Description of problem: trying to attach and mount iscsi drive systemctl start iscsid.service iscsiadm -m node --targetname "iqn......" --portal "IP:3260" --login SELinux is preventing iscsid from 'create' accesses on the netlink_iscsi_socket Unknown. ***** Plugin catchall (100. confidence) suggests ************************** If je denkt dat iscsid standaard create toegang moet hebben tot de Unknown netlink_iscsi_socket. Then je moet dit melden als een fout. Je kunt een locale tactiek module genereren om deze toegang toe te staan. Do sta deze toegang nu toe door het uitvoeren van: # grep iscsid /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context system_u:system_r:iscsid_t:s0 Target Context system_u:system_r:iscsid_t:s0 Target Objects Unknown [ netlink_iscsi_socket ] Source iscsid Source Path iscsid Port <Unknown> Host (removed) Source RPM Packages Target RPM Packages Policy RPM selinux-policy-3.13.1-128.16.fc22.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 4.2.3-200.fc22.x86_64 #1 SMP Thu Oct 8 03:23:55 UTC 2015 x86_64 x86_64 Alert Count 135 First Seen 2015-10-16 16:18:40 CEST Last Seen 2015-10-19 17:26:04 CEST Local ID ae8de7d3-b405-43d7-b104-e40d0f091bfd Raw Audit Messages type=AVC msg=audit(1445268364.198:660): avc: denied { create } for pid=5120 comm="iscsid" scontext=system_u:system_r:iscsid_t:s0 tcontext=system_u:system_r:iscsid_t:s0 tclass=netlink_iscsi_socket permissive=0 Hash: iscsid,iscsid_t,iscsid_t,netlink_iscsi_socket,create Version-Release number of selected component: selinux-policy-3.13.1-128.16.fc22.noarch Additional info: reporter: libreport-2.6.2 hashmarkername: setroubleshoot kernel: 4.2.3-200.fc22.x86_64 type: libreport Potential duplicate: bug 1266670
Vit, we have fixes in Rawhide. Could you backport them? Thank you.
https://github.com/fedora-selinux/selinux-policy/pull/69#event-469023234 commit 87a8c2c7f70cf5d71cc2ba87f5a7f210dcc19eec Merge: e3ee3c5 19d02be Author: Miroslav Grepl <mgrepl> Date: Thu Nov 19 11:51:27 2015 +0100 Merge pull request #69 from vmojzis/f22-contrib Allow iscsid create netlink iscsid sockets. - backport commit 19d02bee8b616ef31d64e36434c55e8291019819 Author: Lukas Vrabec <lvrabec> Date: Thu Oct 8 09:02:34 2015 +0200 Allow iscsid create netlink iscsid sockets.
selinux-policy-3.13.1-128.21.fc22 has been submitted as an update to Fedora 22. https://bodhi.fedoraproject.org/updates/FEDORA-2015-1bbd3df966
selinux-policy-3.13.1-128.21.fc22 has been pushed to the Fedora 22 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with $ su -c 'dnf --enablerepo=updates-testing update selinux-policy' You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2015-1bbd3df966
selinux-policy-3.13.1-128.21.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report.