Bug 1768951
| Summary: | SELinux is preventing NetworkManager from 'write' accesses on the fifo_file /var/tmp/dracut.1CwfJY/systemd-cat. | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Enrique Meléndez <emelenas> |
| Component: | dracut | Assignee: | dracut-maint-list |
| Status: | CLOSED DUPLICATE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 31 | CC: | bgalvani, bugzilla_fedora, dcbw, dgunchev, dracut-maint-list, dwalsh, emelenas, fgiudici, gnome-sig, john.j5live, jonathan, lkundrak, lvrabec, mailinglists35, mclasen, mgrepl, mpitt, plautrba, rhughes, rstrode, sandmann, zbyszek, zpytela |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | x86_64 | ||
| OS: | Unspecified | ||
| Whiteboard: | abrt_hash:afb851bf52067b5be08ad4fab6111a088ea632f6bbaf6e342925a14cf8bb73d1; | ||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2020-06-02 11:01:09 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
Hi NetworkManager maintainers, Any idea why NetworkManager is writing to the "/var/tmp/dracut.1CwfJY/systemd-cat" ? If you answer and it's expected please move the component back to selinux-policy. Thanks, Lukas. /var/tmp/dracut.1CwfJY/systemd-cat appears to be a fifo used for logging in dracut. I'm not familiar with dracut internals but perhaps NM is writing logging information to it through standard error or through syslog. Reassigning to dracut maintainers so that they can confirm what is going on and how to proceed about this. Similar problem has been detected: Restarted the machine after dnf update. hashmarkername: setroubleshoot kernel: 5.5.15-200.fc31.x86_64 package: selinux-policy-3.14.4-50.fc31.noarch reason: SELinux is preventing NetworkManager from 'write' accesses on the fifo_file /var/tmp/dracut.n2fbhR/systemd-cat. type: libreport *** This bug has been marked as a duplicate of bug 1750428 *** |
Description of problem: On startup SELinux is preventing NetworkManager from 'write' accesses on the fifo_file /var/tmp/dracut.1CwfJY/systemd-cat. ***** Plugin catchall (100. confidence) suggests ************************** If you believe that NetworkManager should be allowed write access on the systemd-cat fifo_file by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # ausearch -c 'NetworkManager' --raw | audit2allow -M my-NetworkManager # semodule -X 300 -i my-NetworkManager.pp Additional Information: Source Context system_u:system_r:NetworkManager_t:s0 Target Context system_u:object_r:initrc_tmp_t:s0 Target Objects /var/tmp/dracut.1CwfJY/systemd-cat [ fifo_file ] Source NetworkManager Source Path NetworkManager Port <Unknown> Host (removed) Source RPM Packages Target RPM Packages Policy RPM <Unknown> Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 5.3.7-301.fc31.x86_64 #1 SMP Mon Oct 21 19:18:58 UTC 2019 x86_64 x86_64 Alert Count 1 First Seen 2019-11-05 17:04:28 CET Last Seen 2019-11-05 17:04:28 CET Local ID a565b538-e2c6-4a79-9d21-166f894a6b69 Raw Audit Messages type=AVC msg=audit(1572969868.388:208): avc: denied { write } for pid=6790 comm="NetworkManager" path="/var/tmp/dracut.1CwfJY/systemd-cat" dev="dm-0" ino=655746 scontext=system_u:system_r:NetworkManager_t:s0 tcontext=system_u:object_r:initrc_tmp_t:s0 tclass=fifo_file permissive=0 Hash: NetworkManager,NetworkManager_t,initrc_tmp_t,fifo_file,write Additional info: component: selinux-policy reporter: libreport-2.10.1 hashmarkername: setroubleshoot kernel: 5.3.7-301.fc31.x86_64 type: libreport