Bug 1349045

Summary: selinux error rebasing f23 atomic host to f24
Product: [Fedora] Fedora Reporter: Micah Abbott <miabbott>
Component: selinux-policyAssignee: Miroslav Grepl <mgrepl>
Status: CLOSED DUPLICATE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 24CC: dominick.grift, dwalsh, lvrabec, mgrepl, plautrba, walters
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-06-22 15:30:49 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Micah Abbott 2016-06-22 15:10:15 UTC 
-bash-4.3# rpm-ostree status
  TIMESTAMP (UTC)         VERSION     ID             OSNAME            REFSPEC                                           
* 2016-06-20 20:15:43     23.141      e3e06c5186     fedora-atomic     fedora-atomic:fedora-atomic/f23/x86_64/docker-host
  2016-05-24 01:15:41     23.125      5668f0613e     fedora-atomic     fedora-atomic:fedora-atomic/f23/x86_64/docker-host

-bash-4.3# rpm-ostree --version
rpm-ostree 2016.1
  +compose

-bash-4.3# ostree remote add fedora-24 --set=gpg-verify=false https://dl.fedoraproject.org/pub/fedora/linux/atomic/24

-bash-4.3# rpm-ostree rebase fedora-24:fedora-atomic/24/x86_64/docker-host
error: fsetxattr: Invalid argument

-bash-4.3# ausearch -m avc -ts recent
----
time->Wed Jun 22 14:54:04 2016
type=PROCTITLE msg=audit(1466607244.037:187): proctitle="/usr/libexec/rpm-ostreed"
type=SYSCALL msg=audit(1466607244.037:187): arch=c000003e syscall=190 success=no exit=-22 a0=2b a1=7fd16c0091f1 a2=7fd16c009202 a3=30 items=0 ppid=1 pid=1286 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="pool" exe="/usr/libexec/rpm-ostreed" subj=system_u:system_r:init_t:s0 key=(null)
type=SELINUX_ERR msg=audit(1466607244.037:187): op=setxattr invalid_context="system_u:object_r:systemd_rfkill_unit_file_t:s0"
type=AVC msg=audit(1466607244.037:187): avc:  denied  { mac_admin } for  pid=1286 comm="pool" capability=33  scontext=system_u:system_r:init_t:s0 tcontext=system_u:system_r:init_t:s0 tclass=capability2 permissive=0
----
time->Wed Jun 22 14:54:04 2016
type=PROCTITLE msg=audit(1466607244.038:188): proctitle="/usr/libexec/rpm-ostreed"
type=SYSCALL msg=audit(1466607244.038:188): arch=c000003e syscall=190 success=no exit=-22 a0=2d a1=7fd188009fa1 a2=7fd188009fb2 a3=32 items=0 ppid=1 pid=1288 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="pool" exe="/usr/libexec/rpm-ostreed" subj=system_u:system_r:init_t:s0 key=(null)
type=SELINUX_ERR msg=audit(1466607244.038:188): op=setxattr invalid_context="system_u:object_r:systemd_resolved_unit_file_t:s0"
type=AVC msg=audit(1466607244.038:188): avc:  denied  { mac_admin } for  pid=1288 comm="pool" capability=33  scontext=system_u:system_r:init_t:s0 tcontext=system_u:system_r:init_t:s0 tclass=capability2 permissive=0
Comment 1 Micah Abbott 2016-06-22 15:30:49 UTC 

*** This bug has been marked as a duplicate of bug 1309075 ***