Description of problem: I noticed this new AVC after manually restarting tor service, today. I did this after upgrading openssl, thinking it might be necessary. Raw Audit Messages type=AVC msg=audit(1462562511.162:394642): avc: denied { read } for pid=2789 comm="tor" name="unix" dev="proc" ino=4026532020 scontext=system_u:system_r:tor_t:s0 tcontext=system_u:object_r:proc_net_t:s0 tclass=file permissive=0 Hash: tor,tor_t,proc_net_t,file,read Version-Release number of selected component (if applicable): tor-0.2.7.6-5.fc23.x86_64 selinux-policy-3.13.1-158.15.fc23.noarch How reproducible: Not sure, 1/1 times, so far. Steps to Reproduce: 1. systemctl restart tor.service Actual results: SELinux generates AVC Expected results: No AVC Additional info: Source Context system_u:system_r:tor_t:s0 Target Context system_u:object_r:proc_net_t:s0 Target Objects unix [ file ] Source tor Source Path tor Port <Unknown> Host wrangler Source RPM Packages Target RPM Packages Policy RPM selinux-policy-3.13.1-158.15.fc23.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name wrangler Platform Linux wrangler 4.4.6-301.fc23.x86_64 #1 SMP Wed Mar 30 16:43:58 UTC 2016 x86_64 x86_64 Alert Count 1 First Seen 2016-05-06 12:21:51 PDT Last Seen 2016-05-06 12:21:51 PDT Local ID 6e3f3668-3e80-4c0e-bd33-a4cb9a9480ae
Thanks for your bug report! Unfortunately, I haven't been able to reproduce your problem. Can you please attach a copy of your /etc/tor/torrc file?
You're welcome, no problem. I'm sorry, too; I think his is the second time a brought you a configuration issue. Hmm, I bet it's syslog. Do you think tor will have the capability to log to the journal, soon? Here is my redacted torrc. I hope this is okay. ControlSocket /run/tor/control ControlSocketsGroupWritable 1 CookieAuthentication 1 CookieAuthFile /run/tor/control.authcookie CookieAuthFileGroupReadable 1 SOCKSPort 0 # what port to open for local application connections SOCKSListenAddress 127.0.0.1 # accept connections only from localhost Log notice syslog DataDirectory /var/lib/tor ORPort 9001 ORListenAddress <local if ip> OutboundBindAddress <local if ip> Address <externally resolvable hostname> Nickname <nickname> RelayBandwidthRate 180 KBytes RelayBandwidthBurst 240 KBytes ExitPolicy reject *:* MaxMemInQueues 2048 MBytes User toranon NumCPUS 2
Is this still happening when you restart Tor?
Hi Jamie, I'm not sure. Looks like I restarted it on 22 May and sealert doesn't show any new events for it. So, maybe not. I'll be sure to check after upgrade to 24, which I'm expecting soon. (Odd. I don't think I got e-mail about your bug post.)
I've upgraded to F24 and rebooted a couple times since my last update. No recurrences to report.
So, closing this bug, per #5. Please reopen if I misunderstood the comment.
Hi Michael, Sorry for the confusion. I actually think this is a duplicate of the other SELinux tor bug. I still have four SELinux local policy modules installed to get tor to run. I think you are working on a patch for that. *** This bug has been marked as a duplicate of bug 1357395 ***
Ah rats. Okay, I got this mixed up with the other one. I don't think it's related and I don't have that AVC anymore.