Bug 864784
| Summary: | systemd-analyze triggers selinux denial | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Chris Murphy <bugzilla> |
| Component: | selinux-policy | Assignee: | Miroslav Grepl <mgrepl> |
| Status: | CLOSED DUPLICATE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 18 | CC: | dominick.grift, dwalsh, johannbg, lnykryn, metherid, mgrepl, msekleta, notting, plautrba, systemd-maint, vpavlin |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | x86_64 | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2012-10-14 23:17:19 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
Not reproducible with selinux-policy-3.11.1-36.fc18.noarch; other component versions remain the same. 'systemd-analyze blame' still produces an SE Linux denial; whereas with no option or time option, there is no error.
[root@f18v ~]# systemd-analyze blame
ERROR:dbus.proxies:Introspect error on :1.0:/org/freedesktop/systemd1/unit/network_2eservice: dbus.exceptions.DBusException: org.freedesktop.DBus.Error.AccessDenied: SELinux policy denies access.
Traceback (most recent call last):
File "/usr/bin/systemd-analyze", line 309, in <module>
verb.get(args[0], unknown_verb)()
File "/usr/bin/systemd-analyze", line 108, in blame
data = acquire_time_data()
File "/usr/bin/systemd-analyze", line 22, in acquire_time_data
ixt = int(properties.Get('org.freedesktop.systemd1.Unit', 'InactiveExitTimestampMonotonic'))
File "/usr/lib/python2.7/site-packages/dbus/proxies.py", line 70, in __call__
return self._proxy_method(*args, **keywords)
File "/usr/lib/python2.7/site-packages/dbus/proxies.py", line 145, in __call__
**keywords)
File "/usr/lib/python2.7/site-packages/dbus/connection.py", line 651, in call_blocking
message, timeout)
dbus.exceptions.DBusException: org.freedesktop.DBus.Error.AccessDenied: SELinux policy denies access.
*** This bug has been marked as a duplicate of bug 859614 *** After applying: selinux-policy-targeted-3.11.1-38.fc18.noarch selinux-policy-3.11.1-38.fc18.noarch And autorelabel=1, "systemd-analyze blame" is working for me without the comment 2 denial. So this bug may not be a duplicate of Bug 859614. |
Description of problem: systemd-analyze results in SELinux denial Version-Release number of selected component (if applicable): systemd-analyze.x86_64 0:194-1.fc18 selinux-policy-3.11.1-32.fc18 dbus-1.6.8-2.fc18.x86_64 How reproducible: 100% Steps to Reproduce: 1. install systemd-analyze 2. run systemd-analyze Actual results: ERROR:dbus.proxies:Introspect error on :1.1:/org/freedesktop/systemd1: dbus.exceptions.DBusException: org.freedesktop.DBus.Error.AccessDenied: SELinux policy denies access. Traceback (most recent call last): File "/usr/bin/systemd-analyze", line 307, in <module> time() File "/usr/bin/systemd-analyze", line 91, in time initrd_time, start_time, finish_time = acquire_start_time() File "/usr/bin/systemd-analyze", line 34, in acquire_start_time initrd_time = int(properties.Get('org.freedesktop.systemd1.Manager', 'InitRDTimestampMonotonic')) File "/usr/lib/python2.7/site-packages/dbus/proxies.py", line 70, in __call__ return self._proxy_method(*args, **keywords) File "/usr/lib/python2.7/site-packages/dbus/proxies.py", line 145, in __call__ **keywords) File "/usr/lib/python2.7/site-packages/dbus/connection.py", line 651, in call_blocking message, timeout) dbus.exceptions.DBusException: org.freedesktop.DBus.Error.AccessDenied: SELinux policy denies access. Expected results: To report startup time stats. Additional info: audit.log reports type=USER_AVC msg=audit(1349849442.134:40): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='avc: denied { status } for auid=0 uid=0 gid=0 cmdline="/usr/bin/python /usr/bin/systemd-analyze" scontext=system_u:system_r:system_dbusd_t:s0 tcontext=system_u:system_r:init_t:s0 tclass=system exe="/usr/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?' This was working with alpha a week or two ago, so this may actually be dbus, not systemd-analyze triggering the denial.