| Summary: | SELinux is preventing df from 'getattr' accesses on the directory /sys/kernel/config. | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | siki_atra <siki_atra> |
| Component: | httpd | Assignee: | Jan Kaluža <jkaluza> |
| Status: | CLOSED NOTABUG | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 23 | CC: | dominick.grift, dwalsh, jkaluza, jorton, lvrabec, mgrepl, pahan, plautrba |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | i686 | ||
| OS: | Unspecified | ||
| Whiteboard: | abrt_hash:4ab384ba04e9dcbb4803dae7d8a0b7ae49cd79457925c1791f3cab2c088e2689;VARIANT_ID=workstation; | ||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2016-04-27 12:26:41 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
httpd folks, Do you know whats going on here? Nothing used from httpd itself, could be some PHP/python/... script uses a library which is trying to access that? Oh, I missed the reference to df. httpd doesn't run df. |
Description of problem: SELinux is preventing df from 'getattr' accesses on the directory /sys/kernel/config. ***** Plugin catchall (100. confidence) suggests ************************** If cree que de manera predeterminada, df debería permitir acceso getattr sobre config directory. Then debería reportar esto como un error. Puede generar un módulo de política local para permitir este acceso. Do allow this access for now by executing: # ausearch -c df --raw | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context system_u:system_r:httpd_t:s0 Target Context system_u:object_r:configfs_t:s0 Target Objects /sys/kernel/config [ dir ] Source df Source Path df Port <Unknown> Host (removed) Source RPM Packages Target RPM Packages Policy RPM <Unknown> Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 4.4.6-301.fc23.i686 #1 SMP Wed Mar 30 18:11:04 UTC 2016 i686 i686 Alert Count 8 First Seen 2016-04-22 15:06:37 PET Last Seen 2016-04-22 15:16:32 PET Local ID 2636de4f-6735-42aa-8638-d439a4e5e144 Raw Audit Messages type=AVC msg=audit(1461356192.880:848): avc: denied { getattr } for pid=13221 comm="df" path="/sys/kernel/config" dev="configfs" ino=1863 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:configfs_t:s0 tclass=dir permissive=0 Hash: df,httpd_t,configfs_t,dir,getattr Additional info: reporter: libreport-2.6.4 hashmarkername: setroubleshoot kernel: 4.4.6-301.fc23.i686 type: libreport Potential duplicate: bug 1024468