| Summary: | SELinux is preventing vboxdrv.sh from 'create' accesses on the file vbox-install.log. | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Raffaello Bertini <raffaellobertini> |
| Component: | selinux-policy | Assignee: | Lukas Vrabec <lvrabec> |
| Status: | CLOSED WONTFIX | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 24 | CC: | alciregi, alexus_m, a.lloyd.flanagan, andre.ocosta, babakkeshavarz62, benjaminriehl76+alias, bigkrp, bizon11rus, bugzilla, csamyn, danie.dejager, dconti2008, dct996, devin, dominick.grift, dwalsh, ejafabassam, flydove, franciscotinio1625.7, geral, huvith, kaleajit27, kitsunebi, luca.botti, lvrabec, mgrepl, modir, newsletters, obliterator666, plautrba, ricky.tigg, sami, sevo65, thelints, thomas, titaniumkeys, vanja.banga, wojciech, yeahspyme |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | x86_64 | ||
| OS: | Unspecified | ||
| Whiteboard: | abrt_hash:d6b53ff203fa077bd9359a2559988acdc3420cdc04ece0f02d28f2b9767ab9b8;VARIANT_ID=workstation; | ||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2016-11-07 19:05:43 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
Description of problem: when i open the Vivaldi browser 1.4.589.15 (Stable channel) (32-bit) Version-Release number of selected component: selinux-policy-3.13.1-191.14.fc24.noarch Additional info: reporter: libreport-2.7.2 hashmarkername: setroubleshoot kernel: 4.7.3-200.fc24.i686+PAE type: libreport This package has changed ownership in the Fedora Package Database. Reassigning to the new owner of this component. Description of problem: Immediately upon login to gnome classic. Version-Release number of selected component: selinux-policy-3.13.1-191.16.fc24.noarch Additional info: reporter: libreport-2.7.2 hashmarkername: setroubleshoot kernel: 4.7.5-200.fc24.x86_64 type: libreport *** Bug 1381179 has been marked as a duplicate of this bug. *** Description of problem: dnf upgrade Version-Release number of selected component: selinux-policy-3.13.1-191.18.fc24.noarch Additional info: reporter: libreport-2.7.2 hashmarkername: setroubleshoot kernel: 4.7.7-200.fc24.x86_64 type: libreport Virtualbox si not part of Official Fedora repo. Closing this issue as WONTFIX. Solution here is local policy module. *** Bug 1394660 has been marked as a duplicate of this bug. *** Description of problem: install virtualbox-5.0 update the system restart the system and the avc alert display Version-Release number of selected component: selinux-policy-3.13.1-191.20.fc24.noarch Additional info: reporter: libreport-2.7.2 hashmarkername: setroubleshoot kernel: 4.8.7-200.fc24.x86_64 type: libreport Description of problem: boot up the system Version-Release number of selected component: selinux-policy-3.13.1-191.21.fc24.noarch Additional info: reporter: libreport-2.7.2 hashmarkername: setroubleshoot kernel: 4.8.8-200.fc24.x86_64 type: libreport Description of problem: Normal operation. Sorry no more details, but it can't write an install log? Really? Version-Release number of selected component: selinux-policy-3.13.1-191.21.fc24.noarch Additional info: reporter: libreport-2.8.0 hashmarkername: setroubleshoot kernel: 4.8.10-300.fc25.x86_64 type: libreport Description of problem: The problem has occured after a reboot, to start the new kernel version after upgrade. Version-Release number of selected component: selinux-policy-3.13.1-225.6.fc25.noarch Additional info: reporter: libreport-2.8.0 hashmarkername: setroubleshoot kernel: 4.9.10-200.fc25.x86_64 type: libreport Description of problem: on startup of laptop Version-Release number of selected component: selinux-policy-3.13.1-225.10.fc25.noarch Additional info: reporter: libreport-2.8.0 hashmarkername: setroubleshoot kernel: 4.9.11-200.fc25.x86_64 type: libreport Description of problem: showed up after updates and restart Version-Release number of selected component: selinux-policy-3.13.1-225.10.fc25.noarch Additional info: reporter: libreport-2.8.0 hashmarkername: setroubleshoot kernel: 4.9.12-200.fc25.x86_64 type: libreport Description of problem: This problem appears once logged in. Version-Release number of selected component: selinux-policy-3.13.1-225.10.fc25.noarch Additional info: reporter: libreport-2.8.0 hashmarkername: setroubleshoot kernel: 4.9.12-200.fc25.x86_64 type: libreport Description of problem: I have updated the release with last released by the command >dnf -y update . After the update the virtualbox doesn't run ,the virtualbox 5.1.14 in one pop-up informed run '/sbin/vboxconfig' . when I have run this command on the display : vboxdrv.sh: Building VirtualBox kernel modules. vboxdrv.sh: Starting VirtualBox services. vboxdrv.sh: Building VirtualBox kernel modules. vboxdrv.sh: failed: modprobe vboxdrv failed. Please use 'dmesg' to find out why dmesg = [ 625.056827] audit: type=1305 audit(1488310436.051:265): audit_pid=0 old=870 auid=4294967295 ses=4294967295 subj=system_u:system_r:auditd_t:s0 res=1 [ 625.058344] audit: type=1130 audit(1488310436.052:266): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=auditd comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' [ 625.058370] audit: type=1131 audit(1488310436.052:267): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=auditd comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' [ 626.069096] audit: type=1305 audit(1488310437.063:268): audit_enabled=1 old=1 auid=4294967295 ses=4294967295 subj=system_u:system_r:auditd_t:s0 res=1 [ 626.069112] audit: type=1305 audit(1488310437.063:269): audit_pid=25388 old=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:auditd_t:s0 res=1 Version-Release number of selected component: selinux-policy-3.13.1-225.10.fc25.noarch Additional info: reporter: libreport-2.8.0 hashmarkername: setroubleshoot kernel: 4.9.11-200.fc25.x86_64 type: libreport Description of problem: This was part of the regular boot process. I had installed a new kernel before the reboot. Version-Release number of selected component: selinux-policy-3.13.1-225.16.fc25.noarch Additional info: reporter: libreport-2.8.0 hashmarkername: setroubleshoot kernel: 4.11.3-202.fc25.x86_64 type: libreport Description of problem: gparted no open. Version-Release number of selected component: selinux-policy-3.13.1-225.16.fc25.noarch Additional info: reporter: libreport-2.8.0 hashmarkername: setroubleshoot kernel: 4.11.5-200.fc25.x86_64 type: libreport Description of problem: I tried to update via sudo dnf update And after reboot i have message from SELinux Version-Release number of selected component: selinux-policy-3.13.1-225.22.fc25.noarch Additional info: reporter: libreport-2.8.0 hashmarkername: setroubleshoot kernel: 4.12.11-200.fc25.x86_64 type: libreport *** Bug 1624595 has been marked as a duplicate of this bug. *** |
Description of problem: start virtual box service SELinux is preventing vboxdrv.sh from 'create' accesses on the file vbox-install.log. ***** Plugin catchall (100. confidence) suggests ************************** If you believe that vboxdrv.sh should be allowed create access on the vbox-install.log file by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # ausearch -c 'vboxdrv.sh' --raw | audit2allow -M my-vboxdrvsh # semodule -X 300 -i my-vboxdrvsh.pp Additional Information: Source Context system_u:system_r:init_t:s0 Target Context system_u:object_r:var_log_t:s0 Target Objects vbox-install.log [ file ] Source vboxdrv.sh Source Path vboxdrv.sh Port <Unknown> Host (removed) Source RPM Packages Target RPM Packages Policy RPM selinux-policy-3.13.1-191.14.fc24.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 4.7.3-200.fc24.x86_64 #1 SMP Wed Sep 7 17:31:21 UTC 2016 x86_64 x86_64 Alert Count 1 First Seen 2016-09-18 02:05:39 BST Last Seen 2016-09-18 02:05:39 BST Local ID 7ea8b55d-2480-4531-b126-1b158e155a28 Raw Audit Messages type=AVC msg=audit(1474160739.945:146): avc: denied { create } for pid=1379 comm="vboxdrv.sh" name="vbox-install.log" scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:var_log_t:s0 tclass=file permissive=0 Hash: vboxdrv.sh,init_t,var_log_t,file,create Version-Release number of selected component: selinux-policy-3.13.1-191.14.fc24.noarch Additional info: reporter: libreport-2.7.2 hashmarkername: setroubleshoot kernel: 4.7.3-200.fc24.x86_64 type: libreport