Fedora Account System
Red Hat Associate
Red Hat Customer
Description of problem: This occured during yum upgrade, but now I'm not sure anymore if it's related at all. While I'm writing this, another AVC denial occured which will follow shortly. SELinux is preventing docker from 'getattr' accesses on the directory /etc/audit. ***** Plugin catchall (100. confidence) suggests ************************** If you believe that docker should be allowed getattr access on the audit directory by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # grep docker /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context system_u:system_r:docker_t:s0 Target Context system_u:object_r:auditd_etc_t:s0 Target Objects /etc/audit [ dir ] Source docker Source Path docker Port <Unknown> Host (removed) Source RPM Packages Target RPM Packages audit-2.4.1-1.fc21.x86_64 audit-2.4.2-1.fc21.x86_64 Policy RPM selinux-policy-3.13.1-105.13.fc21.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 3.19.5-200.fc21.x86_64 #1 SMP Mon Apr 20 19:51:56 UTC 2015 x86_64 x86_64 Alert Count 1 First Seen 2015-05-14 07:33:48 CEST Last Seen 2015-05-14 07:33:48 CEST Local ID 434e106b-cdce-49ae-83df-62a37412a59e Raw Audit Messages type=AVC msg=audit(1431581628.134:1023): avc: denied { getattr } for pid=6133 comm="docker" path="/etc/audit" dev="dm-2" ino=2883611 scontext=system_u:system_r:docker_t:s0 tcontext=system_u:object_r:auditd_etc_t:s0 tclass=dir permissive=1 Hash: docker,docker_t,auditd_etc_t,dir,getattr Version-Release number of selected component: selinux-policy-3.13.1-105.13.fc21.noarch Additional info: reporter: libreport-2.3.0 hashmarkername: setroubleshoot kernel: 3.19.5-200.fc21.x86_64 type: libreport Potential duplicate: bug 1218132
*** This bug has been marked as a duplicate of bug 1221460 ***