1116630 – Some AVCs show up in early boot, but I am having trouble getting sealert to parse them

Bug 1116630 - Some AVCs show up in early boot, but I am having trouble getting sealert to parse them

Summary: Some AVCs show up in early boot, but I am having trouble getting sealert to p...

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	selinux-policy
Sub Component:
Version:	22
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Assignee:	Miroslav Grepl
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2014-07-06 15:35 UTC by Bruno Wolff III
Modified:	2015-07-21 11:43 UTC (History)
CC List:	4 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2015-07-21 11:43:06 UTC
Type:	Bug
Embargoed:
Dependent Products:

Attachments	(Terms of Use)
Full dmesg output (53.06 KB, text/plain) 2014-07-06 15:35 UTC, Bruno Wolff III	no flags	Details
View All

Description Bruno Wolff III 2014-07-06 15:35:34 UTC

Created attachment 914968 [details]
Full dmesg output

Description of problem:
While booting I get a few AVCs that seem mostly related to asking for luks credentials. They show up in dmesg, but am having trouble getting sealert -b to see them. (Maybe I flagged them to delete a while back?)

dmesg | grep -i avc
[   40.982877] audit: type=1400 audit(1404658663.388:3): avc:  denied  { getattr } for  pid=772 comm="mdadm" path="/run/systemd/initctl/fifo" dev="tmpfs" ino=13456 scontext=system_u:system_r:mdadm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:init_var_run_t:s0 tclass=fifo_file permissive=1
[   44.215112] audit: type=1400 audit(1404658666.621:4): avc:  denied  { search } for  pid=901 comm="systemd-tty-ask" name="899" dev="proc" ino=16084 scontext=system_u:system_r:systemd_passwd_agent_t:s0 tcontext=system_u:system_r:lvm_t:s0 tclass=dir permissive=1
[   44.235895] audit: type=1400 audit(1404658666.641:5): avc:  denied  { read } for  pid=901 comm="systemd-tty-ask" name="stat" dev="proc" ino=16122 scontext=system_u:system_r:systemd_passwd_agent_t:s0 tcontext=system_u:system_r:lvm_t:s0 tclass=file permissive=1
[   44.257339] audit: type=1400 audit(1404658666.663:6): avc:  denied  { open } for  pid=901 comm="systemd-tty-ask" path="/proc/899/stat" dev="proc" ino=16122 scontext=system_u:system_r:systemd_passwd_agent_t:s0 tcontext=system_u:system_r:lvm_t:s0 tclass=file permissive=1
[   44.279921] audit: type=1400 audit(1404658666.685:7): avc:  denied  { getattr } for  pid=901 comm="systemd-tty-ask" path="/proc/899/stat" dev="proc" ino=16122 scontext=system_u:system_r:systemd_passwd_agent_t:s0 tcontext=system_u:system_r:lvm_t:s0 tclass=file permissive=1
[   44.982905] audit: type=1400 audit(1404658667.387:8): avc:  denied  { write } for  pid=899 comm="systemd-cryptse" scontext=system_u:system_r:lvm_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=socket permissive=1
[   44.998639] audit: type=1400 audit(1404658667.404:9): avc:  denied  { read } for  pid=899 comm="systemd-cryptse" scontext=system_u:system_r:lvm_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=socket permissive=1

Comment 1 Miroslav Grepl 2014-07-21 15:48:03 UTC

Yes, we know about this kernel issue.

Comment 2 Lukas Vrabec 2014-11-19 15:09:47 UTC

Miroslav, what is state of this bug?

Comment 3 Jaroslav Reznik 2015-03-03 16:06:31 UTC

This bug appears to have been reported against 'rawhide' during the Fedora 22 development cycle.
Changing version to '22'.

More information and reason for this action is here:
https://fedoraproject.org/wiki/Fedora_Program_Management/HouseKeeping/Fedora22

Comment 4 Miroslav Grepl 2015-07-21 11:43:06 UTC

I believe it has been already fixed.

Note You need to log in before you can comment on or make changes to this bug.