Bug 820464

Summary: tuned-related ethtool boot-time SELinux alert
Product: [Fedora] Fedora Reporter: Michel Lind <michel>
Component: selinux-policy-targetedAssignee: Miroslav Grepl <mgrepl>
Status: CLOSED DUPLICATE QA Contact: Ben Levenson <benl>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 17CC: dwalsh
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2012-05-11 05:22:58 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
tuned AVC messages none

Description Michel Lind 2012-05-10 04:30:22 UTC 
Description of problem:
When the tuned "powersave" profile is active, the following SELinux alert is generated when the system is booted


SELinux is preventing /usr/sbin/ethtool from write access on the file /var/log/tuned/tuned.log.

Additional Information:
Source Context                system_u:system_r:ifconfig_t:s0
Target Context                system_u:object_r:tuned_log_t:s0
Target Objects                /var/log/tuned/tuned.log [ file ]
Source                        ethtool
Source Path                   /usr/sbin/ethtool
Port                          <Unknown>
Host                          hermione.localdomain
Source RPM Packages           ethtool-3.2-2.fc17.x86_64
Target RPM Packages           
Policy RPM                    selinux-policy-3.10.0-118.fc17.noarch

Version-Release number of selected component (if applicable):
selinux-policy-targeted-3.10.0-118.fc17.noarch
tuned-2.0.1-1.fc17.noarch
kernel-3.3.4-4.fc17.x86_64


How reproducible:
Always

Steps to Reproduce:
1. enable tuned (systemctl enable tuned.service)
2. restart
  
Actual results:
As reported

Expected results:
No warning

Additional info:
This is on a clean install of Fedora 17 TC3 x86_64, fully updated
Comment 1 Miroslav Grepl 2012-05-10 08:03:12 UTC 
Could you attach full AVC msg?

$ ausearch -m avc |grep tuned
Comment 2 Michel Lind 2012-05-11 04:14:07 UTC 
Created attachment 583713 [details]
tuned AVC messages

Certainly; the output is attached
Comment 3 Miroslav Grepl 2012-05-11 05:22:58 UTC 

*** This bug has been marked as a duplicate of bug 809832 ***