Bug 1258130 - SELinux is preventing modprobe from read access on the file /usr/lib/modules/4.1.6-200.fc22.x86_64/modules.dep.bin
SELinux is preventing modprobe from read access on the file /usr/lib/modules/...
Status: CLOSED EOL
Product: Fedora
Classification: Fedora
Component: selinux-policy (Show other bugs)
22
x86_64 Linux
high Severity medium
: ---
: ---
Assigned To: Lukas Vrabec
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2015-08-29 08:23 EDT by André Martins
Modified: 2016-07-19 16:23 EDT (History)
6 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2016-07-19 16:23:54 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Output of # restorecon -R -v /usr/lib/modules (4.29 KB, text/plain)
2015-10-20 12:21 EDT, André Martins
no flags Details

  None (edit)
Description André Martins 2015-08-29 08:23:29 EDT
Description of problem:

I'm having those errors on my journalctl:
SELinux is preventing modprobe from read access on the file /usr/lib/modules/4.1.6-200.fc22.x86_64/modules.dep.bin

SELinux is preventing modprobe from read access on the file /usr/lib/modules/4.1.6-200.fc22.x86_64/modules.softdep

SELinux is preventing modprobe from read access on the file /usr/lib/modules/4.1.6-200.fc22.x86_64/modules.alias.bin

SELinux is preventing plymouth from connectto access on the unix_stream_socket @/org/freedesktop/plymouthd


Version-Release number of selected component (if applicable):
selinux-policy-3.13.1-128.12.fc22.noarch

How reproducible:
Always
Comment 1 Miroslav Grepl 2015-08-31 07:52:53 EDT
Could you attach also AVC msgs?

Try to reproduce it and run

# ausearch -m avc -ts recent
Comment 2 André Martins 2015-08-31 09:01:50 EDT
Hey Miroslav,
unfortunately (or fortunately) the bug doesn't occur anymore.
I'm not sure if it was because I ran
"sudo grep modprobe /var/log/audit/audit.log | audit2allow -M mypol"
"sudo grep plymouth /var/log/audit/audit.log | audit2allow -M mypol"

Do you want more info or should I close this bug?
Comment 3 Miroslav Grepl 2015-09-11 04:33:46 EDT
Did it happen after update/upgrade?

What does

# restorecon -R -v /usr/lib/modules

we have more bugs like this. We will need to consolidate labeling here.
Comment 4 André Martins 2015-10-20 12:21 EDT
Created attachment 1084817 [details]
Output of # restorecon -R -v /usr/lib/modules
Comment 5 Miroslav Grepl 2015-11-10 04:00:27 EST
We have opened policy issue for it.

https://github.com/fedora-selinux/selinux-policy/issues/49
Comment 6 Lukas Vrabec 2015-12-03 09:55:23 EST
Added to Fedora Rawhide.

commit 45bf79c0a6cec51b02eae2fce323718d0e3ad3d7
Author: Lukas Vrabec <lvrabec@redhat.com>
Date:   Thu Dec 3 13:31:38 2015 +0100

    Merge insmod_t and depmod_t to kmod_t
Comment 7 Miroslav Grepl 2015-12-11 03:30:14 EST
(In reply to Lukas Vrabec from comment #6)
> Added to Fedora Rawhide.
> 
> commit 45bf79c0a6cec51b02eae2fce323718d0e3ad3d7
> Author: Lukas Vrabec <lvrabec@redhat.com>
> Date:   Thu Dec 3 13:31:38 2015 +0100
> 
>     Merge insmod_t and depmod_t to kmod_t

Has been reverted and reopened.
Comment 8 Fedora End Of Life 2016-07-19 16:23:54 EDT
Fedora 22 changed to end-of-life (EOL) status on 2016-07-19. Fedora 22 is
no longer maintained, which means that it will not receive any further
security or bug fix updates. As a result we are closing this bug.

If you can reproduce this bug against a currently maintained version of
Fedora please feel free to reopen this bug against that version. If you
are unable to reopen this bug, please file a new report against the
current release. If you experience problems, please add a comment to this
bug.

Thank you for reporting this bug and we are sorry it could not be fixed.

Note You need to log in before you can comment on or make changes to this bug.