Bug 852927
| Summary: | SELinux is preventing /usr/lib64/realmd/realmd from 'read' accesses on the file gphoto2.monitor. | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Iván Jiménez <icj> | ||||||
| Component: | selinux-policy | Assignee: | Miroslav Grepl <mgrepl> | ||||||
| Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||||
| Severity: | unspecified | Docs Contact: | |||||||
| Priority: | unspecified | ||||||||
| Version: | 19 | CC: | dominick.grift, dwalsh, mgrepl, stephent98 | ||||||
| Target Milestone: | --- | ||||||||
| Target Release: | --- | ||||||||
| Hardware: | x86_64 | ||||||||
| OS: | Unspecified | ||||||||
| Whiteboard: | abrt_hash:dbffdd6a1d87e365c1f11c4006d223ae14d113976099a468d016494e3faaeb6a | ||||||||
| Fixed In Version: | Doc Type: | Bug Fix | |||||||
| Doc Text: | Story Points: | --- | |||||||
| Clone Of: | Environment: | ||||||||
| Last Closed: | 2013-04-19 05:51:18 UTC | Type: | --- | ||||||
| Regression: | --- | Mount Type: | --- | ||||||
| Documentation: | --- | CRM: | |||||||
| Verified Versions: | Category: | --- | |||||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||||
| Embargoed: | |||||||||
| Attachments: |
|
||||||||
Created attachment 608033 [details]
File: type
Created attachment 608034 [details]
File: hashmarkername
Fixed in selinux-policy-3.11.1-8.fc18.noarch This bug appears to have been reported against 'rawhide' during the Fedora 19 development cycle. Changing version to '19'. (As we did not run this process for some time, it could affect also pre-Fedora 19 development cycle bugs. We are very sorry. It will help us with cleanup during Fedora 19 End Of Life. Thank you.) More information and reason for this action is here: https://fedoraproject.org/wiki/BugZappers/HouseKeeping/Fedora19 selinux-policy-3.12.1-28.fc19 has been submitted as an update for Fedora 19. https://admin.fedoraproject.org/updates/FEDORA-2013-5045/selinux-policy-3.12.1-28.fc19 Package selinux-policy-3.12.1-28.fc19: * should fix your issue, * was pushed to the Fedora 19 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing selinux-policy-3.12.1-28.fc19' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2013-5045/selinux-policy-3.12.1-28.fc19 then log in and leave karma (feedback). selinux-policy-3.12.1-28.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report. |
Additional info: libreport version: 2.0.13 kernel: 3.6.0-0.rc2.git2.1.fc18.x86_64 description: :SELinux is preventing /usr/lib64/realmd/realmd from 'read' accesses on the file gphoto2.monitor. : :***** Plugin catchall_labels (83.8 confidence) suggests ******************** : :If you want to allow realmd to have read access on the gphoto2.monitor file :Then you need to change the label on gphoto2.monitor :Do :# semanage fcontext -a -t FILE_TYPE 'gphoto2.monitor' :where FILE_TYPE is one of the following: machineid_t, samba_net_exec_t, samba_etc_t, abrt_var_run_t, realmd_exec_t, sysctl_crypto_t, locale_t, etc_t, realmd_t, ld_so_t, abrt_t, lib_t, dbusd_etc_t, sssd_public_t, userdomain, cpu_online_t, afs_cache_t, abrt_helper_exec_t, user_cron_spool_t, sssd_conf_t, krb5_conf_t, textrel_shlib_t, rpm_script_tmp_t, ld_so_cache_t, system_dbusd_var_lib_t. :Then execute: :restorecon -v 'gphoto2.monitor' : : :***** Plugin catchall (17.1 confidence) suggests *************************** : :If you believe that realmd should be allowed read access on the gphoto2.monitor file by default. :Then you should report this as a bug. :You can generate a local policy module to allow this access. :Do :allow this access for now by executing: :# grep realmd /var/log/audit/audit.log | audit2allow -M mypol :# semodule -i mypol.pp : :Additional Information: :Source Context system_u:system_r:realmd_t:s0-s0:c0.c1023 :Target Context system_u:object_r:usr_t:s0 :Target Objects gphoto2.monitor [ file ] :Source realmd :Source Path /usr/lib64/realmd/realmd :Port <Unknown> :Host (removed) :Source RPM Packages realmd-0.6-1.fc18.x86_64 :Target RPM Packages :Policy RPM selinux-policy-3.11.1-7.fc18.noarch :Selinux Enabled True :Policy Type targeted :Enforcing Mode Enforcing :Host Name (removed) :Platform Linux (removed) 3.6.0-0.rc2.git2.1.fc18.x86_64 #1 : SMP Wed Aug 22 11:54:04 UTC 2012 x86_64 x86_64 :Alert Count 3 :First Seen 2012-08-29 22:51:15 EDT :Last Seen 2012-08-29 22:51:15 EDT :Local ID 0fc55b93-56a2-4cf2-bc67-4d12e39d734b : :Raw Audit Messages :type=AVC msg=audit(1346295075.379:247): avc: denied { read } for pid=1142 comm="realmd" name="gphoto2.monitor" dev="dm-0" ino=33629 scontext=system_u:system_r:realmd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:usr_t:s0 tclass=file : : :type=SYSCALL msg=audit(1346295075.379:247): arch=x86_64 syscall=open success=no exit=EACCES a0=7f53d8e49900 a1=0 a2=0 a3=2 items=0 ppid=1141 pid=1142 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=realmd exe=/usr/lib64/realmd/realmd subj=system_u:system_r:realmd_t:s0-s0:c0.c1023 key=(null) : :Hash: realmd,realmd_t,usr_t,file,read : :audit2allow : :#============= realmd_t ============== :allow realmd_t usr_t:file read; : :audit2allow -R : :#============= realmd_t ============== :allow realmd_t usr_t:file read; :