Bug 974825
| Summary: | SELinux is preventing systemd-tmpfile from 'relabelfrom' accesses on the file lock. | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Francisco de la Peña <fran> |
| Component: | selinux-policy | Assignee: | Miroslav Grepl <mgrepl> |
| Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 19 | CC: | dominick.grift, dwalsh, mgrepl, mikhail.v.gavrilov, m.vitta, sayak.bugsmith |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | x86_64 | ||
| OS: | Unspecified | ||
| Whiteboard: | abrt_hash:ec07332edf5fb8bcb02cee1c651cda17290fe59c74cbcdd425b1de1264c4c697 | ||
| Fixed In Version: | selinux-policy-3.12.1-54.fc19 | Doc Type: | Bug Fix |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2013-06-23 06:27:11 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
Fixed in Fixed in selinux-policy-3.12.1-53.fc19 selinux-policy-3.12.1-53.fc19 has been submitted as an update for Fedora 19. https://admin.fedoraproject.org/updates/selinux-policy-3.12.1-53.fc19 Package selinux-policy-3.12.1-54.fc19: * should fix your issue, * was pushed to the Fedora 19 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing selinux-policy-3.12.1-54.fc19' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2013-11355/selinux-policy-3.12.1-54.fc19 then log in and leave karma (feedback). selinux-policy-3.12.1-54.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report. |
Description of problem: SELinux is preventing systemd-tmpfile from 'relabelfrom' accesses on the file lock. ***** Plugin catchall (100. confidence) suggests *************************** If cree que de manera predeterminada, systemd-tmpfile debería permitir acceso relabelfrom sobre lock file. Then debería reportar esto como un error. Puede generar un módulo de política local para permitir este acceso. Do permita el acceso momentáneamente executando: # grep systemd-tmpfile /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context system_u:system_r:systemd_tmpfiles_t:s0 Target Context system_u:object_r:iscsi_lock_t:s0 Target Objects lock [ file ] Source systemd-tmpfile Source Path systemd-tmpfile Port <Desconocido> Host (removed) Source RPM Packages Target RPM Packages Policy RPM selinux-policy-3.12.1-48.fc19.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 3.9.5-301.fc19.x86_64 #1 SMP Tue Jun 11 19:39:38 UTC 2013 x86_64 x86_64 Alert Count 1 First Seen 2013-06-15 11:09:37 CST Last Seen 2013-06-15 11:09:37 CST Local ID c2af25ee-1a9c-4096-baa6-7e830e63e05f Raw Audit Messages type=AVC msg=audit(1371316177.973:5): avc: denied { relabelfrom } for pid=570 comm="systemd-tmpfile" name="lock" dev="tmpfs" ino=14913 scontext=system_u:system_r:systemd_tmpfiles_t:s0 tcontext=system_u:object_r:iscsi_lock_t:s0 tclass=file Hash: systemd-tmpfile,systemd_tmpfiles_t,iscsi_lock_t,file,relabelfrom Additional info: reporter: libreport-2.1.4 hashmarkername: setroubleshoot kernel: 3.9.5-301.fc19.x86_64 type: libreport