Description of problem: Lookup alert return NULL alerts Version-Release number of selected component (if applicable): selinux-policy-targeted-3.13.1-155.fc24.noarch How reproducible: 101% Steps to Reproduce: 1. Run SELinux Troubleshooter browser 'sealert -b' Actual results: Lookup alert returns NULL alerts Expected results: Lookup alert returns ALL alerts Additional info: # sealert -a /var/log/audit/audit.log 100% done found 4 alerts in /var/log/audit/audit.log -------------------------------------------------------------------------------- SELinux is preventing spice-vdagentd from getattr access on the filesystem /sys/fs/cgroup. https://bugzilla.redhat.com/show_bug.cgi?id=1274958 -------------------------------------------------------------------------------- SELinux is preventing setroubleshootd from write access on the directory /dev/shm. ***** Plugin catchall (100. confidence) suggests ************************** If you believe that setroubleshootd should be allowed write access on the shm directory by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # grep setroubleshootd /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context system_u:system_r:setroubleshootd_t:s0-s0:c0.c1023 Target Context system_u:object_r:tmpfs_t:s0 Target Objects /dev/shm [ dir ] Source setroubleshootd Source Path setroubleshootd Port <Unknown> Host <Unknown> Source RPM Packages Target RPM Packages Policy RPM selinux-policy-3.13.1-155.fc24.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name localhost Platform Linux localhost 4.3.0-0.rc6.git1.1.fc24.x86_64 #1 SMP Tue Oct 20 15:25:10 UTC 2015 x86_64 x86_64 Alert Count 10 First Seen 2015-10-24 00:59:28 EDT Last Seen 2015-10-24 00:59:28 EDT Local ID a73632da-4272-4b3a-9d3c-b2121a459de2 Raw Audit Messages type=AVC msg=audit(1445662768.275:620): avc: denied { write } for pid=2899 comm="setroubleshootd" name="/" dev="tmpfs" ino=10416 scontext=system_u:system_r:setroubleshootd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:tmpfs_t:s0 tclass=dir permissive=0 Hash: setroubleshootd,setroubleshootd_t,tmpfs_t,dir,write -------------------------------------------------------------------------------- SELinux is preventing setroubleshootd from write access on the directory /tmp. ***** Plugin catchall (100. confidence) suggests ************************** If you believe that setroubleshootd should be allowed write access on the tmp directory by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # grep setroubleshootd /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context system_u:system_r:setroubleshootd_t:s0-s0:c0.c1023 Target Context system_u:object_r:tmp_t:s0 Target Objects /tmp [ dir ] Source setroubleshootd Source Path setroubleshootd Port <Unknown> Host <Unknown> Source RPM Packages Target RPM Packages filesystem-3.2-35.fc24.x86_64 Policy RPM selinux-policy-3.13.1-155.fc24.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name localhost Platform Linux localhost 4.3.0-0.rc6.git1.1.fc24.x86_64 #1 SMP Tue Oct 20 15:25:10 UTC 2015 x86_64 x86_64 Alert Count 12 First Seen 2015-10-24 00:59:28 EDT Last Seen 2015-10-24 00:59:28 EDT Local ID 1ac75f96-3563-46f9-8a05-f230f2acb39e Raw Audit Messages type=AVC msg=audit(1445662768.274:617): avc: denied { write } for pid=2899 comm="setroubleshootd" name="/" dev="tmpfs" ino=16469 scontext=system_u:system_r:setroubleshootd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:tmp_t:s0 tclass=dir permissive=0 Hash: setroubleshootd,setroubleshootd_t,tmp_t,dir,write -------------------------------------------------------------------------------- # grep setroubleshootd /var/log/audit/audit.log | audit2allow -M mypol ******************** IMPORTANT *********************** To make this policy package active, execute: semodule -i mypol.pp # cat mypol.te module mypol 1.0; require { type tmp_t; type setroubleshootd_t; type tmpfs_t; class dir write; } #============= setroubleshootd_t ============== #!!!! WARNING: 'tmp_t' is a base type. allow setroubleshootd_t tmp_t:dir write; allow setroubleshootd_t tmpfs_t:dir write;
4th: SELinux is preventing abrt-hook-ccpp from getattr access on the file file. https://bugzilla.redhat.com/show_bug.cgi?id=1274963
We have fixes for these issues in the latest rawhide packages. Thank you for reporting.