Bug 2260116
| Summary: | plymouthd denials when shutting down or rebooting with the 6.8-rc1 kernel | ||||||
|---|---|---|---|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Matt Fagnani <matt.fagnani> | ||||
| Component: | selinux-policy | Assignee: | Zdenek Pytela <zpytela> | ||||
| Status: | CLOSED DUPLICATE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||
| Severity: | medium | Docs Contact: | |||||
| Priority: | medium | ||||||
| Version: | rawhide | CC: | dwalsh, lvrabec, mmalik, nknazeko, omosnacek, pkoncity, vmojzis, zpytela | ||||
| Target Milestone: | --- | ||||||
| Target Release: | --- | ||||||
| Hardware: | Unspecified | ||||||
| OS: | Linux | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2024-01-30 17:33:31 UTC | Type: | --- | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Attachments: |
|
||||||
Created attachment 2010205 [details]
Journal from a shutdown with 6.8-rc1 showing plymouthd denials
*** This bug has been marked as a duplicate of bug 2259622 *** |
I installed the 6.8-rc1 kernel in a Fedora Rawhide KDE Plasma installation. When I've shut down or rebooted with the 6.8-rc1 kernel, plymouthd denials were shown in the journal which didn't appear with the 6.7.0 kernel. Jan 23 07:32:57 audit[27434]: AVC avc: denied { read write } for pid=27434 comm="plymouthd" name="kmsg" dev="devtmpfs" ino=10 scontext=system_u:system_r:plymouthd_t:s0 tcontext=system_u:object_r:kmsg_device_t:s0 tclass=chr_file permissive=0 Jan 23 07:32:57 audit[27434]: AVC avc: denied { checkpoint_restore } for pid=27434 comm="plymouthd" capability=40 scontext=system_u:system_r:plymouthd_t:s0 tcontext=system_u:system_r:plymouthd_t:s0 tclass=capability2 permissive=0 Jan 23 07:32:58 audit[27434]: AVC avc: denied { read } for pid=27434 comm="plymouthd" name="SecureBoot-8be4df61-93ca-11d2-aa0d-00e098032b8c" dev="efivarfs" ino=3196 scontext=system_u:system_r:plymouthd_t:s0 tcontext=system_u:object_r:efivarfs_t:s0 tclass=file permissive=0 The denials of checkpoint_restore were sometimes shown several hundred times during shutdown or reboot. The denials were shown 4/5 times. The time the denials weren't shown was during a dnf offline upgrade where I had pressed Escape to see the details of the upgrade so the plymouth screen with the spinner wasn't shown during reboot. selinux-policy-40.9-1.fc40.noarch was used in enforcing mode. I have Secure Boot enabled which might be needed for the last denial. I'll attach the journal from a shutdown with the denials. Reproducible: Sometimes Steps to Reproduce: 1. Boot the 6.8.0-0.rc1.12.fc40 kernel in a Fedora Rawhide KDE Plasma installation 2. Log in to Plasma 3. Shut down or reboot Actual Results: plymouthd denials when shutting down or rebooting with the 6.8-rc1 kernel Expected Results: No denials should have been shown.