Description of problem: Just booted my system and logged into my Xfce session SELinux is preventing tuned from 'write' accesses on the directory /home. ***** Plugin catchall (100. confidence) suggests ************************** If sie denken, dass es tuned standardmässig erlaubt sein sollte, write Zugriff auf home directory zu erhalten. Then sie sollten dies als Fehler melden. Um diesen Zugriff zu erlauben, können Sie ein lokales Richtlinien-Modul erstellen. Do zugriff jetzt erlauben, indem Sie die nachfolgenden Befehle ausführen: # grep tuned /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context system_u:system_r:tuned_t:s0 Target Context system_u:object_r:home_root_t:s0 Target Objects /home [ dir ] Source tuned Source Path tuned Port <Unbekannt> Host (removed) Source RPM Packages python-2.7.5-7.fc20.x86_64 Target RPM Packages filesystem-3.2-19.fc20.x86_64 Policy RPM selinux-policy-3.12.1-84.fc20.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 3.11.2-301.fc20.x86_64 #1 SMP Fri Sep 27 19:45:03 UTC 2013 x86_64 x86_64 Alert Count 5 First Seen 2013-10-01 06:34:23 CEST Last Seen 2013-10-01 11:27:33 CEST Local ID 94fa79f2-bf60-4717-9da5-a85c072ca9bf Raw Audit Messages type=AVC msg=audit(1380619653.579:187): avc: denied { write } for pid=575 comm="tuned" name="/" dev="dm-2" ino=2 scontext=system_u:system_r:tuned_t:s0 tcontext=system_u:object_r:home_root_t:s0 tclass=dir type=SYSCALL msg=audit(1380619653.579:187): arch=x86_64 syscall=access success=no exit=EACCES a0=7fff4564977d a1=2 a2=0 a3=0 items=0 ppid=1 pid=575 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 ses=4294967295 tty=(none) comm=tuned exe=/usr/bin/python2.7 subj=system_u:system_r:tuned_t:s0 key=(null) Hash: tuned,tuned_t,home_root_t,dir,write Additional info: reporter: libreport-2.1.7 hashmarkername: setroubleshoot kernel: 3.11.2-301.fc20.x86_64 type: libreport
Why would tuned want to write to /home? Is this a mount point? Looks like it is doing an access check on all mount points.
*** Bug 1014021 has been marked as a duplicate of this bug. ***
*** Bug 1014022 has been marked as a duplicate of this bug. ***
*** Bug 1014026 has been marked as a duplicate of this bug. ***
*** Bug 1014025 has been marked as a duplicate of this bug. ***
54f159575a3435116ece89966a4b2e0a67a931e4 fixes this in git.
Description of problem: The problem occures after: systemctl start tuned Additional info: reporter: libreport-2.1.7 hashmarkername: setroubleshoot kernel: 3.11.3-301.fc20.x86_64 type: libreport
selinux-policy-3.12.1-90.fc20 has been submitted as an update for Fedora 20. https://admin.fedoraproject.org/updates/selinux-policy-3.12.1-90.fc20
Package selinux-policy-3.12.1-90.fc20: * should fix your issue, * was pushed to the Fedora 20 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing selinux-policy-3.12.1-90.fc20' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2013-19129/selinux-policy-3.12.1-90.fc20 then log in and leave karma (feedback).
selinux-policy-3.12.1-90.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report.