Description of problem: From the kdumpctl help document, the kdumpctl start can start kdump service. But actually it doesn't start kdump service. Version-Release number of selected component (if applicable): 4.6.3-300.fc24.ppc64 How reproducible: 100% Steps to Reproduce: 1.systemctl stop kdump 2.kdumpctl start or restart 3.check if kdump service start Actual results: kdump service doesn't start after kdumpctl start Expected results: kdump service start after kdumpctl start. Additional info:
[root@localhost ~]# cat /proc/iomem|grep Crash 25000000-34ffffff : Crash kernel [root@localhost ~]# systemctl enable kdump Created symlink from /etc/systemd/system/multi-user.target.wants/kdump.service to /usr/lib/systemd/system/kdump.service. [root@localhost ~]# systemctl stop kdump [root@localhost ~]# systemctl start kdump [root@localhost ~]# kdumpctl status Kdump is operational I can not reproduce in a fresh installed Fedora vm...
Sorry, I miss the message. The cmd "kdumpctl status" show it work. But the cmd "systemctl status kdump" show it started failed. I think the cmd "kdumpctl start kdump" doesn't update the systemd status.
I guess it is caused by access denying like below: Aug 3 17:20:39 localhost audit: AVC avc: denied { sys_admin } for pid=2120 c omm="kexec" capability=21 scontext=system_u:system_r:kdump_t:s0 tcontext=system _u:system_r:kdump_t:s0 tclass=capability permissive=0 : omm="kexec" capability=21 scontext=system_u:system_r:kdump_t:s0 tcontext=system _u:system_r:kdump_t:s0 tclass=capability permissive=0 Aug 3 17:20:39 localhost audit: AVC avc: denied { sys_admin } for pid=2120 c omm="kexec" capability=21 scontext=system_u:system_r:kdump_t:s0 tcontext=system _u:system_r:kdump_t:s0 tclass=capability permissive=0 Aug 3 17:20:39 localhost audit: AVC avc: denied { sys_admin } for pid=2120 c omm="kexec" capability=21 scontext=system_u:system_r:kdump_t:s0 tcontext=system _u:system_r:kdump_t:s0 tclass=capability permissive=0 We need help from selinux team..
Hi, I think I misunderstood the bug report, it should be not a bug because kdumpctl is for internal use, one should use systemctl to start/stop kdump service. But I did see a rawhide bug in comment #3, systemctl start kdump failed as I said in comment #3. So let's use this bug for issues in comment #3 Thanks Dave
selinux-policy-3.13.1-191.10.fc24 has been submitted as an update to Fedora 24. https://bodhi.fedoraproject.org/updates/FEDORA-2016-2c8a3e08c6
Moving back to NEW state. I added wrong BZ ID to bodhi.
SELinux is preventing restorecon from write access on the fifo_file /var/tmp/dracut.94mpiI/systemd-cat. ***** Plugin catchall (100. confidence) suggests ************************** If you believe that restorecon should be allowed write access on the systemd-cat fifo_file by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # ausearch -c 'restorecon' --raw | audit2allow -M my-restorecon # semodule -X 300 -i my-restorecon.pp Additional Information: Source Context system_u:system_r:setfiles_t:s0 Target Context system_u:object_r:kdumpctl_tmp_t:s0 Target Objects /var/tmp/dracut.94mpiI/systemd-cat [ fifo_file ] Source restorecon Source Path restorecon Port <Unknown> Host localhost.localdomain Source RPM Packages Target RPM Packages Policy RPM selinux-policy-3.13.1-191.16.fc24.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name localhost.localdomain Platform Linux localhost.localdomain 4.7.4-200.fc24.x86_64 #1 SMP Thu Sep 15 18:42:09 UTC 2016 x86_64 x86_64 Alert Count 1 First Seen 2016-09-30 19:58:52 PDT Last Seen 2016-09-30 19:58:52 PDT Local ID 72bac7b2-3fe9-47de-9382-118844efb7a9 Raw Audit Messages type=AVC msg=audit(1475290732.714:224): avc: denied { write } for pid=21528 comm="restorecon" path="/var/tmp/dracut.94mpiI/systemd-cat" dev="dm-1" ino=6818526 scontext=system_u:system_r:setfiles_t:s0 tcontext=system_u:object_r:kdumpctl_tmp_t:s0 tclass=fifo_file permissive=0 Hash: restorecon,setfiles_t,kdumpctl_tmp_t,fifo_file,write
In case it wasn't clear, the denial I just posted was received while starting the kdump service.
I think I just ran into this on F25. Any update? I'm really hoping kdump will help me.
*** Bug 1311534 has been marked as a duplicate of this bug. ***
selinux-policy-3.13.1-191.24.fc24 has been submitted as an update to Fedora 24. https://bodhi.fedoraproject.org/updates/FEDORA-2017-7585703fbe
selinux-policy-3.13.1-191.24.fc24 has been pushed to the Fedora 24 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2017-7585703fbe
selinux-policy-3.13.1-191.24.fc24 has been pushed to the Fedora 24 stable repository. If problems still persist, please make note of it in this bug report.