Bug 967778
Summary: | SELinux is preventing /usr/sbin/iscsid from 'search' accesses on the directory /usr/lib/modules. | ||||||
---|---|---|---|---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | David Jaša <djasa> | ||||
Component: | selinux-policy | Assignee: | Miroslav Grepl <mgrepl> | ||||
Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||
Severity: | unspecified | Docs Contact: | |||||
Priority: | unspecified | ||||||
Version: | 19 | CC: | djasa, dominick.grift, dwalsh, mgrepl, mmalik | ||||
Target Milestone: | --- | ||||||
Target Release: | --- | ||||||
Hardware: | x86_64 | ||||||
OS: | Unspecified | ||||||
Whiteboard: | abrt_hash:0a4ec7012879c82d4f876c8db9afa53576e99cc565ca0bf222e31cb4cf6f325f | ||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2013-06-24 12:08:21 UTC | Type: | --- | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Attachments: |
|
Description
David Jaša
2013-05-28 10:11:20 UTC
'restorecon -FR /lib/modules' has fixed the issue for me Ok, the question is how it got mislabeling. Is it a fresh install? The fresh install of F19 RC4 (that was subsequently declared beta) was fine, the problem occurred after I updated the system yesterday (with updates-testing enabled IIRC). I'll attach full yum.log for reference. Created attachment 754275 [details]
full yum.log
I guess the other question is there a reason they are labeled incorrectly. Rebuilding a kernel could cause the problem. Milos, AFAIK we had this issue on RHEL and we have reproducer for this? David, are you able to get it again? I didn't get it again on the same machine, should I try to reproduce with another one, including the installation of Beta and upgrade? Yes, please. Thank you. #============= iscsid_t ============== #!!!! This avc is allowed in the current policy allow iscsid_t modules_object_t:dir search; |