Bug 870437

Summary: SELinux is preventing firewalld from 'read' accesses on the directory /var/tmp.
Product: [Fedora] Fedora Reporter: Antonio A. Olivares <olivares14031>
Component: selinux-policyAssignee: Miroslav Grepl <mgrepl>
Status: CLOSED NEXTRELEASE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 17CC: dominick.grift, dwalsh, mgrepl
Target Milestone: ---   
Target Release: ---   
Hardware: i686   
OS: Unspecified   
Whiteboard: abrt_hash:0faa8c01d219bd792dda77971458058b26aeb7410c3c89877dacfbefdfef0104
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-07-08 09:06:02 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
File: type
none
File: hashmarkername none

Description Antonio A. Olivares 2012-10-26 13:29:26 UTC 
Additional info:
libreport version: 2.0.17
kernel:         3.6.2-4.fc17.i686

description:
:SELinux is preventing firewalld from 'read' accesses on the directory /var/tmp.
:
:*****  Plugin catchall (100. confidence) suggests  ***************************
:
:If you believe that firewalld should be allowed read access on the tmp directory by default.
:Then you should report this as a bug.
:You can generate a local policy module to allow this access.
:Do
:allow this access for now by executing:
:# grep firewalld /var/log/audit/audit.log | audit2allow -M mypol
:# semodule -i mypol.pp
:
:Additional Information:
:Source Context                system_u:system_r:firewalld_t:s0
:Target Context                system_u:object_r:tmp_t:s0
:Target Objects                /var/tmp [ dir ]
:Source                        firewalld
:Source Path                   firewalld
:Port                          <Unknown>
:Host                          (removed)
:Source RPM Packages           
:Target RPM Packages           filesystem-3-2.fc17.i686
:Policy RPM                    selinux-policy-3.10.0-156.fc17.noarch
:Selinux Enabled               True
:Policy Type                   targeted
:Enforcing Mode                Enforcing
:Host Name                     (removed)
:Platform                      Linux (removed) 3.6.2-4.fc17.i686 #1 SMP Wed Oct
:                              17 03:22:23 UTC 2012 i686 i686
:Alert Count                   3
:First Seen                    2012-10-19 09:57:38 CDT
:Last Seen                     2012-10-26 08:04:55 CDT
:Local ID                      b84fb881-f02d-452e-8330-f05b52c2326b
:
:Raw Audit Messages
:type=AVC msg=audit(1351256695.503:34): avc:  denied  { read } for  pid=618 comm="firewalld" name="tmp" dev="dm-1" ino=1103 scontext=system_u:system_r:firewalld_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=dir
:
:
:Hash: firewalld,firewalld_t,tmp_t,dir,read
:
:audit2allow
:
:#============= firewalld_t ==============
:allow firewalld_t tmp_t:dir read;
:
:audit2allow -R
:
:#============= firewalld_t ==============
:allow firewalld_t tmp_t:dir read;
:
Comment 1 Antonio A. Olivares 2012-10-26 13:29:28 UTC 
Created attachment 633849 [details]
File: type
Comment 2 Antonio A. Olivares 2012-10-26 13:29:35 UTC 
Created attachment 633850 [details]
File: hashmarkername
Comment 3 Miroslav Grepl 2012-10-29 19:38:42 UTC 
Another setsched/sys_nice issue.
Comment 4 Fedora End Of Life 2013-07-04 00:51:52 UTC 
This message is a reminder that Fedora 17 is nearing its end of life.
Approximately 4 (four) weeks from now Fedora will stop maintaining
and issuing updates for Fedora 17. It is Fedora's policy to close all
bug reports from releases that are no longer maintained. At that time
this bug will be closed as WONTFIX if it remains open with a Fedora 
'version' of '17'.

Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained version, simply change the 'version' 
to a later Fedora version prior to Fedora 17's end of life.

Bug Reporter:  Thank you for reporting this issue and we are sorry that 
we may not be able to fix it before Fedora 17 is end of life. If you 
would still like  to see this bug fixed and are able to reproduce it 
against a later version  of Fedora, you are encouraged  change the 
'version' to a later Fedora version prior to Fedora 17's end of life.

Although we aim to fix as many bugs as possible during every release's 
lifetime, sometimes those efforts are overtaken by events. Often a 
more recent Fedora release includes newer upstream software that fixes 
bugs or makes them obsolete.