Bug 1332126
| Summary: | the output of sealert -l ... is localized partially | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 7 | Reporter: | Milos Malik <mmalik> |
| Component: | setroubleshoot | Assignee: | Petr Lautrbach <plautrba> |
| Status: | CLOSED ERRATA | QA Contact: | Dalibor Pospíšil <dapospis> |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | 7.3 | CC: | dapospis, lvrabec, mgrepl, mmalik, plautrba, vmojzis |
| Target Milestone: | rc | ||
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2018-04-10 18:35:41 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2018:0994 |
Description of problem: * the "Additional information" section is not localized at all Version-Release number of selected component (if applicable): setroubleshoot-3.2.25-2.el7.x86_64 setroubleshoot-plugins-3.0.59-1.el7.noarch setroubleshoot-server-3.2.25-2.el7.x86_64 How reproducible: always Actual results: # LANG=de_DE.utf8 sealert -l a60234bf-d0fd-4184-8a19-bc8e633db256 SELinux is preventing /usr/lib/systemd/systemd-resolved from nlmsg_read access on the netlink_route_socket Unknown. ***** Plugin catchall (100. confidence) suggests ************************** If sie denken, dass es systemd-resolved standardmässig erlaubt sein sollte, nlmsg_read Zugriff auf Unknown netlink_route_socket zu erhalten. Then sie sollten dies als Fehler melden. Um diesen Zugriff zu erlauben, können Sie ein lokales Richtlinien-Modul erstellen. Do zugriff jetzt erlauben, indem Sie die nachfolgenden Befehle ausführen: # grep systemd-resolve /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context system_u:system_r:systemd_resolved_t:s0 Target Context system_u:system_r:systemd_resolved_t:s0 Target Objects Unknown [ netlink_route_socket ] Source systemd-resolve Source Path /usr/lib/systemd/systemd-resolved Port <Unknown> Host rhel71.localdomain Source RPM Packages systemd-resolved-219-20.el7.x86_64 Target RPM Packages Policy RPM selinux-policy-3.13.1-69.el7.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name rhel71.localdomain Platform Linux rhel71.localdomain 3.10.0-379.el7.x86_64 #1 SMP Wed Apr 13 21:46:59 EDT 2016 x86_64 x86_64 Alert Count 31 First Seen 2016-04-28 15:08:35 CEST Last Seen 2016-05-02 10:03:53 CEST Local ID a60234bf-d0fd-4184-8a19-bc8e633db256 Raw Audit Messages type=AVC msg=audit(1462176233.767:100): avc: denied { nlmsg_read } for pid=1234 comm="systemd-resolve" scontext=system_u:system_r:systemd_resolved_t:s0 tcontext=system_u:system_r:systemd_resolved_t:s0 tclass=netlink_route_socket type=SYSCALL msg=audit(1462176233.767:100): arch=x86_64 syscall=sendto success=no exit=EACCES a0=9 a1=7febc8ad6100 a2=20 a3=0 items=0 ppid=1 pid=1234 auid=4294967295 uid=909 gid=898 euid=909 suid=909 fsuid=909 egid=898 sgid=898 fsgid=898 tty=(none) ses=4294967295 comm=systemd-resolve exe=/usr/lib/systemd/systemd-resolved subj=system_u:system_r:systemd_resolved_t:s0 key=(null) Hash: systemd-resolve,systemd_resolved_t,systemd_resolved_t,netlink_route_socket,nlmsg_read Expected results: * the output is fully localized as in RHEL-6