[1127]: Shutdown scheduled for Thu 2015-10-29 18:11:39 EDT, use 'shutdown -c' to cancel.
Oct 29 22:11:39 f3 systemd-logind[571]: Creating /run/nologin, blocking further logins...
Oct 29 22:11:39 f3 audit[571]: AVC avc:  denied  { create } for  pid=571 comm="systemd-logind" name=".#nologinD0cdvj" scontext=system_u:system_r:systemd_logind_t:s0 tcontext=system_u:object_r:var_run_t:s0 tclass=file permissive=1
Oct 29 22:11:39 f3 audit[571]: AVC avc:  denied  { read write open } for  pid=571 comm="systemd-logind" path="/run/.#nologinD0cdvj" dev="tmpfs" ino=18743 scontext=system_u:system_r:systemd_logind_t:s0 tcontext=system_u:object_r:var_run_t:s0 tclass=file permissive=1
Oct 29 22:11:39 f3 audit[571]: SYSCALL arch=c000003e syscall=2 success=yes exit=19 a0=55ad25fdd6f0 a1=800c2 a2=180 a3=0 items=0 ppid=1 pid=571 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="systemd-logind" exe="/usr/lib/systemd/systemd-logind" subj=system_u:system_r:systemd_logind_t:s0 key=(null)
Oct 29 22:11:39 f3 audit: PROCTITLE proctitle="/usr/lib/systemd/systemd-logind"
Oct 29 22:11:39 f3 audit[571]: AVC avc:  denied  { setattr } for  pid=571 comm="systemd-logind" name=".#nologinD0cdvj" dev="tmpfs" ino=18743 scontext=system_u:system_r:systemd_logind_t:s0 tcontext=system_u:object_r:var_run_t:s0 tclass=file permissive=1
Oct 29 22:11:39 f3 audit[571]: SYSCALL arch=c000003e syscall=91 success=yes exit=0 a0=13 a1=1a4 a2=0 a3=55ad25fdbaa0 items=0 ppid=1 pid=571 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="systemd-logind" exe="/usr/lib/systemd/systemd-logind" subj=system_u:system_r:systemd_logind_t:s0 key=(null)
Oct 29 22:11:39 f3 audit: PROCTITLE proctitle="/usr/lib/systemd/systemd-logind"
Oct 29 22:11:39 f3 audit[571]: AVC avc:  denied  { getattr } for  pid=571 comm="systemd-logind" path="/run/.#nologinD0cdvj" dev="tmpfs" ino=18743 scontext=system_u:system_r:systemd_logind_t:s0 tcontext=system_u:object_r:var_run_t:s0 tclass=file permissive=1
Oct 29 22:11:39 f3 audit[571]: SYSCALL arch=c000003e syscall=5 success=yes exit=0 a0=13 a1=7fff572740a0 a2=7fff572740a0 a3=55ad25fdbaa0 items=0 ppid=1 pid=571 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="systemd-logind" exe="/usr/lib/systemd/systemd-logind" subj=system_u:system_r:systemd_logind_t:s0 key=(null)
Oct 29 22:11:39 f3 audit: PROCTITLE proctitle="/usr/lib/systemd/systemd-logind"
Oct 29 22:11:39 f3 audit[571]: AVC avc:  denied  { rename } for  pid=571 comm="systemd-logind" name=".#nologinD0cdvj" dev="tmpfs" ino=18743 scontext=system_u:system_r:systemd_logind_t:s0 tcontext=system_u:object_r:var_run_t:s0 tclass=file permissive=1
Oct 29 22:11:39 f3 audit[571]: SYSCALL arch=c000003e syscall=82 success=yes exit=0 a0=55ad25fdd6f0 a1=55ad25d14d14 a2=0 a3=7f2358b708c0 items=0 ppid=1 pid=571 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="systemd-logind" exe="/usr/lib/systemd/systemd-logind" subj=system_u:system_r:systemd_logind_t:s0 key=(null)

Version-Release number of selected component (if applicable):

systemd-222-8.fc23.x86_64
selinux-policy-targeted-3.13.1-151.fc23.noarch

Full log: http://files.cockpit-project.org/logs/pull-3068-0c94ef09-fedora-23-x86_64/TestShutdownRestart-testBasic-10.111.112.103-FAIL.log

There are many such examples, that's just one of the logs. More can be provided, including full journal contents.
Comment 1 Miroslav Grepl 2016-01-22 09:24:48 UTC 
There mislabeled dirs for a reason.

Could you try to run

# restorecon -R -v /run/systemd
Comment 2 Dominik Gronkiewicz 2016-02-28 02:36:40 UTC 
I have the same problem. I really want to go to enforced mode but I'm afraid as long as this alert occurs.
Comment 3 Lukas Vrabec 2016-03-15 18:31:34 UTC 
Is it possible to reproduce this issue? I add some fixes, so I believe this is fixed now.