Bug 1405768 - SELinux is preventing cat from 'read' accesses on the file last_pwr.
Summary: SELinux is preventing cat from 'read' accesses on the file last_pwr.
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy
Version: 25
Hardware: x86_64
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Lukas Vrabec
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard: abrt_hash:8a36d62055c24f0cfe80ca2d71e...
: 1405280 1432511 (view as bug list)
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-12-18 09:38 UTC by Charles-Henri d'Adhémar
Modified: 2017-09-18 14:36 UTC (History)
17 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2017-06-06 13:44:12 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)

Description Charles-Henri d'Adhémar 2016-12-18 09:38:35 UTC 
Description of problem:
I get this error at boot time. I have enabled autologin and LUKS
SELinux is preventing cat from 'read' accesses on the file last_pwr.

*****  Plugin catchall (100. confidence) suggests   **************************

If vous pensez que cat devrait être autorisé à accéder read sur last_pwr file par défaut.
Then vous devriez rapporter ceci en tant qu'anomalie.
Vous pouvez générer un module de stratégie local pour autoriser cet accès.
Do
allow this access for now by executing:
# ausearch -c 'cat' --raw | audit2allow -M my-cat
# semodule -X 300 -i my-cat.pp

Additional Information:
Source Context                system_u:system_r:tlp_t:s0
Target Context                system_u:object_r:var_run_t:s0
Target Objects                last_pwr [ file ]
Source                        cat
Source Path                   cat
Port                          <Unknown>
Host                          (removed)
Source RPM Packages           
Target RPM Packages           
Policy RPM                    selinux-policy-3.13.1-225.3.fc25.noarch
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Permissive
Host Name                     (removed)
Platform                      Linux (removed) 4.8.14-300.fc25.x86_64 #1 SMP Mon
                              Dec 12 16:31:04 UTC 2016 x86_64 x86_64
Alert Count                   1
First Seen                    2016-12-18 10:33:36 CET
Last Seen                     2016-12-18 10:33:36 CET
Local ID                      ac9f1e7f-3ad5-4ff0-add0-ca43faf59f5b

Raw Audit Messages
type=AVC msg=audit(1482053616.479:234): avc:  denied  { read } for  pid=2443 comm="cat" name="last_pwr" dev="tmpfs" ino=15171 scontext=system_u:system_r:tlp_t:s0 tcontext=system_u:object_r:var_run_t:s0 tclass=file permissive=1


Hash: cat,tlp_t,var_run_t,file,read

Version-Release number of selected component:
selinux-policy-3.13.1-225.3.fc25.noarch

Additional info:
reporter:       libreport-2.8.0
hashmarkername: setroubleshoot
kernel:         4.8.14-300.fc25.x86_64
type:           libreport
Comment 1 arturpolak1 2017-03-15 14:36:46 UTC 
*** Bug 1432511 has been marked as a duplicate of this bug. ***
Comment 2 Luca Botti 2017-06-03 07:35:08 UTC 
Description of problem:
Restarted PC after some updates (Dell XPS15 9560). Enabled TLP for power management purposes.

Version-Release number of selected component:
selinux-policy-3.13.1-225.16.fc25.noarch

Additional info:
reporter:       libreport-2.8.0
hashmarkername: setroubleshoot
kernel:         4.11.3-200.fc25.x86_64
type:           libreport
Comment 3 Lukas Vrabec 2017-06-06 13:42:40 UTC 
*** Bug 1405280 has been marked as a duplicate of this bug. ***
Comment 4 Lukas Vrabec 2017-06-06 13:43:58 UTC 
Please run:
# restorecon -Rv /run/ 

To fix your issue. 

Thanks,
Lukas.
Comment 5 cj 2017-06-27 15:44:39 UTC 
Description of problem:
Typically happens on waking from sleep - possibly also on initial startup

Version-Release number of selected component:
selinux-policy-3.13.1-225.18.fc25.noarch

Additional info:
reporter:       libreport-2.8.0
hashmarkername: setroubleshoot
kernel:         4.11.5-200.fc25.x86_64
type:           libreport
Note You need to log in before you can comment on or make changes to this bug.