Bug 2305940
| Summary: | SELinux is preventing systemd-journal from using the 'signull' accesses on a process. | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Ian Laurie <nixuser> | ||||||
| Component: | kernel | Assignee: | Kernel Maintainer List <kernel-maint> | ||||||
| Status: | NEW --- | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||||
| Severity: | unspecified | Docs Contact: | |||||||
| Priority: | unspecified | ||||||||
| Version: | 41 | CC: | acaringi, adscvr, airlied, alciregi, bskeggs, daan.j.demeyer, dtardon, dwalsh, fedoraproject, hdegoede, hpa, josef, kernel-maint, linville, lnykryn, lvrabec, masami256, mchehab, mmalik, msekleta, nixuser, omosnacek, pkoncity, ptalbert, ryncsn, steved, suraj.ghimire7, systemd-maint, vmojzis, yuwatana, zbyszek, zpytela | ||||||
| Target Milestone: | --- | ||||||||
| Target Release: | --- | ||||||||
| Hardware: | x86_64 | ||||||||
| OS: | Unspecified | ||||||||
| Whiteboard: | abrt_hash:d7ea5aed7b88f4b23964cf34f5ebe947889ad9064ba7467479badb7a9292c31b;VARIANT_ID=xfce; | ||||||||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |||||||
| Doc Text: | Story Points: | --- | |||||||
| Clone Of: | Environment: | ||||||||
| Last Closed: | Type: | --- | |||||||
| Regression: | --- | Mount Type: | --- | ||||||
| Documentation: | --- | CRM: | |||||||
| Verified Versions: | Category: | --- | |||||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||||
| Embargoed: | |||||||||
| Bug Depends On: | 2305270 | ||||||||
| Bug Blocks: | |||||||||
| Attachments: |
|
||||||||
Created attachment 2044427 [details]
File: description
Created attachment 2044428 [details]
File: os_info
This is an F41 instance of bug 2305270. |
Description of problem: Logged into Xfce SELinux is preventing systemd-journal from using the 'signull' accesses on a process. ***** Plugin catchall (100. confidence) suggests ************************** If you believe that systemd-journal should be allowed signull access on processes labeled unconfined_t by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # ausearch -c 'systemd-journal' --raw | audit2allow -M my-systemdjournal # semodule -X 300 -i my-systemdjournal.pp Additional Information: Source Context system_u:system_r:kernel_t:s0 Target Context unconfined_u:unconfined_r:unconfined_t:s0- s0:c0.c1023 Target Objects Unknown [ process ] Source systemd-journal Source Path systemd-journal Port <Unknown> Host (removed) Source RPM Packages Target RPM Packages SELinux Policy RPM selinux-policy-targeted-41.14-1.fc41.noarch Local Policy RPM selinux-policy-targeted-41.14-1.fc41.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Permissive Host Name (removed) Platform Linux (removed) 6.11.0-0.rc4.37.fc41.x86_64 #1 SMP PREEMPT_DYNAMIC Mon Aug 19 22:55:18 UTC 2024 x86_64 Alert Count 3 First Seen 2024-08-20 10:37:24 AEST Last Seen 2024-08-20 11:07:22 AEST Local ID bf3665a2-b0fa-4623-ac61-e2b320ce440d Raw Audit Messages type=AVC msg=audit(1724116042.275:269): avc: denied { signull } for pid=261 comm="systemd-journal" scontext=system_u:system_r:kernel_t:s0 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=process permissive=1 Hash: systemd-journal,kernel_t,unconfined_t,process,signull Version-Release number of selected component: selinux-policy-targeted-41.14-1.fc41.noarch Additional info: reporter: libreport-2.17.15 reason: SELinux is preventing systemd-journal from using the 'signull' accesses on a process. package: selinux-policy-targeted-41.14-1.fc41.noarch component: selinux-policy hashmarkername: setroubleshoot type: libreport kernel: 6.11.0-0.rc4.37.fc41.x86_64 comment: Logged into Xfce component: selinux-policy