Bug 591314
Summary: | SELinux is preventing setsebool "sys_admin" access . | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | storri |
Component: | selinux-policy | Assignee: | Daniel Walsh <dwalsh> |
Status: | CLOSED INSUFFICIENT_DATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | medium | Docs Contact: | |
Priority: | low | ||
Version: | 12 | CC: | dwalsh, eparis, jmorris, mgrepl, sdsmall, storri |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | x86_64 | ||
OS: | Linux | ||
Whiteboard: | setroubleshoot_trace_hash:d4c2b90f077ef737362aff651fcccab2324d2cf82621a0a3e29141d2df1dd897 | ||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2010-08-19 11:31:51 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
storri
2010-05-11 20:53:37 UTC
What were you doing when this happened? The system had started up after being suspended. I have no idea why this access would be requested by setsebool. Any idea where the setsebool command is being called? Are you running nis/ypbind? If it can be reproduced, enable syscall audit first and reproduce it. stori, You can do this by executing # auditctl -w /etc/shadow -p w Put the machine to sleep and then wake it up. If the AVC happens again. gather all of the avc data and paste it in here. ausearch -m avc -ts recent Will collect recent avc messages. I followed Daniel's instructions. I did the following 1. Typed 'auditctl -w /etc/shadow -p w' as root 2. Closed the lid to the laptop 3. Waited until it was fully asleep then I opened the lid 4. Typed 'ausearch -m avc -ts recent' but no matches were reported. So I cannot reproduce this at least for now. Sorry. |