Bug 1460881
Summary: | SELinux is preventing unix_chkpwd from using the dac_read_search capability. | ||||||
---|---|---|---|---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Chris Murphy <bugzilla> | ||||
Component: | selinux-policy | Assignee: | Lukas Vrabec <lvrabec> | ||||
Status: | CLOSED DUPLICATE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||
Severity: | unspecified | Docs Contact: | |||||
Priority: | unspecified | ||||||
Version: | 26 | CC: | dominick.grift, dwalsh, lvrabec, mgrepl, plautrba, pmoore, ssekidde | ||||
Target Milestone: | --- | ||||||
Target Release: | --- | ||||||
Hardware: | Unspecified | ||||||
OS: | Unspecified | ||||||
Whiteboard: | |||||||
Fixed In Version: | Doc Type: | If docs needed, set a value | |||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2017-06-13 12:53:24 UTC | Type: | Bug | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Attachments: |
|
Also happens with selinux-policy-3.13.1-257.fc26.noarch and manually relabelled. *** This bug has been marked as a duplicate of bug 1460882 *** |
Created attachment 1287139 [details] journal Description of problem: SETroubleshoot notification at login appears, with this complaint. Version-Release number of selected component (if applicable): selinux-policy-3.13.1-254.fc26.noarch 4.12.0-0.rc5.git0.1.fc27.x86_64 How reproducible: Each boot. Steps to Reproduce: 1. Boot 2. 3. Actual results: SELinux alert notification Raw Audit Messages type=AVC msg=audit(1497323292.544:252): avc: denied { dac_read_search } for pid=1698 comm="unix_chkpwd" capability=2 scontext=system_u:system_r:chkpwd_t:s0 tcontext=system_u:system_r:chkpwd_t:s0 tclass=capability permissive=0 Expected results: No notification for just booting and logging in. Additional info: Could be related to upgrading the kernel from 4.11.3 to 4.12rc5; I don't recall these SELinux alerts happening prior to the upgrade.