Bug 966544

Summary:

SELinux is preventing /usr/bin/bash from 'create' accesses on the file vboxadd-service.

Product:

[Fedora] Fedora

Reporter:

Moez Roy <moez.roy>

Component:

selinux-policy

Assignee:

Miroslav Grepl <mgrepl>

Status:

CLOSED WONTFIX

QA Contact:

Fedora Extras Quality Assurance <extras-qa>

Severity:

unspecified

Docs Contact:

Priority:

unspecified

Version:

CC:

dominick.grift, dwalsh, mgrepl, moez.roy

Target Milestone:

---

Target Release:

---

Hardware:

x86_64

OS:

Unspecified

Whiteboard:

abrt_hash:90e0549baa6f7a3ff653e2dce92be5c1b3da2dda6bbfb9661b88bb26d93bc918

Fixed In Version:

Doc Type:

Bug Fix

Doc Text:

Story Points:

---

Clone Of:

Environment:

Last Closed:

2014-02-05 23:10:07 UTC

Type:

---

Regression:

---

Mount Type:

---

Documentation:

---

CRM:

Verified Versions:

Category:

---

oVirt Team:

---

RHEL 7.3 requirements from Atomic Host:

Cloudforms Team:

---

Target Upstream Version:

Embargoed:

Attachments:

Description	Flags
vboxadd initial policy	none

Description Moez Roy 2013-05-23 12:59:10 UTC

Description of problem:
SELinux is preventing /usr/bin/bash from 'create' accesses on the file vboxadd-service.

*****  Plugin catchall (100. confidence) suggests  ***************************

If you believe that bash should be allowed create access on the vboxadd-service file by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# grep vboxadd-service /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp

Additional Information:
Source Context                system_u:system_r:init_t:s0
Target Context                system_u:object_r:var_lock_t:s0
Target Objects                vboxadd-service [ file ]
Source                        vboxadd-service
Source Path                   /usr/bin/bash
Port                          <Unknown>
Host                          (removed)
Source RPM Packages           bash-4.2.45-1.fc18.x86_64
Target RPM Packages           
Policy RPM                    selinux-policy-3.11.1-96.fc18.noarch
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Enforcing
Host Name                     (removed)
Platform                      Linux (removed) 3.9.2-200.fc18.x86_64 #1 SMP Mon
                              May 13 13:59:47 UTC 2013 x86_64 x86_64
Alert Count                   1
First Seen                    2013-05-23 05:50:16 PDT
Last Seen                     2013-05-23 05:50:16 PDT
Local ID                      b44078b1-1502-48f3-9e7c-7061f9cbdd79

Raw Audit Messages
type=AVC msg=audit(1369313416.723:30): avc:  denied  { create } for  pid=572 comm="vboxadd-service" name="vboxadd-service" scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:var_lock_t:s0 tclass=file


type=SYSCALL msg=audit(1369313416.723:30): arch=x86_64 syscall=open success=no exit=EACCES a0=2866170 a1=241 a2=1b6 a3=0 items=0 ppid=1 pid=572 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 ses=4294967295 tty=(none) comm=vboxadd-service exe=/usr/bin/bash subj=system_u:system_r:init_t:s0 key=(null)

Hash: vboxadd-service,init_t,var_lock_t,file,create

audit2allow

#============= init_t ==============
allow init_t var_lock_t:file create;

audit2allow -R
require {
	type init_t;
}

#============= init_t ==============
files_manage_generic_locks(init_t)


Additional info:
hashmarkername: setroubleshoot
kernel:         3.9.2-200.fc18.x86_64
type:           libreport

Comment 1 Miroslav Grepl 2013-05-24 07:12:26 UTC

We will need to create a policy for vboxadd-service.

Comment 2 Daniel Walsh 2013-05-24 18:59:44 UTC

quickbooks.office have you disabled unconfined module?

Comment 3 Moez Roy 2013-05-25 15:02:46 UTC

(In reply to Daniel Walsh from comment #2)
> quickbooks.office have you disabled unconfined module?

Yes I did:
sudo semodule -d unconfined

This is inside a Fedora 18 guest which has VirtualBox Guest Additions installed.

Comment 4 Miroslav Grepl 2013-05-28 11:05:23 UTC

*** Bug 967645 has been marked as a duplicate of this bug. ***

Comment 5 Miroslav Grepl 2013-05-29 10:00:11 UTC

*** Bug 968171 has been marked as a duplicate of this bug. ***

Comment 6 Miroslav Grepl 2013-05-29 10:01:18 UTC

*** Bug 968170 has been marked as a duplicate of this bug. ***

Comment 7 Miroslav Grepl 2013-06-03 06:21:55 UTC

*** Bug 969711 has been marked as a duplicate of this bug. ***

Comment 8 Miroslav Grepl 2013-06-03 19:05:27 UTC

Created attachment 756469 [details]
vboxadd initial policy

Could you please download the archive, unpack it and run

# sh vboxadd.sh

re-test it and run

# id -Z
# ausearch -m avc -ts recent

Comment 9 Miroslav Grepl 2013-06-03 19:05:45 UTC

*** Bug 969729 has been marked as a duplicate of this bug. ***

Comment 10 Miroslav Grepl 2013-06-03 19:11:56 UTC

*** Bug 969730 has been marked as a duplicate of this bug. ***

Comment 11 Moez Roy 2013-06-04 01:44:36 UTC

[user@localhost ~]$ cd Down*
[user@localhost Downloads]$ sudo sh vboxadd.sh
[sudo] password for user: 
Building and Loading Policy
+ make -f /usr/share/selinux/devel/Makefile vboxadd.pp
Compiling targeted vboxadd module
/usr/bin/checkmodule:  loading policy configuration from tmp/vboxadd.tmp
/usr/bin/checkmodule:  policy configuration loaded
/usr/bin/checkmodule:  writing binary representation (version 15) to tmp/vboxadd.mod
Creating targeted vboxadd.pp policy package
rm tmp/vboxadd.mod tmp/vboxadd.mod.fc
+ /usr/sbin/semodule -i vboxadd.pp
+ sepolicy manpage -p . -d vboxadd_t
./vboxadd_selinux.8
++ pwd
+ pwd=/home/user/Downloads
+ rpmbuild --define '_sourcedir /home/user/Downloads' --define '_specdir /home/user/Downloads' --define '_builddir /home/user/Downloads' --define '_srcrpmdir /home/user/Downloads' --define '_rpmdir /home/user/Downloads' --define '_buildrootdir /home/user/Downloads/.build' -ba vboxadd_selinux.spec
vboxadd.sh: line 51: rpmbuild: command not found
+ /sbin/restorecon -F -R -v /usr/bin/VBoxService
/sbin/restorecon:  lstat(/usr/bin/VBoxService) failed:  No such file or directory
+ /sbin/restorecon -F -R -v /usr/lib/systemd/system/vboxservice.service
/sbin/restorecon:  lstat(/usr/lib/systemd/system/vboxservice.service) failed:  No such file or directory
[user@localhost Downloads]$ 


[user@localhost ~]$ sudo id -Z
[sudo] password for user: 
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
[user@localhost ~]$ sudo ausearch -m avc -ts recent
----
time->Mon Jun  3 18:21:25 2013
type=SYSCALL msg=audit(1370308885.392:370): arch=c000003e syscall=87 success=no exit=-13 a0=7fff508c4ecd a1=7fff508c4ecd a2=7fff508c3740 a3=7fff508c34b0 items=0 ppid=3032 pid=3042 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 ses=4294967295 tty=(none) comm="ln" exe="/usr/bin/ln" subj=system_u:system_r:initrc_t:s0 key=(null)
type=AVC msg=audit(1370308885.392:370): avc:  denied  { write } for  pid=3042 comm="ln" name="anaconda.target.wants" dev="sda2" ino=270171 scontext=system_u:system_r:initrc_t:s0 tcontext=system_u:object_r:systemd_unit_file_t:s0 tclass=dir
----
time->Mon Jun  3 18:21:25 2013
type=SYSCALL msg=audit(1370308885.395:371): arch=c000003e syscall=87 success=no exit=-13 a0=7fffa1d7cecc a1=7fffa1d7cecc a2=7fffa1d7b780 a3=7fffa1d7b4f0 items=0 ppid=3032 pid=3043 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 ses=4294967295 tty=(none) comm="ln" exe="/usr/bin/ln" subj=system_u:system_r:initrc_t:s0 key=(null)
type=AVC msg=audit(1370308885.395:371): avc:  denied  { write } for  pid=3043 comm="ln" name="anaconda.target.wants" dev="sda2" ino=270171 scontext=system_u:system_r:initrc_t:s0 tcontext=system_u:object_r:systemd_unit_file_t:s0 tclass=dir
----
time->Mon Jun  3 18:21:26 2013
type=SYSCALL msg=audit(1370308886.717:374): arch=c000003e syscall=87 success=no exit=-13 a0=7fffc4910ecd a1=7fffc4910ecd a2=7fffc4910770 a3=7fffc49104e0 items=0 ppid=3079 pid=3089 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 ses=4294967295 tty=(none) comm="ln" exe="/usr/bin/ln" subj=system_u:system_r:initrc_t:s0 key=(null)
type=AVC msg=audit(1370308886.717:374): avc:  denied  { write } for  pid=3089 comm="ln" name="anaconda.target.wants" dev="sda2" ino=270171 scontext=system_u:system_r:initrc_t:s0 tcontext=system_u:object_r:systemd_unit_file_t:s0 tclass=dir
----
time->Mon Jun  3 18:21:26 2013
type=SYSCALL msg=audit(1370308886.721:375): arch=c000003e syscall=87 success=no exit=-13 a0=7ffff7d64ecc a1=7ffff7d64ecc a2=7ffff7d638a0 a3=7ffff7d63610 items=0 ppid=3079 pid=3090 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 ses=4294967295 tty=(none) comm="ln" exe="/usr/bin/ln" subj=system_u:system_r:initrc_t:s0 key=(null)
type=AVC msg=audit(1370308886.721:375): avc:  denied  { write } for  pid=3090 comm="ln" name="anaconda.target.wants" dev="sda2" ino=270171 scontext=system_u:system_r:initrc_t:s0 tcontext=system_u:object_r:systemd_unit_file_t:s0 tclass=dir
----
time->Mon Jun  3 18:21:26 2013
type=SYSCALL msg=audit(1370308886.991:378): arch=c000003e syscall=87 success=no exit=-13 a0=7fffbbe99ecd a1=7fffbbe99ecd a2=7fffbbe98340 a3=7fffbbe980b0 items=0 ppid=3186 pid=3196 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 ses=4294967295 tty=(none) comm="ln" exe="/usr/bin/ln" subj=system_u:system_r:initrc_t:s0 key=(null)
type=AVC msg=audit(1370308886.991:378): avc:  denied  { write } for  pid=3196 comm="ln" name="anaconda.target.wants" dev="sda2" ino=270171 scontext=system_u:system_r:initrc_t:s0 tcontext=system_u:object_r:systemd_unit_file_t:s0 tclass=dir
----
time->Mon Jun  3 18:21:26 2013
type=SYSCALL msg=audit(1370308886.993:379): arch=c000003e syscall=87 success=no exit=-13 a0=7fff768f1ecc a1=7fff768f1ecc a2=7fff768f1630 a3=7fff768f13a0 items=0 ppid=3186 pid=3197 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 ses=4294967295 tty=(none) comm="ln" exe="/usr/bin/ln" subj=system_u:system_r:initrc_t:s0 key=(null)
type=AVC msg=audit(1370308886.993:379): avc:  denied  { write } for  pid=3197 comm="ln" name="anaconda.target.wants" dev="sda2" ino=270171 scontext=system_u:system_r:initrc_t:s0 tcontext=system_u:object_r:systemd_unit_file_t:s0 tclass=dir
----
time->Mon Jun  3 18:21:30 2013
type=SYSCALL msg=audit(1370308890.044:381): arch=c000003e syscall=87 success=no exit=-13 a0=7fffd9676ecc a1=7fffd9676ecc a2=7fffd96749f0 a3=7fffd9674760 items=0 ppid=3429 pid=3440 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 ses=4294967295 tty=(none) comm="ln" exe="/usr/bin/ln" subj=system_u:system_r:initrc_t:s0 key=(null)
type=AVC msg=audit(1370308890.044:381): avc:  denied  { write } for  pid=3440 comm="ln" name="anaconda.target.wants" dev="sda2" ino=270171 scontext=system_u:system_r:initrc_t:s0 tcontext=system_u:object_r:systemd_unit_file_t:s0 tclass=dir
----
time->Mon Jun  3 18:21:30 2013
type=SYSCALL msg=audit(1370308890.136:382): arch=c000003e syscall=87 success=no exit=-13 a0=7fff6c6abecd a1=7fff6c6abecd a2=7fff6c6aa710 a3=7fff6c6aa480 items=0 ppid=3457 pid=3467 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 ses=4294967295 tty=(none) comm="ln" exe="/usr/bin/ln" subj=system_u:system_r:initrc_t:s0 key=(null)
type=AVC msg=audit(1370308890.136:382): avc:  denied  { write } for  pid=3467 comm="ln" name="anaconda.target.wants" dev="sda2" ino=270171 scontext=system_u:system_r:initrc_t:s0 tcontext=system_u:object_r:systemd_unit_file_t:s0 tclass=dir
----
time->Mon Jun  3 18:21:30 2013
type=SYSCALL msg=audit(1370308890.141:383): arch=c000003e syscall=87 success=no exit=-13 a0=7fff7e398ecc a1=7fff7e398ecc a2=7fff7e397110 a3=7fff7e396e80 items=0 ppid=3457 pid=3469 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 ses=4294967295 tty=(none) comm="ln" exe="/usr/bin/ln" subj=system_u:system_r:initrc_t:s0 key=(null)
type=AVC msg=audit(1370308890.141:383): avc:  denied  { write } for  pid=3469 comm="ln" name="anaconda.target.wants" dev="sda2" ino=270171 scontext=system_u:system_r:initrc_t:s0 tcontext=system_u:object_r:systemd_unit_file_t:s0 tclass=dir
----
time->Mon Jun  3 18:21:30 2013
type=SYSCALL msg=audit(1370308890.040:380): arch=c000003e syscall=87 success=no exit=-13 a0=7fffd6072ecd a1=7fffd6072ecd a2=7fffd6071090 a3=7fffd6070e00 items=0 ppid=3429 pid=3439 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 ses=4294967295 tty=(none) comm="ln" exe="/usr/bin/ln" subj=system_u:system_r:initrc_t:s0 key=(null)
type=AVC msg=audit(1370308890.040:380): avc:  denied  { write } for  pid=3439 comm="ln" name="anaconda.target.wants" dev="sda2" ino=270171 scontext=system_u:system_r:initrc_t:s0 tcontext=system_u:object_r:systemd_unit_file_t:s0 tclass=dir
----
time->Mon Jun  3 18:22:10 2013
type=SYSCALL msg=audit(1370308930.530:389): arch=c000003e syscall=87 success=no exit=-13 a0=7fffbf5a9ecd a1=7fffbf5a9ecd a2=7fffbf5a8040 a3=7fffbf5a7db0 items=0 ppid=5367 pid=5377 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 ses=4294967295 tty=(none) comm="ln" exe="/usr/bin/ln" subj=system_u:system_r:initrc_t:s0 key=(null)
type=AVC msg=audit(1370308930.530:389): avc:  denied  { write } for  pid=5377 comm="ln" name="anaconda.target.wants" dev="sda2" ino=270171 scontext=system_u:system_r:initrc_t:s0 tcontext=system_u:object_r:systemd_unit_file_t:s0 tclass=dir
----
time->Mon Jun  3 18:22:10 2013
type=SYSCALL msg=audit(1370308930.534:390): arch=c000003e syscall=87 success=no exit=-13 a0=7fff044c2ecc a1=7fff044c2ecc a2=7fff044c0d00 a3=7fff044c0a70 items=0 ppid=5367 pid=5378 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 ses=4294967295 tty=(none) comm="ln" exe="/usr/bin/ln" subj=system_u:system_r:initrc_t:s0 key=(null)
type=AVC msg=audit(1370308930.534:390): avc:  denied  { write } for  pid=5378 comm="ln" name="anaconda.target.wants" dev="sda2" ino=270171 scontext=system_u:system_r:initrc_t:s0 tcontext=system_u:object_r:systemd_unit_file_t:s0 tclass=dir
----
time->Mon Jun  3 18:22:10 2013
type=SYSCALL msg=audit(1370308930.605:391): arch=c000003e syscall=87 success=no exit=-13 a0=7fffb4cd3ecd a1=7fffb4cd3ecd a2=7fffb4cd1e80 a3=7fffb4cd1bf0 items=0 ppid=5389 pid=5399 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 ses=4294967295 tty=(none) comm="ln" exe="/usr/bin/ln" subj=system_u:system_r:initrc_t:s0 key=(null)
type=AVC msg=audit(1370308930.605:391): avc:  denied  { write } for  pid=5399 comm="ln" name="anaconda.target.wants" dev="sda2" ino=270171 scontext=system_u:system_r:initrc_t:s0 tcontext=system_u:object_r:systemd_unit_file_t:s0 tclass=dir
----
time->Mon Jun  3 18:22:10 2013
type=SYSCALL msg=audit(1370308930.607:392): arch=c000003e syscall=87 success=no exit=-13 a0=7fff3feffecc a1=7fff3feffecc a2=7fff3feff090 a3=7fff3fefee00 items=0 ppid=5389 pid=5400 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 ses=4294967295 tty=(none) comm="ln" exe="/usr/bin/ln" subj=system_u:system_r:initrc_t:s0 key=(null)
type=AVC msg=audit(1370308930.607:392): avc:  denied  { write } for  pid=5400 comm="ln" name="anaconda.target.wants" dev="sda2" ino=270171 scontext=system_u:system_r:initrc_t:s0 tcontext=system_u:object_r:systemd_unit_file_t:s0 tclass=dir
----
time->Mon Jun  3 18:22:10 2013
type=SYSCALL msg=audit(1370308930.694:393): arch=c000003e syscall=165 success=no exit=-13 a0=0 a1=7f520fcacaf0 a2=4586fb a3=4 items=0 ppid=1 pid=5431 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 ses=4294967295 tty=(none) comm="automount" exe="/opt/VBoxGuestAdditions-4.2.51/sbin/VBoxService" subj=system_u:system_r:initrc_t:s0 key=(null)
type=AVC msg=audit(1370308930.694:393): avc:  denied  { mounton } for  pid=5431 comm="automount" path="/media/sf_IsolatedV19" dev="sda2" ino=133012 scontext=system_u:system_r:initrc_t:s0 tcontext=system_u:object_r:mnt_t:s0 tclass=dir
----
time->Mon Jun  3 18:22:10 2013
type=SYSCALL msg=audit(1370308930.710:394): arch=c000003e syscall=2 success=no exit=-13 a0=b5a170 a1=241 a2=1b6 a3=0 items=0 ppid=1 pid=5415 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 ses=4294967295 tty=(none) comm="vboxadd-service" exe="/usr/bin/bash" subj=system_u:system_r:init_t:s0 key=(null)
type=AVC msg=audit(1370308930.710:394): avc:  denied  { create } for  pid=5415 comm="vboxadd-service" name="vboxadd-service" scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:var_lock_t:s0 tclass=file
----
time->Mon Jun  3 18:22:10 2013
type=SYSCALL msg=audit(1370308930.770:396): arch=c000003e syscall=87 success=no exit=-13 a0=7fffe11c4ecd a1=7fffe11c4ecd a2=7fffe11c2e00 a3=7fffe11c2b70 items=0 ppid=5446 pid=5456 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 ses=4294967295 tty=(none) comm="ln" exe="/usr/bin/ln" subj=system_u:system_r:initrc_t:s0 key=(null)
type=AVC msg=audit(1370308930.770:396): avc:  denied  { write } for  pid=5456 comm="ln" name="anaconda.target.wants" dev="sda2" ino=270171 scontext=system_u:system_r:initrc_t:s0 tcontext=system_u:object_r:systemd_unit_file_t:s0 tclass=dir
----
time->Mon Jun  3 18:22:10 2013
type=SYSCALL msg=audit(1370308930.772:397): arch=c000003e syscall=87 success=no exit=-13 a0=7fff10561ecc a1=7fff10561ecc a2=7fff10561360 a3=7fff105610d0 items=0 ppid=5446 pid=5457 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 ses=4294967295 tty=(none) comm="ln" exe="/usr/bin/ln" subj=system_u:system_r:initrc_t:s0 key=(null)
type=AVC msg=audit(1370308930.772:397): avc:  denied  { write } for  pid=5457 comm="ln" name="anaconda.target.wants" dev="sda2" ino=270171 scontext=system_u:system_r:initrc_t:s0 tcontext=system_u:object_r:systemd_unit_file_t:s0 tclass=dir
----
time->Mon Jun  3 18:22:10 2013
type=SYSCALL msg=audit(1370308930.832:398): arch=c000003e syscall=87 success=no exit=-13 a0=7fff2d864ecd a1=7fff2d864ecd a2=7fff2d8632a0 a3=7fff2d863010 items=0 ppid=5466 pid=5476 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 ses=4294967295 tty=(none) comm="ln" exe="/usr/bin/ln" subj=system_u:system_r:initrc_t:s0 key=(null)
type=AVC msg=audit(1370308930.832:398): avc:  denied  { write } for  pid=5476 comm="ln" name="anaconda.target.wants" dev="sda2" ino=270171 scontext=system_u:system_r:initrc_t:s0 tcontext=system_u:object_r:systemd_unit_file_t:s0 tclass=dir
----
time->Mon Jun  3 18:22:10 2013
type=SYSCALL msg=audit(1370308930.833:399): arch=c000003e syscall=87 success=no exit=-13 a0=7fff3ed30ecc a1=7fff3ed30ecc a2=7fff3ed2fd20 a3=7fff3ed2fa90 items=0 ppid=5466 pid=5477 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 ses=4294967295 tty=(none) comm="ln" exe="/usr/bin/ln" subj=system_u:system_r:initrc_t:s0 key=(null)
type=AVC msg=audit(1370308930.833:399): avc:  denied  { write } for  pid=5477 comm="ln" name="anaconda.target.wants" dev="sda2" ino=270171 scontext=system_u:system_r:initrc_t:s0 tcontext=system_u:object_r:systemd_unit_file_t:s0 tclass=dir
[user@localhost ~]$ 



http://www.virtualbox.org/download/testcase/VirtualBox-4.2.51-86055-Linux_amd64.run

Comment 12 Moez Roy 2013-06-22 04:49:18 UTC

can you put the  vboxadd initial policy  into selinux-policy fc18 & fc19.

thanks

Comment 13 Moez Roy 2013-06-22 04:50:01 UTC

the above url is now 404

Comment 14 Miroslav Grepl 2013-06-24 05:52:40 UTC

The problem is

+ /sbin/restorecon -F -R -v /usr/bin/VBoxService
/sbin/restorecon:  lstat(/usr/bin/VBoxService) failed:  No such file or directory
+ /sbin/restorecon -F -R -v /usr/lib/systemd/system/vboxservice.service
/sbin/restorecon:  lstat(/usr/lib/systemd/system/vboxservice.service) failed:  

so we need to label them correctly on your system.

chcon -t vboxadd_exec_t PATHTO/VBoxService
chcon -t vboxadd_unit_file_t PATHTO/vboxservice.service

Comment 15 Miroslav Grepl 2013-06-24 05:53:20 UTC

*** Bug 976939 has been marked as a duplicate of this bug. ***

Comment 16 Miroslav Grepl 2013-06-24 11:43:32 UTC

*** Bug 976936 has been marked as a duplicate of this bug. ***

Comment 17 Fedora End Of Life 2013-12-21 15:31:46 UTC

This message is a reminder that Fedora 18 is nearing its end of life.
Approximately 4 (four) weeks from now Fedora will stop maintaining
and issuing updates for Fedora 18. It is Fedora's policy to close all
bug reports from releases that are no longer maintained. At that time
this bug will be closed as WONTFIX if it remains open with a Fedora 
'version' of '18'.

Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained version, simply change the 'version' 
to a later Fedora version prior to Fedora 18's end of life.

Thank you for reporting this issue and we are sorry that we may not be 
able to fix it before Fedora 18 is end of life. If you would still like 
to see this bug fixed and are able to reproduce it against a later version 
of Fedora, you are encouraged  change the 'version' to a later Fedora 
version prior to Fedora 18's end of life.

Although we aim to fix as many bugs as possible during every release's 
lifetime, sometimes those efforts are overtaken by events. Often a 
more recent Fedora release includes newer upstream software that fixes 
bugs or makes them obsolete.

Comment 18 Fedora End Of Life 2014-02-05 23:10:07 UTC

Fedora 18 changed to end-of-life (EOL) status on 2014-01-14. Fedora 18 is
no longer maintained, which means that it will not receive any further
security or bug fix updates. As a result we are closing this bug.

If you can reproduce this bug against a currently maintained version of
Fedora please feel free to reopen this bug against that version. If you
are unable to reopen this bug, please file a new report against the
current release. If you experience problems, please add a comment to this
bug.

Thank you for reporting this bug and we are sorry it could not be fixed.