Bug 1674111
| Summary: | SELinux is preventing /usr/lib/systemd/systemd-journald from using the 'signull' accesses on a process. | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Nicolas Mailhot <nicolas.mailhot> |
| Component: | selinux-policy | Assignee: | Lukas Vrabec <lvrabec> |
| Status: | CLOSED DUPLICATE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | rawhide | CC: | dwalsh, lvrabec, mgrepl, plautrba, zpytela |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | x86_64 | ||
| OS: | Unspecified | ||
| Whiteboard: | abrt_hash:e68046d2891233f42669cb7e9f4446d78f41ba7be083ab4562000da3ef386f90;VARIANT_ID=workstation; | ||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2019-02-11 12:15:43 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
*** This bug has been marked as a duplicate of bug 1674109 *** |
Description of problem: SELinux is preventing /usr/lib/systemd/systemd-journald from using the 'signull' accesses on a process. ***** Plugin catchall (100. confidence) suggests ************************** Si vous pensez que systemd-journald devrait être autorisé à accéder signull sur les processus étiquetés xdm_t par défaut. Then vous devriez rapporter ceci en tant qu'anomalie. Vous pouvez générer un module de stratégie local pour autoriser cet accès. Do autoriser cet accès pour le moment en exécutant : # ausearch -c "systemd-journal" --raw | audit2allow -M my-systemdjournal # semodule -X 300 -i my-systemdjournal.pp Additional Information: Source Context system_u:system_r:syslogd_t:s0 Target Context system_u:system_r:xdm_t:s0-s0:c0.c1023 Target Objects Inconnu [ process ] Source systemd-journal Source Path /usr/lib/systemd/systemd-journald Port <Inconnu> Host (removed) Source RPM Packages systemd-241~rc2-1.fc30.x86_64 Target RPM Packages Policy RPM selinux-policy-3.14.3-20.fc30.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Permissive Host Name (removed) Platform Linux (removed) 5.0.0-0.rc5.git0.1.fc30.x86_64 #1 SMP Mon Feb 4 15:03:14 UTC 2019 x86_64 x86_64 Alert Count 9 First Seen 2019-02-09 10:23:26 CET Last Seen 2019-02-09 10:25:44 CET Local ID 6cbafe0d-cacb-42f3-b23d-80e88d99da37 Raw Audit Messages type=AVC msg=audit(1549704344.119:395): avc: denied { signull } for pid=638 comm="systemd-journal" scontext=system_u:system_r:syslogd_t:s0 tcontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tclass=process permissive=1 type=SYSCALL msg=audit(1549704344.119:395): arch=x86_64 syscall=kill success=yes exit=0 a0=6a3 a1=0 a2=ffffffff a3=47e22 items=0 ppid=1 pid=638 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=systemd-journal exe=/usr/lib/systemd/systemd-journald subj=system_u:system_r:syslogd_t:s0 key=(null) Hash: systemd-journal,syslogd_t,xdm_t,process,signull Version-Release number of selected component: selinux-policy-3.14.3-20.fc30.noarch Additional info: component: selinux-policy reporter: libreport-2.10.0 hashmarkername: setroubleshoot kernel: 5.0.0-0.rc5.git0.1.fc30.x86_64 type: libreport