Bug 1374030
Summary: | SELinux is preventing python from 'create' accesses on the file 1. | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Raphael Groner <projects.rg> |
Component: | selinux-policy | Assignee: | Lukas Vrabec <lvrabec> |
Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | unspecified | Docs Contact: | |
Priority: | unspecified | ||
Version: | 23 | CC: | andre.ocosta, dominick.grift, dwalsh, emailtoflorian, lvrabec, mgrepl, plautrba |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | x86_64 | ||
OS: | Unspecified | ||
Whiteboard: | abrt_hash:ba67e66a2147c6865262e0710e4d68268107cd9df6d262f622baa3c4eef56663; | ||
Fixed In Version: | selinux-policy-3.13.1-158.24.fc23 | Doc Type: | If docs needed, set a value |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2016-09-29 22:51:58 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Raphael Groner
2016-09-07 18:02:55 UTC
This is the same issue we are seeing with chrome. 1345836 I got another report today just after login and I still don't know what causes it, there are several applications in autostart. It is not a problem. It is just a way the kernel is treating attempts to create a file that already exists. It used to only check the create if the file did not exist. Now it checks create even if the file exists. The AVC indicates that a python program tried to create a file named 1 in /proc. No one is allowed to create files in /proc, so this file must already exists. The AVC gets generated but the open call which used the CREATE flag still returns successfully. We are moving to have all domains dontaudit this access. You say /proc is read-only, I assume the file is expected to be created by the kernel. Could it be a bug in/with kernel 4.7.2? But I did not see this report in Fedora 24 (Plasma5) with also kernel 4.7.2 on another box, only with Fedora 23 (Cinnamon). selinux-policy-3.13.1-158.24.fc23 has been submitted as an update to Fedora 23. https://bodhi.fedoraproject.org/updates/FEDORA-2016-f739cc7524 selinux-policy-3.13.1-158.24.fc23 has been pushed to the Fedora 23 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-f739cc7524 How to approach this problem since file affected is called "1"??? This package has changed ownership in the Fedora Package Database. Reassigning to the new owner of this component. selinux-policy-3.13.1-158.24.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report. |