Description of problem: I was running mock --shell as staff_t SELinux is preventing /usr/bin/tty from 'getattr' accesses on the chr_file /dev/pts/ptmx. ***** Plugin catchall (100. confidence) suggests ************************** If vous pensez que tty devrait être autorisé à accéder getattr sur ptmx chr_file par défaut. Then vous devriez rapporter ceci en tant qu'anomalie. Vous pouvez générer un module de stratégie local pour autoriser cet accès. Do autoriser cet accès pour le moment en exécutant : # grep tty /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context staff_u:staff_r:mock_build_t:s0-s0:c0.c1023 Target Context staff_u:object_r:devpts_t:s0 Target Objects /dev/pts/ptmx [ chr_file ] Source tty Source Path /usr/bin/tty Port <Unknown> Host (removed) Source RPM Packages coreutils-8.21-18.fc20.x86_64 Target RPM Packages Policy RPM selinux-policy-3.12.1-106.fc20.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Permissive Host Name (removed) Platform Linux (removed) 3.12.5-302.fc20.x86_64 #1 SMP Tue Dec 17 20:42:32 UTC 2013 x86_64 x86_64 Alert Count 6 First Seen 2013-12-22 15:43:09 CET Last Seen 2013-12-27 17:50:57 CET Local ID 1fbfadc9-c4d4-4f8d-b70a-4ae61fde59bf Raw Audit Messages type=AVC msg=audit(1388163057.335:4033): avc: denied { getattr } for pid=23740 comm="tty" path="/dev/pts/ptmx" dev="devpts" ino=2 scontext=staff_u:staff_r:mock_build_t:s0-s0:c0.c1023 tcontext=staff_u:object_r:devpts_t:s0 tclass=chr_file type=SYSCALL msg=audit(1388163057.335:4033): arch=x86_64 syscall=stat success=yes exit=0 a0=20e6080 a1=7fff85623480 a2=7fff85623480 a3=0 items=0 ppid=23739 pid=23740 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 ses=1 tty=pts10 comm=tty exe=/usr/bin/tty subj=staff_u:staff_r:mock_build_t:s0-s0:c0.c1023 key=(null) Hash: tty,mock_build_t,devpts_t,chr_file,getattr Additional info: reporter: libreport-2.1.10 hashmarkername: setroubleshoot kernel: 3.12.5-302.fc20.x86_64 type: libreport
*** Bug 1046950 has been marked as a duplicate of this bug. ***
*** Bug 1046951 has been marked as a duplicate of this bug. ***
I am also getting them and I am adding fixes to make mock --shell working correctly.
Description of problem: After I set the mock_enable_homedirs boolean this occurred fairly early during a (successful) mock build. Nice job making mock work from staff_t! Additional info: reporter: libreport-2.2.1 hashmarkername: setroubleshoot kernel: 3.13.10-200.fc20.x86_64 type: libreport
commit 6298c97b1eceef84c96f843d3478388d468b8542 Author: Miroslav Grepl <mgrepl> Date: Mon Jan 6 16:42:18 2014 +0100 Allow mock-build to write all inherited ttys and ptys
selinux-policy-3.12.1-158.fc20 has been submitted as an update for Fedora 20. https://admin.fedoraproject.org/updates/selinux-policy-3.12.1-158.fc20
Package selinux-policy-3.12.1-158.fc20: * should fix your issue, * was pushed to the Fedora 20 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing selinux-policy-3.12.1-158.fc20' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2014-5660/selinux-policy-3.12.1-158.fc20 then log in and leave karma (feedback).
selinux-policy-3.12.1-158.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report.