Note: This bug is displayed in read-only format because
the product is no longer active in Red Hat Bugzilla.
RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
DescriptionRadka Brychtova
2016-08-08 16:07:54 UTC
I found similar problem of this bug in rhel7
selinux-policy-3.13.1-92.el7.noarch
systemd-219-25.el7.x86_64
AVC:
type=SYSCALL msg=audit(08/08/2016 11:53:53.631:567) : arch=x86_64 syscall=recvmsg success=yes exit=16 a0=0x6 a1=0x7f7fe5445b20 a2=MSG_CMSG_CLOEXEC a3=0x0 items=0 ppid=1 pid=646 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=gdbus exe=/usr/sbin/ModemManager subj=system_u:system_r:modemmanager_t:s0 key=(null)
type=AVC msg=audit(08/08/2016 11:53:53.631:567) : avc: denied { write } for pid=646 comm=gdbus path=/run/systemd/inhibit/1.ref dev="tmpfs" ino=22752 scontext=system_u:system_r:modemmanager_t:s0 tcontext=system_u:object_r:systemd_logind_inhibit_var_run_t:s0 tclass=fifo_file
Steps to Reproduce:
1.setenforce 0
2.systemctl restart systemd-logind.service
+++ This bug was initially created as a clone of Bug #1357144 +++
Description of problem:
SELinux is preventing gdbus from 'write' accesses on the fifo_file /run/systemd/inhibit/1.ref.
***** Plugin catchall (100. confidence) suggests **************************
If you believe that gdbus should be allowed write access on the 1.ref fifo_file by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# ausearch -c 'gdbus' --raw | audit2allow -M my-gdbus
# semodule -X 300 -i my-gdbus.pp
Additional Information:
Source Context system_u:system_r:modemmanager_t:s0
Target Context system_u:object_r:systemd_logind_inhibit_var_run_t
:s0
Target Objects /run/systemd/inhibit/1.ref [ fifo_file ]
Source gdbus
Source Path gdbus
Port <Unknown>
Host (removed)
Source RPM Packages
Target RPM Packages
Policy RPM selinux-policy-3.13.1-202.fc25.noarch
Selinux Enabled True
Policy Type targeted
Enforcing Mode Enforcing
Host Name (removed)
Platform Linux (removed) 4.7.0-0.rc7.git2.1.fc25.x86_64 #1
SMP Wed Jul 13 21:14:25 UTC 2016 x86_64 x86_64
Alert Count 1
First Seen 2016-07-15 21:04:18 EDT
Last Seen 2016-07-15 21:04:18 EDT
Local ID 26691368-6123-410d-b856-efb9fea7d8e4
Raw Audit Messages
type=AVC msg=audit(1468631058.973:104): avc: denied { write } for pid=943 comm="gdbus" path="/run/systemd/inhibit/1.ref" dev="tmpfs" ino=18215 scontext=system_u:system_r:modemmanager_t:s0 tcontext=system_u:object_r:systemd_logind_inhibit_var_run_t:s0 tclass=fifo_file permissive=0
Hash: gdbus,modemmanager_t,systemd_logind_inhibit_var_run_t,fifo_file,write
Version-Release number of selected component:
selinux-policy-3.13.1-202.fc25.noarch
Additional info:
reporter: libreport-2.7.1
hashmarkername: setroubleshoot
kernel: 4.7.0-0.rc7.git2.1.fc25.x86_64
reproducible: Not sure how to reproduce the problem
type: libreport
--- Additional comment from Medic Momcilo on 2016-07-22 03:04:51 EDT ---
Description of problem:
Boot up the PC after an update and had SE alert shown.
Version-Release number of selected component:
selinux-policy-3.13.1-203.fc25.noarch
Additional info:
reporter: libreport-2.7.2
hashmarkername: setroubleshoot
kernel: 4.7.0-0.rc7.git4.1.fc25.x86_64
type: libreport
--- Additional comment from Jan Kurik on 2016-07-26 00:44:18 EDT ---
This bug appears to have been reported against 'rawhide' during the Fedora 25 development cycle.
Changing version to '25'.
--- Additional comment from Kwang Moo Yi on 2016-08-03 12:46:48 EDT ---
I can confirm the problem exists for me as well, on fedora24 instead of 25.
selinux-policy-3.13.1-191.9.fc24.noarch
kernel: 4.6.5-300.fc24.x86_64
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.
https://rhn.redhat.com/errata/RHBA-2016-2283.html
I found similar problem of this bug in rhel7 selinux-policy-3.13.1-92.el7.noarch systemd-219-25.el7.x86_64 AVC: type=SYSCALL msg=audit(08/08/2016 11:53:53.631:567) : arch=x86_64 syscall=recvmsg success=yes exit=16 a0=0x6 a1=0x7f7fe5445b20 a2=MSG_CMSG_CLOEXEC a3=0x0 items=0 ppid=1 pid=646 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=gdbus exe=/usr/sbin/ModemManager subj=system_u:system_r:modemmanager_t:s0 key=(null) type=AVC msg=audit(08/08/2016 11:53:53.631:567) : avc: denied { write } for pid=646 comm=gdbus path=/run/systemd/inhibit/1.ref dev="tmpfs" ino=22752 scontext=system_u:system_r:modemmanager_t:s0 tcontext=system_u:object_r:systemd_logind_inhibit_var_run_t:s0 tclass=fifo_file Steps to Reproduce: 1.setenforce 0 2.systemctl restart systemd-logind.service +++ This bug was initially created as a clone of Bug #1357144 +++ Description of problem: SELinux is preventing gdbus from 'write' accesses on the fifo_file /run/systemd/inhibit/1.ref. ***** Plugin catchall (100. confidence) suggests ************************** If you believe that gdbus should be allowed write access on the 1.ref fifo_file by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # ausearch -c 'gdbus' --raw | audit2allow -M my-gdbus # semodule -X 300 -i my-gdbus.pp Additional Information: Source Context system_u:system_r:modemmanager_t:s0 Target Context system_u:object_r:systemd_logind_inhibit_var_run_t :s0 Target Objects /run/systemd/inhibit/1.ref [ fifo_file ] Source gdbus Source Path gdbus Port <Unknown> Host (removed) Source RPM Packages Target RPM Packages Policy RPM selinux-policy-3.13.1-202.fc25.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 4.7.0-0.rc7.git2.1.fc25.x86_64 #1 SMP Wed Jul 13 21:14:25 UTC 2016 x86_64 x86_64 Alert Count 1 First Seen 2016-07-15 21:04:18 EDT Last Seen 2016-07-15 21:04:18 EDT Local ID 26691368-6123-410d-b856-efb9fea7d8e4 Raw Audit Messages type=AVC msg=audit(1468631058.973:104): avc: denied { write } for pid=943 comm="gdbus" path="/run/systemd/inhibit/1.ref" dev="tmpfs" ino=18215 scontext=system_u:system_r:modemmanager_t:s0 tcontext=system_u:object_r:systemd_logind_inhibit_var_run_t:s0 tclass=fifo_file permissive=0 Hash: gdbus,modemmanager_t,systemd_logind_inhibit_var_run_t,fifo_file,write Version-Release number of selected component: selinux-policy-3.13.1-202.fc25.noarch Additional info: reporter: libreport-2.7.1 hashmarkername: setroubleshoot kernel: 4.7.0-0.rc7.git2.1.fc25.x86_64 reproducible: Not sure how to reproduce the problem type: libreport --- Additional comment from Medic Momcilo on 2016-07-22 03:04:51 EDT --- Description of problem: Boot up the PC after an update and had SE alert shown. Version-Release number of selected component: selinux-policy-3.13.1-203.fc25.noarch Additional info: reporter: libreport-2.7.2 hashmarkername: setroubleshoot kernel: 4.7.0-0.rc7.git4.1.fc25.x86_64 type: libreport --- Additional comment from Jan Kurik on 2016-07-26 00:44:18 EDT --- This bug appears to have been reported against 'rawhide' during the Fedora 25 development cycle. Changing version to '25'. --- Additional comment from Kwang Moo Yi on 2016-08-03 12:46:48 EDT --- I can confirm the problem exists for me as well, on fedora24 instead of 25. selinux-policy-3.13.1-191.9.fc24.noarch kernel: 4.6.5-300.fc24.x86_64