| Summary: | SELinux is preventing /usr/bin/file from 'read' accesses on the file /usr/bin/file. | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Devon Janitz <devonjanitz> |
| Component: | selinux-policy | Assignee: | Miroslav Grepl <mgrepl> |
| Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 16 | CC: | dominick.grift, dwalsh, mgrepl |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | x86_64 | ||
| OS: | Unspecified | ||
| Whiteboard: | abrt_hash:7219bbb3752c1459de124e3e4be4f48ef113c404f39dc0e3200f06fd87b9d62f | ||
| Fixed In Version: | selinux-policy-3.10.0-71.fc16 | Doc Type: | Bug Fix |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2012-01-11 06:18:26 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
Fixed in selinux-policy-3.10.0-69.fc16 selinux-policy-3.10.0-71.fc16 has been submitted as an update for Fedora 16. https://admin.fedoraproject.org/updates/selinux-policy-3.10.0-71.fc16 Package selinux-policy-3.10.0-71.fc16: * should fix your issue, * was pushed to the Fedora 16 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing selinux-policy-3.10.0-71.fc16' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2012-0154/selinux-policy-3.10.0-71.fc16 then log in and leave karma (feedback). selinux-policy-3.10.0-71.fc16 has been pushed to the Fedora 16 stable repository. If problems still persist, please make note of it in this bug report. |
libreport version: 2.0.8 executable: /usr/bin/python hashmarkername: setroubleshoot kernel: 3.1.6-1.fc16.x86_64 reason: SELinux is preventing /usr/bin/file from 'read' accesses on the file /usr/bin/file. time: Wed 28 Dec 2011 12:56:52 PM EST description: :SELinux is preventing /usr/bin/file from 'read' accesses on the file /usr/bin/file. : :***** Plugin catchall (100. confidence) suggests *************************** : :If you believe that file should be allowed read access on the file file by default. :Then you should report this as a bug. :You can generate a local policy module to allow this access. :Do :allow this access for now by executing: :# grep file /var/log/audit/audit.log | audit2allow -M mypol :# semodule -i mypol.pp : :Additional Information: :Source Context system_u:system_r:boinc_t:s0 :Target Context system_u:object_r:bin_t:s0 :Target Objects /usr/bin/file [ file ] :Source file :Source Path /usr/bin/file :Port <Unknown> :Host (removed) :Source RPM Packages file-5.07-6.fc16 :Target RPM Packages file-5.07-6.fc16 :Policy RPM selinux-policy-3.10.0-67.fc16 :Selinux Enabled True :Policy Type targeted :Enforcing Mode Permissive :Host Name (removed) :Platform Linux (removed) 3.1.6-1.fc16.x86_64 #1 : SMP Wed Dec 21 22:41:17 UTC 2011 x86_64 x86_64 :Alert Count 1 :First Seen Wed 28 Dec 2011 12:36:04 PM EST :Last Seen Wed 28 Dec 2011 12:36:04 PM EST :Local ID a664e7c6-6722-47b2-bb35-d92b7c715533 : :Raw Audit Messages :type=AVC msg=audit(1325093764.479:92): avc: denied { read } for pid=2304 comm="file" name="file" dev=dm-1 ino=1841094 scontext=system_u:system_r:boinc_t:s0 tcontext=system_u:object_r:bin_t:s0 tclass=file : : :type=AVC msg=audit(1325093764.479:92): avc: denied { execute } for pid=2304 comm="file" path="/usr/bin/file" dev=dm-1 ino=1841094 scontext=system_u:system_r:boinc_t:s0 tcontext=system_u:object_r:bin_t:s0 tclass=file : : :type=SYSCALL msg=audit(1325093764.479:92): arch=x86_64 syscall=execve success=yes exit=0 a0=b18ef0 a1=b18fd0 a2=b17e70 a3=20 items=0 ppid=2298 pid=2304 auid=4294967295 uid=993 gid=990 euid=993 suid=993 fsuid=993 egid=990 sgid=990 fsgid=990 tty=(none) ses=4294967295 comm=file exe=/usr/bin/file subj=system_u:system_r:boinc_t:s0 key=(null) : :Hash: file,boinc_t,bin_t,file,read : :audit2allow : :#============= boinc_t ============== :allow boinc_t bin_t:file { read execute }; : :audit2allow -R : :#============= boinc_t ============== :allow boinc_t bin_t:file { read execute }; :