Bug 1442572
| Summary: | SELinux is preventing useradd from write access on the sock_file system_bus_socket | ||||||
|---|---|---|---|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Rubén <rlledo> | ||||
| Component: | selinux-policy | Assignee: | Lukas Vrabec <lvrabec> | ||||
| Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||
| Severity: | low | Docs Contact: | |||||
| Priority: | unspecified | ||||||
| Version: | 26 | CC: | dominick.grift, dwalsh, lvrabec, mgrepl, plautrba, pmoore, ssekidde | ||||
| Target Milestone: | --- | ||||||
| Target Release: | --- | ||||||
| Hardware: | x86_64 | ||||||
| OS: | Linux | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | selinux-policy-3.13.1-251.fc26 | Doc Type: | If docs needed, set a value | ||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2017-05-09 21:20:33 UTC | Type: | Bug | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Attachments: |
|
||||||
selinux-policy-3.13.1-251.fc26 has been submitted as an update to Fedora 26. https://bodhi.fedoraproject.org/updates/FEDORA-2017-f36794dd98 selinux-policy-3.13.1-251.fc26 has been pushed to the Fedora 26 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2017-f36794dd98 (In reply to Fedora Update System from comment #2) > selinux-policy-3.13.1-251.fc26 has been pushed to the Fedora 26 testing > repository. If problems still persist, please make note of it in this bug > report. > See https://fedoraproject.org/wiki/QA:Updates_Testing for > instructions on how to install test updates. > You can provide feedback for this update here: > https://bodhi.fedoraproject.org/updates/FEDORA-2017-f36794dd98 Solved. No SELinux warning anymore. However, SELinux problem assistant (sealert) does nothing yet when clicking on "Report error". Anyway this is a less important issue. Thanks. (In reply to Rubén Lledó from comment #3) > (In reply to Fedora Update System from comment #2) > > selinux-policy-3.13.1-251.fc26 has been pushed to the Fedora 26 testing > > repository. If problems still persist, please make note of it in this bug > > report. > > See https://fedoraproject.org/wiki/QA:Updates_Testing for > > instructions on how to install test updates. > > You can provide feedback for this update here: > > https://bodhi.fedoraproject.org/updates/FEDORA-2017-f36794dd98 > > Solved. No SELinux warning anymore. However, SELinux problem assistant > (sealert) does nothing yet when clicking on "Report error". Anyway this is a > less important issue. > > Thanks. +1 at Bodhi. selinux-policy-3.13.1-251.fc26 has been pushed to the Fedora 26 stable repository. If problems still persist, please make note of it in this bug report. |
Created attachment 1271832 [details] SELinux problem assistant does nothing Description of problem: 1. After installing samba, samba-winbind, samba-client and samba-common-tools packages, selinux reports the following warning SELinux is preventing useradd from write access on the sock_file system_bus_socket. 2. SELinux problem assistant (sealert) does nothing when clicking on "Report error" (see attachment) Version-Release number of selected component (if applicable): samba-client-4.6.2-0.fc26.x86_64 samba-winbind-4.6.2-0.fc26.x86_64 samba-libs-4.6.2-0.fc26.x86_64 samba-client-libs-4.6.2-0.fc26.x86_64 samba-common-libs-4.6.2-0.fc26.x86_64 samba-winbind-modules-4.6.2-0.fc26.x86_64 samba-common-4.6.2-0.fc26.noarch samba-4.6.2-0.fc26.x86_64 samba-common-tools-4.6.2-0.fc26.x86_64 Steps to Reproduce: 1. Install samba and related packages Actual results: Unexpected warning. Log: SELinux is preventing useradd from write access on the sock_file system_bus_socket. ***** Plugin catchall (100. confidence) suggests ************************** If cree que de manera predeterminada, useradd debería permitir acceso write sobre system_bus_socket sock_file. Then debería reportar esto como un error. Puede generar un módulo de política local para permitir este acceso. Do allow this access for now by executing: # ausearch -c 'useradd' --raw | audit2allow -M my-useradd # semodule -X 300 -i my-useradd.pp Additional Information: Source Context system_u:system_r:useradd_t:s0 Target Context system_u:object_r:system_dbusd_var_run_t:s0 Target Objects system_bus_socket [ sock_file ] Source useradd Source Path useradd Port <Unknown> Host (removed) Source RPM Packages Target RPM Packages Policy RPM selinux-policy-3.13.1-249.fc26.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux localhost.localdomain 4.11.0-0.rc5.git0.1.fc26.x86_64 #1 SMP Mon Apr 3 17:54:15 UTC 2017 x86_64 x86_64 Alert Count 7 First Seen 2017-04-13 22:59:34 CEST Last Seen 2017-04-13 22:59:34 CEST Local ID cca7d680-6648-42bb-b398-b2159ec4e9a2 Raw Audit Messages type=AVC msg=audit(1492117174.837:262): avc: denied { write } for pid=2146 comm="useradd" name="system_bus_socket" dev="tmpfs" ino=17241 scontext=system_u:system_r:useradd_t:s0 tcontext=system_u:object_r:system_dbusd_var_run_t:s0 tclass=sock_file permissive=0 Hash: useradd,useradd_t,system_dbusd_var_run_t,sock_file,write Expected results: No warning, silent installation of samba. Additional info: