Bug 2223788
| Summary: | mkfs was denied mounton access on /proc/1018/mounts when starting systemd-zram-setup@zram0.service during boot | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Matt Fagnani <matt.fagnani> |
| Component: | selinux-policy | Assignee: | Zdenek Pytela <zpytela> |
| Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | 38 | CC: | dwalsh, lvrabec, mmalik, nknazeko, omosnacek, pkoncity, vmojzis, zpytela |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | selinux-policy-38.22-1.fc38 | Doc Type: | If docs needed, set a value |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2023-08-01 02:49:25 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
FEDORA-2023-0b46b767d3 has been submitted as an update to Fedora 38. https://bodhi.fedoraproject.org/updates/FEDORA-2023-0b46b767d3 FEDORA-2023-0b46b767d3 has been pushed to the Fedora 38 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2023-0b46b767d3` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2023-0b46b767d3 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates. FEDORA-2023-0b46b767d3 has been pushed to the Fedora 38 stable repository. If problem still persists, please make note of it in this bug report. |
I booted Fedora-KDE-Live-x86_64-Rawhide-20230718.n.0.iso in a GNOME Boxes QEMU/KVM VM on a Fedora 38 KDE Plasma installation. mkfs was denied mounton access on /proc/1018/mounts when starting systemd-zram-setup during boot according to the journal. Jul 18 18:32:13 systemd[1]: Found device dev-zram0.device - /dev/zram0. Jul 18 18:32:14 systemd[1]: Starting systemd-zram-setup - Create swap on /dev/zram0... Jul 18 18:32:14 kernel: zram0: detected capacity change from 0 to 5883904 Jul 18 18:32:14 kernel: audit: type=1400 audit(1689719534.077:9): avc: denied { mounton } for pid=1018 comm="(mkfs)" path="/proc/1018/mounts" dev="proc" ino=21787 scontext=system_u:system_r:fsadm_t:s0 tcontext=system_u:system_r:fsadm_t:s0 tclass=file permissive=0 Jul 18 18:32:14 systemd-makefs[1011]: /dev/zram0 successfully formatted as swap (label "zram0", uuid a88fae4b-6e0f-4866-a680-2106f0555fe6) Jul 18 18:32:14 systemd[1]: Finished systemd-zram-setup - Create swap on /dev/zram0. Jul 18 18:32:14 systemd[1]: Activating swap dev-zram0.swap - Compressed Swap on /dev/zram0... Jul 18 18:32:14 kernel: Adding 2941948k swap on /dev/zram0. Priority:100 extents:1 across:2941948k SSDscFS Jul 18 18:32:14 systemd[1]: Activated swap dev-zram0.swap - Compressed Swap on /dev/zram0. Jul 18 18:32:14 systemd[1]: Reached target swap.target - Swaps. The denial also happened when I ran sudo systemctl restart systemd-zram-setup in Konsole. Reproducible: Always Steps to Reproduce: 1. boot Fedora-KDE-Live-x86_64-Rawhide-20230718.n.0.iso https://koji.fedoraproject.org/koji/buildinfo?buildID=2234366 in a GNOME Boxes QEMU/KVM VM on a Fedora 38 KDE Plasma installation. 2. 3. Actual Results: mkfs was denied mounton access on /proc/1018/mounts when starting systemd-zram-setup during boot Expected Results: No denial should have happened. systemd-254~rc2-4.fc39.x86_64 and kernel-6.5.0-0.rc2.17.fc39.x86_64 were in use. The denial might be related to some change in systemd 254