1256334 – Failed to write '0' to '/proc/sys/kernel/yama/ptrace_scope': Operation not permitted

Bug 1256334 - Failed to write '0' to '/proc/sys/kernel/yama/ptrace_scope': Operation not permitted

Summary: Failed to write '0' to '/proc/sys/kernel/yama/ptrace_scope': Operation not pe...

Keywords:
Status:	CLOSED DUPLICATE of bug 1253926
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	selinux-policy
Sub Component:
Version:	22
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Assignee:	Miroslav Grepl
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2015-08-24 11:31 UTC by Sudhir Khanger
Modified:	2015-08-24 14:30 UTC (History)
CC List:	11 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2015-08-24 14:30:28 UTC
Type:	Bug
Embargoed:
Dependent Products:

Attachments	(Terms of Use)
journalctl -xe (129.98 KB, text/plain) 2015-08-24 11:31 UTC, Sudhir Khanger	no flags	Details
View All

Description Sudhir Khanger 2015-08-24 11:31:13 UTC

Description of problem: Failed to start Apply Kernel Variables. systemd-sysctl.service fails to load


Version-Release number of selected component (if applicable):
kernel-4.1.4-200.fc22.x86_64
systemd-219-21.fc22.x86_64


How reproducible: Always


Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info:

systemctl status systemd-sysctl.service
● systemd-sysctl.service - Apply Kernel Variables
   Loaded: loaded (/usr/lib/systemd/system/systemd-sysctl.service; static; vendor preset: disabled)
   Active: failed (Result: exit-code) since Mon 2015-08-24 16:49:14 IST; 7min ago
     Docs: man:systemd-sysctl.service(8)
           man:sysctl.d(5)
  Process: 3569 ExecStart=/usr/lib/systemd/systemd-sysctl (code=exited, status=1/FAILURE)
 Main PID: 3569 (code=exited, status=1/FAILURE)

Aug 24 16:49:14 fedora systemd[1]: Starting Apply Kernel Variables...
Aug 24 16:49:14 fedora systemd[1]: systemd-sysctl.service: main process exited, code=exited, status=1/FAILURE
Aug 24 16:49:14 fedora systemd[1]: Failed to start Apply Kernel Variables.
Aug 24 16:49:14 fedora systemd[1]: Unit systemd-sysctl.service entered failed state.
Aug 24 16:49:14 fedora systemd[1]: systemd-sysctl.service failed.

Comment 1 Sudhir Khanger 2015-08-24 11:31:54 UTC

Created attachment 1066331 [details]
journalctl -xe

Comment 2 Josh Boyer 2015-08-24 13:41:36 UTC

You're getting an avc denial for this.  Probably an SELinux policy problem.  Let's see what they have to say.

-- Unit systemd-sysctl.service has begun starting up.
Aug 24 16:58:44 fedora audit[4157]: <audit-1400> avc:  denied  { sys_ptrace } for  pid=4157 comm="systemd-sysctl" capability=19  scontext=system_u:system_r:systemd_sysctl_t:s0 tcontext=system_u:system_r:systemd_sysctl_t:s0 tclass=capability permissive=0
Aug 24 16:58:44 fedora systemd-sysctl[4157]: Failed to write '0' to '/proc/sys/kernel/yama/ptrace_scope': Operation not permitted
Aug 24 16:58:44 fedora systemd[1]: systemd-sysctl.service: main process exited, code=exited, status=1/FAILURE
Aug 24 16:58:44 fedora systemd[1]: Failed to start Apply Kernel Variables.
-- Subject: Unit systemd-sysctl.service has failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit systemd-sysctl.service has failed.

Comment 3 Lukas Vrabec 2015-08-24 14:30:28 UTC


*** This bug has been marked as a duplicate of bug 1253926 ***

Note You need to log in before you can comment on or make changes to this bug.