Bug 966110
Summary: | Permission attach_queue in class tun_socket not defined in policy | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Matthieu Saulnier <casper> |
Component: | selinux-policy | Assignee: | Miroslav Grepl <mgrepl> |
Status: | CLOSED NOTABUG | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | medium | Docs Contact: | |
Priority: | unspecified | ||
Version: | 18 | CC: | casper, dominick.grift, dwalsh, mgrepl, moez.roy |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2013-06-03 19:20:51 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Matthieu Saulnier
2013-05-22 14:00:16 UTC
If you rebuild new_module.pp does the problem go away? Is this a policy built on a newer system being installed on an older system? (In reply to Daniel Walsh from comment #1) > If you rebuild new_module.pp does the problem go away? nope > Is this a policy > built on a newer system being installed on an older system? no, it was a policy to allow postfix cleanup on my f18 server, policy has been built and installed on my f18 server In fact this message is appeared the first time just after update to selinux-policy-3.11.1-95: May 22 01:30:02 localhost dbus-daemon[532]: dbus[532]: [system] Activating service name='org.freedesktop.PackageKit' (using servicehelper) May 22 01:30:02 localhost dbus[532]: [system] Activating service name='org.freedesktop.PackageKit' (using servicehelper) May 22 01:30:02 localhost dbus-daemon[532]: dbus[532]: [system] Successfully activated service 'org.freedesktop.PackageKit' May 22 01:30:02 localhost dbus[532]: [system] Successfully activated service 'org.freedesktop.PackageKit' May 22 01:31:57 localhost yum[6031]: Updated: selinux-policy-3.11.1-95.fc18.noarch May 22 01:31:58 localhost yum[6031]: Updated: 1:perl-parent-0.225-243.fc18.noarch May 22 01:31:58 localhost yum[6031]: Updated: 1:perl-Pod-Escapes-1.04-244.fc18.noarch May 22 01:31:59 localhost yum[6031]: Updated: perl-Pod-Perldoc-3.17.00-244.fc18.noarch May 22 01:31:59 localhost yum[6031]: Updated: perl-threads-shared-1.40-244.fc18.x86_64 May 22 01:32:00 localhost yum[6031]: Updated: perl-Scalar-List-Utils-1.25-244.fc18.x86_64 May 22 01:32:00 localhost yum[6031]: Updated: perl-PathTools-3.39.2-244.fc18.x86_64 May 22 01:32:01 localhost yum[6031]: Updated: 1:perl-Pod-Simple-3.20-244.fc18.noarch May 22 01:32:01 localhost yum[6031]: Updated: perl-Carp-1.26-243.fc18.noarch May 22 01:32:02 localhost yum[6031]: Updated: 4:perl-macros-5.16.3-244.fc18.x86_64 May 22 01:32:03 localhost yum[6031]: Updated: 4:perl-libs-5.16.3-244.fc18.x86_64 May 22 01:32:03 localhost yum[6031]: Updated: 1:perl-Module-Pluggable-4.00-244.fc18.noarch May 22 01:32:04 localhost yum[6031]: Updated: perl-threads-1.86-243.fc18.x86_64 May 22 01:32:04 localhost yum[6031]: Updated: perl-Pod-Parser-1.51-244.fc18.noarch May 22 01:32:10 localhost yum[6031]: Updated: 4:perl-5.16.3-244.fc18.x86_64 May 22 01:32:11 localhost yum[6031]: Updated: perl-Data-Dumper-2.135.06-244.fc18.x86_64 May 22 01:32:11 localhost yum[6031]: Updated: perl-Test-Harness-3.23-244.fc18.noarch May 22 01:32:12 localhost yum[6031]: Updated: perl-HTTP-Tiny-0.017-244.fc18.noarch May 22 01:32:12 localhost yum[6031]: Updated: perl-Digest-1.17-244.fc18.noarch May 22 01:32:13 localhost yum[6031]: Updated: perl-ExtUtils-Manifest-1.61-243.fc18.noarch May 22 01:32:13 localhost yum[6031]: Updated: perl-ExtUtils-Install-1.58-244.fc18.noarch May 22 01:32:14 localhost yum[6031]: Updated: 1:perl-ExtUtils-ParseXS-3.16-244.fc18.noarch May 22 01:32:14 localhost yum[6031]: Updated: 4:perl-devel-5.16.3-244.fc18.x86_64 May 22 01:32:15 localhost yum[6031]: Updated: perl-ExtUtils-MakeMaker-6.63.2-244.fc18.noarch May 22 01:32:16 localhost yum[6031]: Updated: krb5-libs-1.10.3-17.fc18.x86_64 May 22 01:32:17 localhost yum[6031]: Updated: krb5-workstation-1.10.3-17.fc18.x86_64 May 22 01:32:18 localhost yum[6031]: Updated: perl-CPAN-1.9800-244.fc18.noarch May 22 01:32:18 localhost yum[6031]: Updated: perl-Test-Simple-0.98-243.fc18.noarch May 22 01:32:19 localhost yum[6031]: Updated: perl-Digest-MD5-2.51-244.fc18.x86_64 May 22 01:32:19 localhost yum[6031]: Updated: 3:perl-version-0.99-244.fc18.noarch May 22 01:32:19 localhost yum[6031]: Updated: 1:perl-Package-Constants-0.02-244.fc18.noarch May 22 01:32:20 localhost yum[6031]: Updated: 1:perl-IO-Zlib-1.10-244.fc18.noarch May 22 01:32:49 localhost kernel: [242928.681217] SELinux: Permission attach_queue in class tun_socket not defined in policy. May 22 01:32:49 localhost kernel: [242928.681223] SELinux: the above unknown classes and permissions will be allowed May 22 01:32:49 localhost dbus-daemon[532]: dbus[532]: avc: received policyload notice (seqno=2) May 22 01:32:49 localhost dbus[532]: avc: received policyload notice (seqno=2) May 22 01:32:50 localhost dbus-daemon[532]: dbus[532]: [system] Reloaded configuration May 22 01:32:50 localhost dbus[532]: [system] Reloaded configuration May 22 01:32:50 localhost yum[6031]: Updated: selinux-policy-targeted-3.11.1-95.fc18.noarch May 22 01:32:52 localhost yum[6031]: Updated: selinux-policy-doc-3.11.1-95.fc18.noarch May 22 01:33:19 localhost yum[6031]: Updated: selinux-policy-devel-3.11.1-95.fc18.noarch May 22 01:33:20 localhost yum[6031]: Updated: openldap-2.4.35-4.fc18.1.x86_64 May 22 01:33:21 localhost yum[6031]: Updated: python-lxml-3.2.1-1.fc18.x86_64 May 22 01:33:39 localhost dbus-daemon[532]: dbus[532]: [system] Activating service name='org.freedesktop.PackageKit' (using servicehelper) May 22 01:33:39 localhost dbus[532]: [system] Activating service name='org.freedesktop.PackageKit' (using servicehelper) May 22 01:33:39 localhost dbus-daemon[532]: dbus[532]: [system] Successfully activated service 'org.freedesktop.PackageKit' May 22 01:33:39 localhost dbus[532]: [system] Successfully activated service 'org.freedesktop.PackageKit' However it appeared after update to selinux-policy-3.11.1-96 too: May 24 10:33:52 localhost yum[15265]: Updated: systemd-201-2.fc18.7.x86_64 May 24 10:33:52 localhost yum[15265]: Updated: selinux-policy-3.11.1-96.fc18.noarch May 24 10:34:19 localhost yum[15265]: Updated: selinux-policy-devel-3.11.1-96.fc18.noarch May 24 10:34:21 localhost yum[15265]: Updated: selinux-policy-doc-3.11.1-96.fc18.noarch May 24 10:34:50 localhost kernel: [156879.558713] SELinux: Permission attach_queue in class tun_socket not defined in policy. May 24 10:34:50 localhost kernel: [156879.558718] SELinux: the above unknown classes and permissions will be allowed May 24 10:34:50 localhost dbus-daemon[548]: dbus[548]: avc: received policyload notice (seqno=9) May 24 10:34:50 localhost dbus[548]: avc: received policyload notice (seqno=9) May 24 10:34:50 localhost dbus-daemon[548]: dbus[548]: [system] Reloaded configuration May 24 10:34:50 localhost dbus[548]: [system] Reloaded configuration Could you remove this local policy and try to reinstall selinux-policy-targeted # semodule -r <custom_policy> # yum reinstall selinux-policy-targeted (In reply to Miroslav Grepl from comment #3) > Could you remove this local policy and try to reinstall > selinux-policy-targeted > > # semodule -r <custom_policy> > # yum reinstall selinux-policy-targeted Thanks a lot, that solved the problem: May 29 18:56:25 lancaster dbus-daemon[541]: dbus[541]: [system] Activating service name='org.freedesktop.PackageKit' (using servicehelper) May 29 18:56:25 lancaster dbus[541]: [system] Activating service name='org.freedesktop.PackageKit' (using servicehelper) May 29 18:56:25 lancaster dbus-daemon[541]: dbus[541]: [system] Successfully activated service 'org.freedesktop.PackageKit' May 29 18:56:25 lancaster dbus[541]: [system] Successfully activated service 'org.freedesktop.PackageKit' May 29 18:59:29 lancaster kernel: [99776.690162] SELinux: Permission attach_queue in class tun_socket not defined in policy. May 29 18:59:29 lancaster kernel: [99776.690169] SELinux: the above unknown classes and permissions will be allowed May 29 18:59:29 lancaster kernel: [99777.932112] [sched_delayed] sched: RT throttling activated May 29 18:59:29 lancaster dbus-daemon[541]: dbus[541]: avc: received policyload notice (seqno=7) May 29 18:59:29 lancaster dbus[541]: avc: received policyload notice (seqno=7) May 29 18:59:29 lancaster dbus-daemon[541]: dbus[541]: [system] Reloaded configuration May 29 18:59:29 lancaster dbus[541]: [system] Reloaded configuration May 29 18:59:31 lancaster yum[31025]: Installed: selinux-policy-targeted-3.11.1-96.fc18.noarch May 29 18:59:31 lancaster dbus-daemon[541]: dbus[541]: [system] Activating service name='org.freedesktop.PackageKit' (using servicehelper) May 29 18:59:31 lancaster dbus[541]: [system] Activating service name='org.freedesktop.PackageKit' (using servicehelper) May 29 18:59:31 lancaster dbus-daemon[541]: dbus[541]: [system] Successfully activated service 'org.freedesktop.PackageKit' May 29 18:59:31 lancaster dbus[541]: [system] Successfully activated service 'org.freedesktop.PackageKit' Great. |