Bug 284541

Summary: SELinux is preventing modprobe (insmod_t) "setsched" to (kernel_t).
Product: [Fedora] Fedora Reporter: Julian Sikorski <belegdol>
Component: selinux-policy-targetedAssignee: Daniel Walsh <dwalsh>
Status: CLOSED NEXTRELEASE QA Contact: Ben Levenson <benl>
Severity: low Docs Contact:
Priority: medium    
Version: 7   
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2007-09-11 20:48:00 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Julian Sikorski 2007-09-10 12:56:28 UTC 
Description of problem:
I am getting messages like that during boot and shutdown:
avc: denied { setsched } for comm="modprobe" pid=820
scontext=system_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=process
tcontext=system_u:system_r:kernel_t:s0 
avc: denied { setsched } for comm="modprobe" pid=1548
scontext=system_u:system_r:insmod_t:s0 tclass=process
They differ from time to time, but the general form stays the same. The two
above were grabbed with setroubleshoot from /var/log/dmesg.

Version-Release number of selected component (if applicable):
2.6.4-40.fc7

How reproducible:
always

Steps to Reproduce:
1. boot up the pc, or shut it down
  
Actual results:
The mentioned message appears

Expected results:
Boot is clean

Additional info:
According to [1], this was already fixed for rawhide. Looks like the fix wasn't
backported, though.

[1] http://www.redhat.com/archives/fedora-selinux-list/2007-July/msg00110.html
Comment 1 Daniel Walsh 2007-09-10 14:06:54 UTC 
Fixed in selinux-policy-2.6.4-42.fc7
Comment 2 Julian Sikorski 2007-09-10 15:44:28 UTC 
I guess I need to wait a bit until it gets built - cvs/koji is at 2.6.4-41.fc7
ATM. Still, thanks for the quick response.
Comment 3 Julian Sikorski 2007-09-11 08:44:59 UTC 
Erm, the build was cancelled. What is going on?
Comment 4 Julian Sikorski 2007-09-11 20:48:00 UTC 
The fix indeed works. Thanks.