Bug 1592028
Summary: | SELinux is preventing systemd-journal from map access on the file /var/log/journal/72f5bc79a4d24f1d9ce24f2748849a79/system.journal | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 7 | Reporter: | Lukas Slebodnik <lslebodn> |
Component: | selinux-policy | Assignee: | Lukas Vrabec <lvrabec> |
Status: | CLOSED ERRATA | QA Contact: | Milos Malik <mmalik> |
Severity: | urgent | Docs Contact: | |
Priority: | high | ||
Version: | 7.6 | CC: | dwalsh, fkluknav, lmiksik, lvrabec, mgrepl, mmalik, plautrba, qcai, ssekidde |
Target Milestone: | beta | Keywords: | Extras, Regression |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | selinux-policy-3.13.1-209.el7 | Doc Type: | If docs needed, set a value |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2018-10-30 10:05:46 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Lukas Slebodnik
2018-06-16 10:17:12 UTC
Saw loads of those on aarch64 machines. allow syslogd_t container_log_t:file map; Probably need one of those similar patches, https://github.com/fedora-selinux/selinux-policy/pull/208 # rpm -qa | grep selinux selinux-policy-targeted-3.13.1-207.el7.noarch selinux-policy-3.13.1-207.el7.noarch libselinux-utils-2.5-13.el7.aarch64 libselinux-2.5-13.el7.aarch64 libselinux-python-2.5-13.el7.aarch64 container-selinux-2.68-1.el7.noarch Dan, could you PTAL at this? Lukas this seems more like an selinux-policy issue. syslogd_t should be able to map all files with the logfile attribute. Do you agree? Make sense to me. Fixed in fedora also will create patches for RHEL. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2018:3111 |