Hide Forgot
Description of problem: got this alert after trying the test program proposed by https://bugzilla.redhat.com/show_bug.cgi?id=1370475#c23 SELinux is preventing /home/sheepdestroyer/a.out from 'create' accesses on the file /dev/fd/. ***** Plugin catchall (100. confidence) suggests ************************** If you believe that a.out should be allowed create access on the file by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # ausearch -c 'a.out' --raw | audit2allow -M my-aout # semodule -X 300 -i my-aout.pp Additional Information: Source Context unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1 023 Target Context unconfined_u:object_r:unconfined_t:s0 Target Objects /dev/fd/ [ file ] Source a.out Source Path /home/sheepdestroyer/a.out Port <Unknown> Host (removed) Source RPM Packages Target RPM Packages Policy RPM selinux-policy-3.13.1-191.14.fc24.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 4.7.2+ #3 SMP Sun Aug 21 23:08:59 JST 2016 x86_64 x86_64 Alert Count 1 First Seen 2016-08-31 15:19:12 CEST Last Seen 2016-08-31 15:19:12 CEST Local ID 423ec242-bb96-47c8-8627-720328f5c131 Raw Audit Messages type=AVC msg=audit(1472649552.537:2945): avc: denied { create } for pid=3657 comm="a.out" name="4" scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:unconfined_t:s0 tclass=file permissive=0 type=SYSCALL msg=audit(1472649552.537:2945): arch=x86_64 syscall=open success=yes exit=EIO a0=7ffc762bb5e0 a1=241 a2=1b6 a3=69d items=3 ppid=3511 pid=3657 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts0 ses=3 comm=a.out exe=/home/sheepdestroyer/a.out subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) type=CWD msg=audit(1472649552.537:2945): cwd=/home/sheepdestroyer type=PATH msg=audit(1472649552.537:2945): item=0 name=/dev/fd/ inode=52706 dev=00:04 mode=040500 ouid=1000 ogid=1000 rdev=00:00 obj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 nametype=PARENT type=PATH msg=audit(1472649552.537:2945): item=1 name=/dev/fd/4 inode=52707 dev=00:04 mode=0120300 ouid=1000 ogid=1000 rdev=00:00 obj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 nametype=NORMAL type=PATH msg=audit(1472649552.537:2945): item=2 name=/dev/fd/4 inode=52704 dev=00:0a mode=010600 ouid=1000 ogid=1000 rdev=00:00 obj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 nametype=NORMAL Hash: a.out,unconfined_t,unconfined_t,file,create Version-Release number of selected component: selinux-policy-3.13.1-191.14.fc24.noarch Additional info: reporter: libreport-2.7.2 hashmarkername: setroubleshoot kernel: 4.7.2+ type: libreport
Description of problem: Just retried the same test program on a freshly built 4.8-rc4 kernel. Got the same error that doesn't happen on distro kernels so it must definitely be my config Version-Release number of selected component: selinux-policy-3.13.1-191.14.fc24.noarch Additional info: reporter: libreport-2.7.2 hashmarkername: setroubleshoot kernel: 4.8.0-rc4+ type: libreport
Description of problem: got this one, on the 4.7.2 update-testing's kernel, confirming that something happened on that version that has been corrected on 4.8. Will try to bitsect if possible. Version-Release number of selected component: selinux-policy-3.13.1-191.14.fc24.noarch Additional info: reporter: libreport-2.7.2 hashmarkername: setroubleshoot kernel: 4.7.2-201.fc24.x86_64 type: libreport