Bug 1584461
Summary: | SELinux is preventing pkla-check-auth from 'read' accesses on the file /etc/authselect/nsswitch.conf. | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | keane.mokelley+spam |
Component: | selinux-policy | Assignee: | Lukas Vrabec <lvrabec> |
Status: | CLOSED NOTABUG | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | unspecified | Docs Contact: | |
Priority: | unspecified | ||
Version: | 28 | CC: | dwalsh, lvrabec, mailinglists35, marvin.sinci, mgrepl, mmalik, plautrba, pmoore |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | x86_64 | ||
OS: | Linux | ||
Whiteboard: | abrt_hash:9058d18b3c11df204192f8df69a5f4a2dee873d887808d1e98e6d3eb22dd644c;VARIANT_ID=workstation; | ||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2018-06-01 12:51:43 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
keane.mokelley+spam
2018-05-31 01:16:38 UTC
HI, Could you run: # restorecon -Rv / To restore SELinux labels on your system? THanks. (In reply to Lukas Vrabec from comment #1) > HI, > > Could you run: > > # restorecon -Rv / > > To restore SELinux labels on your system? > > THanks. No, /etc/authselect/nsswitch.conf is mounted read-only by snapd: `/var/lib/snapd/snaps/core_4650.snap on /etc/authselect/nsswitch.conf type squashfs (ro,nodev,relatime,seclabel)` (In reply to Lukas Vrabec from comment #1) > HI, > > Could you run: > > # restorecon -Rv / > > To restore SELinux labels on your system? > > THanks. Dear Lukas, Could you help retitle this, redirect the bug to snapd package and reopen? I understand this is not caused by selinux but by snapd installing a file not compliant with selinux. (for me it's also snapd the cause of this[1]) The effect is frustrating as I'm getting these selinux alerts all the time: https://i.imgur.com/vt2Mv9L.png Thank you. [1] [asus@localhost ~]$ grep /etc/authselect/nsswitch.conf /proc/mounts /dev/loop1 /etc/authselect/nsswitch.conf squashfs ro,seclabel,nodev,relatime 0 0 [asus@localhost ~]$ losetup /dev/loop1 /dev/loop1: []: (/var/lib/snapd/snaps/core_4917.snap) [asus@localhost ~]$ sudo blockdev --getro /dev/loop1 1 nevermind, filed https://bugzilla.redhat.com/show_bug.cgi?id=1612430 |