| Summary: | SELinux is preventing /usr/bin/passwd from 'getattr' accesses on the chr_file /dev/media0. | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | jiker |
| Component: | selinux-policy | Assignee: | Miroslav Grepl <mgrepl> |
| Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 16 | CC: | dominick.grift, dwalsh, mgrepl |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | i686 | ||
| OS: | Unspecified | ||
| Whiteboard: | abrt_hash:940eadf5dff9a96d3c0fe360ea73aa460e147be700f461dff6ebef4b89891a45 | ||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2011-10-10 13:04:50 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
Please update your system. This is fixed in the latest policy. # yum update Also if you see issues which are similar like your AVC msgs, could you open just one bugzilla for them and tell us you have a lot of these AVC msgs. *** Bug 744600 has been marked as a duplicate of this bug. *** *** Bug 744601 has been marked as a duplicate of this bug. *** *** Bug 744602 has been marked as a duplicate of this bug. *** *** Bug 744603 has been marked as a duplicate of this bug. *** *** Bug 744604 has been marked as a duplicate of this bug. *** *** Bug 744605 has been marked as a duplicate of this bug. *** *** Bug 744606 has been marked as a duplicate of this bug. *** *** Bug 744607 has been marked as a duplicate of this bug. *** *** Bug 744608 has been marked as a duplicate of this bug. *** *** Bug 744609 has been marked as a duplicate of this bug. *** *** Bug 744610 has been marked as a duplicate of this bug. *** *** Bug 744611 has been marked as a duplicate of this bug. *** *** Bug 744612 has been marked as a duplicate of this bug. *** *** Bug 744613 has been marked as a duplicate of this bug. *** *** Bug 744614 has been marked as a duplicate of this bug. *** *** Bug 744615 has been marked as a duplicate of this bug. *** *** Bug 744599 has been marked as a duplicate of this bug. *** jiker, if you see what looks like the same bug/AVC over and over again, please report it once and then comment in the bug that you have many similar avc's. Otherwise you waste our time and yours closing all the duplicates. Thanks. (In reply to comment #19) > jiker, if you see what looks like the same bug/AVC over and over again, please > report it once and then comment in the bug that you have many similar avc's. > Otherwise you waste our time and yours closing all the duplicates. Thanks. As I already said I'm sorry to have reported all that tied bugs, it's because I misunderstand a lot of things in Linux etc ... Curently, as I have allowed SElinux to do a lot of things, I have no more SElinux alert. You can close all the bugs I have reported accidentaly, sorry again, Jiker No problem, enjoy Linux... |
libreport version: 2.0.6 executable: /usr/bin/python hashmarkername: setroubleshoot kernel: 3.1.0-0.rc6.git0.3.fc16.i686 reason: SELinux is preventing /usr/bin/passwd from 'getattr' accesses on the chr_file /dev/media0. time: Sun Oct 9 18:58:28 2011 description: :SELinux is preventing /usr/bin/passwd from 'getattr' accesses on the chr_file /dev/media0. : :***** Plugin device (91.4 confidence) suggests ***************************** : :If vous souhaitez autoriser passwd à accéder à getattr sur media0 chr_file :Then you need to change the label on /dev/media0 to a type of a similar device. :Do :# semanage fcontext -a -t SIMILAR_TYPE '/dev/media0' :# restorecon -v '/dev/media0' : :***** Plugin catchall (9.59 confidence) suggests *************************** : :If you believe that passwd should be allowed getattr access on the media0 chr_file by default. :Then you should report this as a bug. :You can generate a local policy module to allow this access. :Do :allow this access for now by executing: :# grep passwd /var/log/audit/audit.log | audit2allow -M mypol :# semodule -i mypol.pp : :Additional Information: :Source Context unconfined_u:unconfined_r:passwd_t:s0-s0:c0.c1023 :Target Context system_u:object_r:device_t:s0 :Target Objects /dev/media0 [ chr_file ] :Source passwd :Source Path /usr/bin/passwd :Port <Inconnu> :Host (removed) :Source RPM Packages passwd-0.78-3.fc15 :Target RPM Packages :Policy RPM selinux-policy-3.10.0-32.fc16 :Selinux Enabled True :Policy Type targeted :Enforcing Mode Enforcing :Host Name (removed) :Platform Linux (removed) 3.1.0-0.rc6.git0.3.fc16.i686 #1 : SMP Fri Sep 16 12:22:19 UTC 2011 i686 i686 :Alert Count 6 :First Seen dim. 09 oct. 2011 02:25:21 CEST :Last Seen dim. 09 oct. 2011 02:25:49 CEST :Local ID a1365552-315e-4caa-be71-21783c93ae71 : :Raw Audit Messages :type=AVC msg=audit(1318119949.919:263): avc: denied { getattr } for pid=1633 comm="passwd" path="/dev/media0" dev=devtmpfs ino=7815 scontext=unconfined_u:unconfined_r:passwd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:device_t:s0 tclass=chr_file : : :type=SYSCALL msg=audit(1318119949.919:263): arch=i386 syscall=stat64 success=no exit=EACCES a0=bfa190cc a1=bfa14a70 a2=4c9f5ff4 a3=8424ad4 items=0 ppid=1577 pid=1633 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=2 comm=passwd exe=/usr/bin/passwd subj=unconfined_u:unconfined_r:passwd_t:s0-s0:c0.c1023 key=(null) : :Hash: passwd,passwd_t,device_t,chr_file,getattr : :audit2allow : :#============= passwd_t ============== :allow passwd_t device_t:chr_file getattr; : :audit2allow -R : :#============= passwd_t ============== :allow passwd_t device_t:chr_file getattr; :