Hide Forgot
Description of problem: Started tuned SELinux is preventing /usr/bin/python2.7 from 'write' accesses on the directory /dev/hugepages. ***** Plugin catchall (100. confidence) suggests ************************** If sie denken, dass es python2.7 standardmässig erlaubt sein sollte, write Zugriff auf hugepages directory zu erhalten. Then sie sollten dies als Fehler melden. Um diesen Zugriff zu erlauben, können Sie ein lokales Richtlinien-Modul erstellen. Do zugriff jetzt erlauben, indem Sie die nachfolgenden Befehle ausführen: # grep tuned /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context system_u:system_r:tuned_t:s0 Target Context system_u:object_r:hugetlbfs_t:s0 Target Objects /dev/hugepages [ dir ] Source tuned Source Path /usr/bin/python2.7 Port <Unbekannt> Host (removed) Source RPM Packages python-2.7.5-7.fc20.x86_64 Target RPM Packages Policy RPM selinux-policy-3.12.1-84.fc20.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 3.11.1-300.fc20.x86_64 #1 SMP Sat Sep 14 15:01:23 UTC 2013 x86_64 x86_64 Alert Count 1 First Seen 2013-10-01 00:06:50 CEST Last Seen 2013-10-01 00:06:50 CEST Local ID ec5fc402-1e38-4d1f-bae4-81fb02976e64 Raw Audit Messages type=AVC msg=audit(1380578810.501:759): avc: denied { write } for pid=8513 comm="tuned" name="/" dev="hugetlbfs" ino=9736 scontext=system_u:system_r:tuned_t:s0 tcontext=system_u:object_r:hugetlbfs_t:s0 tclass=dir type=SYSCALL msg=audit(1380578810.501:759): arch=x86_64 syscall=access success=no exit=EACCES a0=7fff3e45d6ca a1=2 a2=0 a3=0 items=0 ppid=1 pid=8513 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 ses=4294967295 tty=(none) comm=tuned exe=/usr/bin/python2.7 subj=system_u:system_r:tuned_t:s0 key=(null) Hash: tuned,tuned_t,hugetlbfs_t,dir,write Additional info: reporter: libreport-2.1.7 hashmarkername: setroubleshoot kernel: 3.11.1-300.fc20.x86_64 type: libreport
ce32d2745fe6e5a634a01b3d01f8ee1b41e43190 fixes this in git.
selinux-policy-3.12.1-90.fc20 has been submitted as an update for Fedora 20. https://admin.fedoraproject.org/updates/selinux-policy-3.12.1-90.fc20
Package selinux-policy-3.12.1-90.fc20: * should fix your issue, * was pushed to the Fedora 20 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing selinux-policy-3.12.1-90.fc20' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2013-19129/selinux-policy-3.12.1-90.fc20 then log in and leave karma (feedback).
selinux-policy-3.12.1-90.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report.