Bug 676617
| Summary: | Bootup avc: denied on TC1 for systemd-readahead | ||||||
|---|---|---|---|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Jóhann B. Guðmundsson <johannbg> | ||||
| Component: | selinux-policy | Assignee: | Miroslav Grepl <mgrepl> | ||||
| Status: | CLOSED RAWHIDE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||
| Severity: | unspecified | Docs Contact: | |||||
| Priority: | unspecified | ||||||
| Version: | rawhide | CC: | dwalsh, mgrepl | ||||
| Target Milestone: | --- | ||||||
| Target Release: | --- | ||||||
| Hardware: | Unspecified | ||||||
| OS: | Unspecified | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | Doc Type: | Bug Fix | |||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2011-02-10 14:40:02 UTC | Type: | --- | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Attachments: |
|
||||||
systemd-readahe is related to the kernel mechanism for reporting avcs. If you looked at the syscall record you would get more information, potentially the entire path. Avcs fixed in selinux-policy-3.9.14-3.fc15.src.rpm They are still present with alpha rc1...
[ 7.179257] type=1400 audit(1298554024.392:4): avc: denied { write } for pid=393 comm="systemd-readahe" name="kmsg" dev=devtmpfs ino=4351 scontext=system_u:system_r:readahead_t:s0 tcontext=system_u:object_r:kmsg_device_t:s0 tclass=chr_file
[ 13.617210] type=1400 audit(1298554030.830:5): avc: denied { write } for pid=393 comm="systemd-readahe" path="/etc/modprobe.d" dev=dm-1 ino=1308166 scontext=system_u:system_r:readahead_t:s0 tcontext=system_u:object_r:modules_conf_t:s0 tclass=dir
[ 16.029420] type=1400 audit(1298554033.242:6): avc: denied { write } for pid=393 comm="systemd-readahe" path="/etc/tmpfiles.d" dev=dm-1 ino=1308732 scontext=system_u:system_r:readahead_t:s0 tcontext=system_u:object_r:etc_t:s0 tclass=dir
[ 16.862111] type=1400 audit(1298554034.075:7): avc: denied { write } for pid=393 comm="systemd-readahe" path="/etc/portreserve" dev=dm-1 ino=1440398 scontext=system_u:system_r:readahead_t:s0 tcontext=system_u:object_r:portreserve_etc_t:s0 tclass=dir
[ 17.317967] type=1400 audit(1298554034.530:8): avc: denied { write } for pid=393 comm="systemd-readahe" path="/etc/dbus-1/system.d" dev=dm-1 ino=1311628 scontext=system_u:system_r:readahead_t:s0 tcontext=system_u:object_r:dbusd_etc_t:s0 tclass=dir
[ 17.991566] type=1400 audit(1298554035.204:9): avc: denied { write } for pid=393 comm="systemd-readahe" path="/usr/share/dbus-1/system-services" dev=dm-1 ino=922913 scontext=system_u:system_r:readahead_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=dir
Did a fresh install Hum doing a network install with updates updates-testing does not contain these denials so it's best to leave it closed.. I'll comment on this if still present on final alpha.. |
Created attachment 478044 [details] dmesg Description of problem: see attached dmesg for details. Version-Release number of selected component (if applicable): How reproducible: Steps to Reproduce: 1. 2. 3. Actual results: Expected results: Additional info: Note comm="systemd-readahe" <-- you might want to increase the number of characters in this field and or there is a spelling error in the code somewhere for systemd-readahe this probably is supposed to be systemd-readahead atleast