Bug 736924
Summary: | SELinux is preventing /sbin/load_policy from 'read' accesses on the file policyvers. | ||||||
---|---|---|---|---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Renich Bon Ciric <renich> | ||||
Component: | selinux-policy | Assignee: | Miroslav Grepl <mgrepl> | ||||
Status: | CLOSED NOTABUG | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||
Severity: | medium | Docs Contact: | |||||
Priority: | medium | ||||||
Version: | 15 | CC: | dominick.grift, dwalsh, mgrepl | ||||
Target Milestone: | --- | ||||||
Target Release: | --- | ||||||
Hardware: | x86_64 | ||||||
OS: | Linux | ||||||
Whiteboard: | setroubleshoot_trace_hash:18c646a4f3b2f89c1a0df8b46f76dd09b03e3d4efd4e62c71f2d65781e4bb2fd | ||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2011-09-09 07:54:52 UTC | Type: | --- | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Attachments: |
|
Description
Renich Bon Ciric
2011-09-09 05:49:32 UTC
The setroubleshoot tells you what to do ***** Plugin file (36.8 confidence) suggests ******************************* If you think this is caused by a badly mislabeled machine. Then you need to fully relabel. Do touch /.autorelabel; reboot *** Bug 736925 has been marked as a duplicate of this bug. *** *** Bug 736926 has been marked as a duplicate of this bug. *** *** Bug 736927 has been marked as a duplicate of this bug. *** *** Bug 736928 has been marked as a duplicate of this bug. *** *** Bug 736922 has been marked as a duplicate of this bug. *** *** Bug 736921 has been marked as a duplicate of this bug. *** Renich did you read the alert at all? It told you that it was not a bug and how to fix. (In reply to comment #8) > Renich did you read the alert at all? It told you that it was not a bug and > how to fix. Hehee... yes, I did! ;) My thought was that, maybe, you needed all the reports in order to figure out what happened. I was trying to use boxgrinder-build; which is packaged as rubygem-boxgrinder-build. I think they never considered to talk to you. There are tons of alerts when one tries to build an image. Sorry if I made a mess. Just wanted you to have a clear picture of what boxgrinder tries to do. (In reply to comment #1) > The setroubleshoot tells you what to do > > ***** Plugin file (36.8 confidence) suggests ******************************* > > If you think this is caused by a badly mislabeled machine. > Then you need to fully relabel. > Do > > > touch /.autorelabel; reboot Man, I do a fixfiles onboot all the time. I know I am not "badly mislabeled". So you are telling me you did touch /.autorelabel; reboot and you are still getting this issue? If yes, could you try to execute # yum reinstall selinux-policy-targeted and make sure nothing blows up on reinstall. ls -lZ /sys/fs/selinux/policyvers -r--r--r--. root root system_u:object_r:security_t:s0 /sys/fs/selinux/policyvers (In reply to comment #12) > ls -lZ /sys/fs/selinux/policyvers > -r--r--r--. root root system_u:object_r:security_t:s0 > /sys/fs/selinux/policyvers # ls -lZ /sys/fs/selinux/policyvers ls: cannot access /sys/fs/selinux/policyvers: No such file or directory (In reply to comment #11) > So you are telling me you did > > touch /.autorelabel; reboot > > and you are still getting this issue? Yes; as I told you, I relabel often. Once every 2 weeks or so. > > If yes, could you try to execute > > # yum reinstall selinux-policy-targeted > > and make sure nothing blows up on reinstall. I'm doing so just now. I'll tell you what happened I guess this is on F15. ls -lZ /selinux/policyvers (In reply to comment #14) > I guess this is on F15. ls -lZ /selinux/policyvers You guessed right! ;=) # ls -lZ /selinux/policyvers -r--r--r--. root root system_u:object_r:security_t:s0 /selinux/policyvers (In reply to comment #13) > > > > If yes, could you try to execute > > > > # yum reinstall selinux-policy-targeted > > > > and make sure nothing blows up on reinstall. > > I'm doing so just now. I'll tell you what happened BTW, everything went cool; nothing blew up ;) Ok Everything looks fine. See if you can get it to happen again. Created attachment 523082 [details]
selinux errors provoked by boxgrinder-build
An image is worth a thousand SELinux blocks ;)
This happens when I run a simple: boxgrinder-build -f centos.appl
|