Description of problem: SELinux is preventing /usr/sbin/bumblebeed from 'getattr' accesses on the file /etc/group. ***** Plugin catchall (100. confidence) suggests ************************** If aby bumblebeed powinno mieć domyślnie getattr dostęp do group file. Then proszę to zgłosić jako błąd. Można utworzyć lokalny moduł polityki, aby umożliwić ten dostęp. Do można tymczasowo zezwolić na ten dostęp wykonując polecenia: # grep bumblebeed /var/log/audit/audit.log | audit2allow -M mojapolityka # semodule -i mojapolityka.pp Additional Information: Source Context system_u:system_r:bumblebee_t:s0 Target Context system_u:object_r:passwd_file_t:s0 Target Objects /etc/group [ file ] Source bumblebeed Source Path /usr/sbin/bumblebeed Port <Unknown> Host (removed) Source RPM Packages bumblebee-3.2.1-4.fc20.x86_64 Target RPM Packages setup-2.8.71-2.fc20.noarch Policy RPM selinux-policy-3.12.1-106.fc20.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 3.11.10-301.fc20.x86_64 #1 SMP Thu Dec 5 14:01:17 UTC 2013 x86_64 x86_64 Alert Count 2 First Seen 2013-12-15 13:46:53 CET Last Seen 2013-12-15 13:54:31 CET Local ID cf218de0-7c7c-4eb4-b8b3-f900ceae9b44 Raw Audit Messages type=AVC msg=audit(1387112071.715:547): avc: denied { getattr } for pid=6003 comm="bumblebeed" path="/etc/group" dev="dm-2" ino=939235 scontext=system_u:system_r:bumblebee_t:s0 tcontext=system_u:object_r:passwd_file_t:s0 tclass=file type=SYSCALL msg=audit(1387112071.715:547): arch=x86_64 syscall=fstat success=yes exit=0 a0=4 a1=7fff2cba5420 a2=7fff2cba5420 a3=0 items=0 ppid=1 pid=6003 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 ses=4294967295 tty=(none) comm=bumblebeed exe=/usr/sbin/bumblebeed subj=system_u:system_r:bumblebee_t:s0 key=(null) Hash: bumblebeed,bumblebee_t,passwd_file_t,file,getattr Additional info: reporter: libreport-2.1.9 hashmarkername: setroubleshoot kernel: 3.11.10-301.fc20.x86_64 type: libreport
Blazej, are you getting more AVC msgs for bumblebeed? # ausearch -su bumblebee_t This policy is permissive so nothing is blocked. I added fix for this AVC.
Created attachment 837455 [details] log ausearch -te today -su bumblebee_t
(In reply to Miroslav Grepl from comment #1) > Blazej, > are you getting more AVC msgs for bumblebeed? > > # ausearch -su bumblebee_t > > This policy is permissive so nothing is blocked. > > I added fix for this AVC. Miroslav, Yes, I have more.
Description of problem: when i run sudo grep bumblebeed /var/log/audit/audit.log | audit2allow -M mypol ive got compilation failed Complete! [ghorhe@trolldemnoobz ~]$ sudo grep bumblebeed /var/log/audit/audit.log | audit2allow -M mypol compilation failed: sh: /usr/bin/checkmodule: No such file or directory [ghorhe@trolldemnoobz ~]$ Additional info: reporter: libreport-2.1.10 hashmarkername: setroubleshoot kernel: 3.11.10-301.fc20.x86_64 type: libreport
it solved when I install checkpolicy
selinux-policy-3.12.1-116.fc20 has been submitted as an update for Fedora 20. https://admin.fedoraproject.org/updates/selinux-policy-3.12.1-116.fc20
Package selinux-policy-3.12.1-116.fc20: * should fix your issue, * was pushed to the Fedora 20 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing selinux-policy-3.12.1-116.fc20' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2014-0806/selinux-policy-3.12.1-116.fc20 then log in and leave karma (feedback).
selinux-policy-3.12.1-116.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report.