Bug 1282003
Summary: | SELinux is preventing /usr/sbin/apcaccess from 'read' accesses on the file unix. | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Robert Hancock <hancockrwd> |
Component: | selinux-policy | Assignee: | Vit Mojzis <vmojzis> |
Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | low | Docs Contact: | |
Priority: | medium | ||
Version: | 23 | CC: | dominick.grift, dwalsh, hancockrwd, hx, lvrabec, mgrepl, plautrba |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | x86_64 | ||
OS: | Unspecified | ||
Whiteboard: | abrt_hash:94aa760ab4a85398113fa0c4fc7156643b2679ac6c9f9881f73981a3e231072f;VARIANT_ID=workstation; | ||
Fixed In Version: | selinux-policy-3.13.1-158.4.fc23 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2016-02-07 05:23:58 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Robert Hancock
2015-11-14 04:59:39 UTC
Could you please try if you get any other AVC? (I was unable to reproduce the issue - the reported AVC doesn't show up without ups connected)? Reproducing the issue with SELinux in permissive mode will show us all the permission apcaccess needs. Plese try the following> #setenforce 0 <reproduce the issue> #ausearch -m avc -ts recent #setenforce 1 The problem doesn't seem reproducible on command, I think this only happened once. Not sure why - maybe some kind of timing-related issue? This will only happen when the service is started via the init system, running it directly would result in the program running as unconfined_t, so it would be allowed. This access should be just allowed. Yes, it makes sense to allow it. commit b54d2c98b12a9ac90c0970e4ed98ce258fbee434 Author: Lukas Vrabec <lvrabec> Date: Mon Jan 25 16:16:32 2016 +0100 Allow apcupsd to read kernel network state. BZ(1282003) selinux-policy-3.13.1-158.4.fc23 has been submitted as an update to Fedora 23. https://bodhi.fedoraproject.org/updates/FEDORA-2016-2aa7777f21 selinux-policy-3.13.1-158.4.fc23 has been pushed to the Fedora 23 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-2aa7777f21 selinux-policy-3.13.1-158.4.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report. |