Bug 1361732
Summary: | SELinux is preventing systemd from 'create' accesses on the chr_file chr. | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Kohei Takahashi <flast> |
Component: | selinux-policy | Assignee: | Lukas Vrabec <lvrabec> |
Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | unspecified | Docs Contact: | |
Priority: | unspecified | ||
Version: | rawhide | CC: | dominick.grift, dwalsh, lvrabec, mgrepl, plautrba |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | x86_64 | ||
OS: | Unspecified | ||
Whiteboard: | abrt_hash:b1a5210b69cd863f05d743e2c47294e71802e10e613f3b77fc56e6fd4267572c;VARIANT_ID=workstation; | ||
Fixed In Version: | selinux-policy-3.13.1-225.10.fc25 | Doc Type: | If docs needed, set a value |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2017-02-26 01:37:15 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Kohei Takahashi
2016-07-29 23:00:56 UTC
SELinux is preventing systemd from 'create' accesses on the blk_file blk. ***** Plugin catchall (100. confidence) suggests ************************** If systemd に、 blk blk_file の create アクセスがデフォルトで許可されるべきです。 Then バグとして報告してください。 ローカルのポリシーモジュールを生成すると、 このアクセスを許可することができます。 Do allow this access for now by executing: # ausearch -c 'systemd' --raw | audit2allow -M my-systemd # semodule -X 300 -i my-systemd.pp Additional Information: Source Context system_u:system_r:init_t:s0 Target Context system_u:object_r:init_var_run_t:s0 Target Objects blk [ blk_file ] Source systemd Source Path systemd Port <Unknown> Host (removed) Source RPM Packages Target RPM Packages Policy RPM selinux-policy-3.13.1-203.fc25.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 4.7.0-0.rc0.git10.1.fc25.x86_64 #1 SMP Fri May 27 14:56:48 UTC 2016 x86_64 x86_64 Alert Count 1 First Seen 2016-07-30 07:58:27 JST Last Seen 2016-07-30 07:58:27 JST Local ID eddd2ec5-8172-49b8-8bc5-d28483dae1d8 Raw Audit Messages type=AVC msg=audit(1469833107.151:244): avc: denied { create } for pid=1 comm="systemd" name="blk" scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:init_var_run_t:s0 tclass=blk_file permissive=0 Hash: systemd,init_t,init_var_run_t,blk_file,create SELinux is preventing systemd-gpt-aut from 'read' accesses on the file libsystemd-shared-231.so. ***** Plugin catchall (100. confidence) suggests ************************** If systemd-gpt-aut に、 libsystemd-shared-231.so file の read アクセスがデフォルトで許可されるべきです。 Then バグとして報告してください。 ローカルのポリシーモジュールを生成すると、 このアクセスを許可することができます。 Do allow this access for now by executing: # ausearch -c 'systemd-gpt-aut' --raw | audit2allow -M my-systemdgptaut # semodule -X 300 -i my-systemdgptaut.pp Additional Information: Source Context system_u:system_r:systemd_gpt_generator_t:s0 Target Context system_u:object_r:init_exec_t:s0 Target Objects libsystemd-shared-231.so [ file ] Source systemd-gpt-aut Source Path systemd-gpt-aut Port <Unknown> Host (removed) Source RPM Packages Target RPM Packages Policy RPM selinux-policy-3.13.1-203.fc25.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 4.7.0-0.rc0.git10.1.fc25.x86_64 #1 SMP Fri May 27 14:56:48 UTC 2016 x86_64 x86_64 Alert Count 2 First Seen 2016-07-30 07:58:28 JST Last Seen 2016-07-30 07:58:33 JST Local ID 11b79367-ed6c-47ba-88ed-4ad076774774 Raw Audit Messages type=AVC msg=audit(1469833113.36:255): avc: denied { read } for pid=4025 comm="systemd-gpt-aut" name="libsystemd-shared-231.so" dev="sda7" ino=28127140 scontext=system_u:system_r:systemd_gpt_generator_t:s0 tcontext=system_u:object_r:init_exec_t:s0 tclass=file permissive=1 Hash: systemd-gpt-aut,systemd_gpt_generator_t,init_exec_t,file,read SELinux is preventing systemd-gpt-aut from 'open' accesses on the file /usr/lib/systemd/libsystemd-shared-231.so. ***** Plugin catchall (100. confidence) suggests ************************** If systemd-gpt-aut に、 libsystemd-shared-231.so file の open アクセスがデフォルトで許可されるべきです。 Then バグとして報告してください。 ローカルのポリシーモジュールを生成すると、 このアクセスを許可することができます。 Do allow this access for now by executing: # ausearch -c 'systemd-gpt-aut' --raw | audit2allow -M my-systemdgptaut # semodule -X 300 -i my-systemdgptaut.pp Additional Information: Source Context system_u:system_r:systemd_gpt_generator_t:s0 Target Context system_u:object_r:init_exec_t:s0 Target Objects /usr/lib/systemd/libsystemd-shared-231.so [ file ] Source systemd-gpt-aut Source Path systemd-gpt-aut Port <Unknown> Host (removed) Source RPM Packages Target RPM Packages systemd-231-2.fc26.x86_64 Policy RPM selinux-policy-3.13.1-203.fc25.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 4.7.0-0.rc0.git10.1.fc25.x86_64 #1 SMP Fri May 27 14:56:48 UTC 2016 x86_64 x86_64 Alert Count 2 First Seen 2016-07-30 07:58:28 JST Last Seen 2016-07-30 07:58:33 JST Local ID 0723863d-b58a-4c38-843a-bfeca72cb4e7 Raw Audit Messages type=AVC msg=audit(1469833113.36:256): avc: denied { open } for pid=4025 comm="systemd-gpt-aut" path="/usr/lib/systemd/libsystemd-shared-231.so" dev="sda7" ino=28127140 scontext=system_u:system_r:systemd_gpt_generator_t:s0 tcontext=system_u:object_r:init_exec_t:s0 tclass=file permissive=1 Hash: systemd-gpt-aut,systemd_gpt_generator_t,init_exec_t,file,open SELinux is preventing systemd-gpt-aut from 'getattr' accesses on the file /usr/lib/systemd/libsystemd-shared-231.so. ***** Plugin catchall (100. confidence) suggests ************************** If systemd-gpt-aut に、 libsystemd-shared-231.so file の getattr アクセスがデフォルトで許可されるべきです。 Then バグとして報告してください。 ローカルのポリシーモジュールを生成すると、 このアクセスを許可することができます。 Do allow this access for now by executing: # ausearch -c 'systemd-gpt-aut' --raw | audit2allow -M my-systemdgptaut # semodule -X 300 -i my-systemdgptaut.pp Additional Information: Source Context system_u:system_r:systemd_gpt_generator_t:s0 Target Context system_u:object_r:init_exec_t:s0 Target Objects /usr/lib/systemd/libsystemd-shared-231.so [ file ] Source systemd-gpt-aut Source Path systemd-gpt-aut Port <Unknown> Host (removed) Source RPM Packages Target RPM Packages systemd-231-2.fc26.x86_64 Policy RPM selinux-policy-3.13.1-203.fc25.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 4.7.0-0.rc0.git10.1.fc25.x86_64 #1 SMP Fri May 27 14:56:48 UTC 2016 x86_64 x86_64 Alert Count 2 First Seen 2016-07-30 07:58:28 JST Last Seen 2016-07-30 07:58:33 JST Local ID 43d05bbd-f21c-4009-8f8b-e2b514fcf575 Raw Audit Messages type=AVC msg=audit(1469833113.36:257): avc: denied { getattr } for pid=4025 comm="systemd-gpt-aut" path="/usr/lib/systemd/libsystemd-shared-231.so" dev="sda7" ino=28127140 scontext=system_u:system_r:systemd_gpt_generator_t:s0 tcontext=system_u:object_r:init_exec_t:s0 tclass=file permissive=1 Hash: systemd-gpt-aut,systemd_gpt_generator_t,init_exec_t,file,getattr SELinux is preventing systemd-gpt-aut from 'execute' accesses on the file /usr/lib/systemd/libsystemd-shared-231.so. ***** Plugin catchall (100. confidence) suggests ************************** If systemd-gpt-aut に、 libsystemd-shared-231.so file の execute アクセスがデフォルトで許可されるべきです。 Then バグとして報告してください。 ローカルのポリシーモジュールを生成すると、 このアクセスを許可することができます。 Do allow this access for now by executing: # ausearch -c 'systemd-gpt-aut' --raw | audit2allow -M my-systemdgptaut # semodule -X 300 -i my-systemdgptaut.pp Additional Information: Source Context system_u:system_r:systemd_gpt_generator_t:s0 Target Context system_u:object_r:init_exec_t:s0 Target Objects /usr/lib/systemd/libsystemd-shared-231.so [ file ] Source systemd-gpt-aut Source Path systemd-gpt-aut Port <Unknown> Host (removed) Source RPM Packages Target RPM Packages systemd-231-2.fc26.x86_64 Policy RPM selinux-policy-3.13.1-203.fc25.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 4.7.0-0.rc0.git10.1.fc25.x86_64 #1 SMP Fri May 27 14:56:48 UTC 2016 x86_64 x86_64 Alert Count 2 First Seen 2016-07-30 07:58:28 JST Last Seen 2016-07-30 07:58:33 JST Local ID 74c926b5-e8f9-40a8-9237-b3e73321804c Raw Audit Messages type=AVC msg=audit(1469833113.36:258): avc: denied { execute } for pid=4025 comm="systemd-gpt-aut" path="/usr/lib/systemd/libsystemd-shared-231.so" dev="sda7" ino=28127140 scontext=system_u:system_r:systemd_gpt_generator_t:s0 tcontext=system_u:object_r:init_exec_t:s0 tclass=file permissive=1 Hash: systemd-gpt-aut,systemd_gpt_generator_t,init_exec_t,file,execute selinux-policy-3.13.1-205.fc26.noarch fix this issue. This package has changed ownership in the Fedora Package Database. Reassigning to the new owner of this component. selinux-policy-3.13.1-225.10.fc25 has been pushed to the Fedora 25 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2017-31d4ea5eb1 selinux-policy-3.13.1-225.10.fc25 has been pushed to the Fedora 25 stable repository. If problems still persist, please make note of it in this bug report. |