Hide Forgot
Description of problem: I *think* I changed the name of my system in gnome > settings > details. SELinux is preventing systemd-hostnam from 'unlink' accesses on the file hostname. ***** Plugin catchall_labels (83.8 confidence) suggests ******************* If you want to allow systemd-hostnam to have unlink access on the hostname file Then you need to change the label on hostname Do # semanage fcontext -a -t FILE_TYPE 'hostname' where FILE_TYPE is one of the following: hostname_etc_t. Then execute: restorecon -v 'hostname' ***** Plugin catchall (17.1 confidence) suggests ************************** If you believe that systemd-hostnam should be allowed unlink access on the hostname file by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # grep systemd-hostnam /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context system_u:system_r:systemd_hostnamed_t:s0 Target Context unconfined_u:object_r:etc_t:s0 Target Objects hostname [ file ] Source systemd-hostnam Source Path systemd-hostnam Port <Unknown> Host (removed) Source RPM Packages Target RPM Packages Policy RPM selinux-policy-3.13.1-75.fc21.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 3.16.1-300.fc21.x86_64 #1 SMP Thu Aug 14 15:06:34 UTC 2014 x86_64 x86_64 Alert Count 1 First Seen 2014-08-25 13:41:50 AEST Last Seen 2014-08-25 13:41:50 AEST Local ID b99309ab-e1a4-4019-aeea-474702eac1cb Raw Audit Messages type=AVC msg=audit(1408938110.171:647): avc: denied { unlink } for pid=16185 comm="systemd-hostnam" name="hostname" dev="sda3" ino=2891586 scontext=system_u:system_r:systemd_hostnamed_t:s0 tcontext=unconfined_u:object_r:etc_t:s0 tclass=file permissive=0 Hash: systemd-hostnam,systemd_hostnamed_t,etc_t,file,unlink Version-Release number of selected component: selinux-policy-3.13.1-75.fc21.noarch Additional info: reporter: libreport-2.2.3 hashmarkername: setroubleshoot kernel: 3.16.1-300.fc21.x86_64 type: libreport Potential duplicate: bug 917275
Your /etc/hostname is mislabeled. # restorecon -v /etc/hostname will fix it. Did you place this file by hand or did it happen by default?
Naw. I didn't place it by hand. It was some system utility - probably gnome settings.
I've run restorecon. If it comes up again, I'll let you know.
This just happened to me, first login after installing Fedora 21 Alpha TC7. Seems like something is creating /etc/hostname with the wrong label during the installation?
Description of problem: Running # hostnamectl set-hostname F21TC6 --static with no error message in F20 this wsa possible Version-Release number of selected component: selinux-policy-3.13.1-82.fc21.noarch Additional info: reporter: libreport-2.2.3 hashmarkername: setroubleshoot kernel: 3.16.3-300.fc21.x86_64 type: libreport
Description of problem: Changed hostname with hostnamectl as root Version-Release number of selected component: selinux-policy-3.13.1-82.fc21.noarch Additional info: reporter: libreport-2.2.3 hashmarkername: setroubleshoot kernel: 3.16.3-300.fc21.x86_64 type: libreport
Something tells me this is being created with an alternate name and renamed to /etc/hostname.
Description of problem: Changed hostname within 'details'/ 'All Settings' Version-Release number of selected component: selinux-policy-3.13.1-84.fc21.noarch Additional info: reporter: libreport-2.2.3 hashmarkername: setroubleshoot kernel: 3.16.3-302.fc21.x86_64 type: libreport
(In reply to Daniel Walsh from comment #7) > Something tells me this is being created with an alternate name and renamed > to /etc/hostname. Yes, of course. The file is created as /etc/hostname.XXXXXXX and written and then atomically renamed to /etc/hostname.
static int context_write_data_static_hostname(Context *c) { write_string_file_atomic_label("/etc/hostname", c->data[PROP_STATIC_HOSTNAME]); } int write_string_file_atomic_label(const char *fn, const char *line) { label_context_set(fn, S_IFREG); write_string_file_atomic(fn, line); label_context_clear(); }
Well this looks like it is mislabeled before systemd touches it, systemd has the proper labeling code to handle it and make sure it is labeled correctly after it modifies it, But systemd-hostname is prevented from removing the original file since it is labeled incorrectly during the install.
Yes, /etc/hostname seems to be created 'unconfined'. I think anaconda creates the file, reassigning. Summary: Installation from F21 Live results in /etc/hostname which has SELinux context unconfined_u:object_r:etc_t:s0 instead of the expected system_u:object_r:hostname_etc_t:s0. This causes problems later when systemd-hostnamed tries to replace the file to set a new value.
anaconda-21.48.10-1.fc21 has been submitted as an update for Fedora 21. https://admin.fedoraproject.org/updates/anaconda-21.48.10-1.fc21
Package anaconda-21.48.10-1.fc21, pykickstart-1.99.63-2.fc21, python-blivet-0.61.5-1.fc21: * should fix your issue, * was pushed to the Fedora 21 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing anaconda-21.48.10-1.fc21 pykickstart-1.99.63-2.fc21 python-blivet-0.61.5-1.fc21' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2014-12944/pykickstart-1.99.63-2.fc21,python-blivet-0.61.5-1.fc21,anaconda-21.48.10-1.fc21 then log in and leave karma (feedback).
Description of problem: Attempted to run 'sudo hostnamectl --static set-hostname ansalon.home'. The command returned with 'Could not set property: Access denied'. Version-Release number of selected component: selinux-policy-3.13.1-85.fc21.noarch Additional info: reporter: libreport-2.2.3 hashmarkername: setroubleshoot kernel: 3.17.0-301.fc21.x86_64 type: libreport
Description of problem: I tried to set the hostname of my PC using the hostnamectl command Version-Release number of selected component: selinux-policy-3.13.1-86.fc21.noarch Additional info: reporter: libreport-2.3.0 hashmarkername: setroubleshoot kernel: 3.17.1-300.fc21.x86_64 type: libreport
user@localhost ~ $ sudo hostnamectl set-hostname --static "Hostname" We trust you have received the usual lecture from the local System Administrator. It usually boils down to these three things: #1) Respect the privacy of others. #2) Think before you type. #3) With great power comes great responsibility. [sudo] password for user: Could not set property: Access denied user@localhost ~ $ su Password: root ~ # hostnamectl set-hostname --static "Hostname" Could not set property: Access denied root ~ # /sbin/restorecon -v /etc/hostname /sbin/restorecon reset /etc/hostname context unconfined_u:object_r:etc_t:s0->unconfined_u:object_r:hostname_etc_t:s0 root ~ # semanage fcontext -a -t FILE_TYPE '/etc/hostname' ValueError: Type FILE_TYPE is invalid, must be a file or device type root ~ # semanage fcontext -a -t hostname_etc_t '/etc/hostname' root ~ # restorecon -v '/etc/hostname' root ~ # grep systemd-hostnam /var/log/audit/audit.log | audit2allow -M mypol ******************** IMPORTANT *********************** To make this policy package active, execute: semodule -i mypol.pp root ~ # semodule -i mypol.pp root ~ # hostnamectl set-hostname --static "Hostname" root ~ # exit
Description of problem: Tried to change the hostname using the hostnamectl command Version-Release number of selected component: selinux-policy-3.13.1-86.fc21.noarch Additional info: reporter: libreport-2.3.0 hashmarkername: setroubleshoot kernel: 3.17.1-302.fc21.x86_64 type: libreport
anaconda-21.48.10-1.fc21, pykickstart-1.99.63-2.fc21, python-blivet-0.61.5-1.fc21 has been pushed to the Fedora 21 stable repository. If problems still persist, please make note of it in this bug report.
Description of problem: $ su - Password: Enter password # hostnamectl set-hostname --static fdrdev01 Could not set property: Access denied Version-Release number of selected component: selinux-policy-3.13.1-90.fc21.noarch Additional info: reporter: libreport-2.3.0 hashmarkername: setroubleshoot kernel: 3.16.1-301.fc21.x86_64 type: libreport
Richard, Vasilis, Kristjan, Taniguchi: as you can see from comment #12, the selinux policy is fine, and its version is irrelevant. anaconda was changed to run restorecon on /etc/hostname, but that happens only when anaconda is run. You can simply run 'restorecon /etc/hostname' by hand.
Description of problem: Installed Fedora 21 (Alpha) and forgot to set hostname in the initial configuration Later, tried to set the system hostname through the command: sudo hostnamectl set-hostname --static "somethimg.somewhere.net" Version-Release number of selected component: selinux-policy-3.13.1-90.fc21.noarch Additional info: reporter: libreport-2.3.0 hashmarkername: setroubleshoot kernel: 3.17.1-304.fc21.x86_64 type: libreport
Charles, see comment #21. (Alpha was released on Sep 23, before the update we're talking about here was released.)