Bug 1841287
| Summary: | /sys/kernel/tracing: current context conflicts with default context | |||
|---|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Milos Malik <mmalik> | |
| Component: | selinux-policy | Assignee: | Zdenek Pytela <zpytela> | |
| Status: | CLOSED ERRATA | QA Contact: | Milos Malik <mmalik> | |
| Severity: | medium | Docs Contact: | ||
| Priority: | medium | |||
| Version: | 32 | CC: | dwalsh, grepl.miroslav, lvrabec, mmalik, omosnace, plautrba, vmojzis, zpytela | |
| Target Milestone: | --- | Keywords: | Triaged | |
| Target Release: | --- | |||
| Hardware: | All | |||
| OS: | Linux | |||
| Whiteboard: | ||||
| Fixed In Version: | selinux-policy-3.14.5-40.fc32 | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | ||
| Clone Of: | ||||
| : | 1847331 (view as bug list) | Environment: | ||
| Last Closed: | 2020-06-11 22:57:20 UTC | Type: | Bug | |
| Regression: | --- | Mount Type: | --- | |
| Documentation: | --- | CRM: | ||
| Verified Versions: | Category: | --- | ||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
| Cloudforms Team: | --- | Target Upstream Version: | ||
| Embargoed: | ||||
|
Description
Milos Malik
2020-05-28 19:02:16 UTC
# sestatus
SELinux status: enabled
SELinuxfs mount: /sys/fs/selinux
SELinux root directory: /etc/selinux
Loaded policy name: targeted
Current mode: enforcing
Mode from config file: enforcing
Policy MLS status: enabled
Policy deny_unknown status: allowed
Memory protection checking: actual (secure)
Max kernel policy version: 32
# restorecon -v /sys/kernel/tracing/available_events
restorecon: Could not set context for /sys/kernel/tracing/available_events: Permission denied
# ausearch -m avc -i -ts recent
----
type=PROCTITLE msg=audit(05/28/2020 15:05:30.977:317) : proctitle=restorecon -v /sys/kernel/tracing/available_events
type=PATH msg=audit(05/28/2020 15:05:30.977:317) : item=0 name=/sys/kernel/tracing/available_events inode=91 dev=00:0b mode=file,444 ouid=root ogid=root rdev=00:00 obj=system_u:object_r:tracefs_t:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 cap_frootid=0
type=CWD msg=audit(05/28/2020 15:05:30.977:317) : cwd=/root
type=SYSCALL msg=audit(05/28/2020 15:05:30.977:317) : arch=x86_64 syscall=lsetxattr success=no exit=EACCES(Permission denied) a0=0x555ec9e7e4b0 a1=0x7f1c01167753 a2=0x555ec9e7e480 a3=0x1d items=1 ppid=918 pid=1057 auid=root uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=pts0 ses=3 comm=restorecon exe=/usr/sbin/setfiles subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(05/28/2020 15:05:30.977:317) : avc: denied { associate } for pid=1057 comm=restorecon name=available_events dev="tracefs" ino=91 scontext=system_u:object_r:sysfs_t:s0 tcontext=system_u:object_r:tracefs_t:s0 tclass=filesystem permissive=0
----
https://github.com/fedora-selinux/selinux-policy/pull/356/commits/db6708247ea732cb02953ed84491ba01dc9118c4 commit db6708247ea732cb02953ed84491ba01dc9118c4 (origin/rawhide) Author: Zdenek Pytela <zpytela> Date: Thu May 28 17:32:31 2020 +0200 Add file context for /sys/kernel/tracing FEDORA-2020-ca8855e4de has been submitted as an update to Fedora 32. https://bodhi.fedoraproject.org/updates/FEDORA-2020-ca8855e4de FEDORA-2020-ca8855e4de has been pushed to the Fedora 32 testing repository. In short time you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2020-ca8855e4de` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2020-ca8855e4de See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates. selinux-policy-3.14.5-40.fc32 has been pushed to the Fedora 32 stable repository. If problems still persist, please make note of it in this bug report. |