Bug 1418587 - SELinux is preventing firewalld from 'write' accesses on the directory /usr/lib/python3.5/site-packages/firewall/core/__pycache__.
Summary: SELinux is preventing firewalld from 'write' accesses on the directory /usr/l...
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy
Version: 25
Hardware: x86_64
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Lukas Vrabec
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard: abrt_hash:07dbe5e353e6fe99532e3397647...
: 1467091 1470969 (view as bug list)
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2017-02-02 09:23 UTC by Gabriel Einsdorf
Modified: 2017-07-14 07:26 UTC (History)
22 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2017-06-27 14:29:37 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)

Description Gabriel Einsdorf 2017-02-02 09:23:16 UTC 
Description of problem:
SELinux is preventing firewalld from 'write' accesses on the directory /usr/lib/python3.5/site-packages/firewall/core/__pycache__.

*****  Plugin catchall (100. confidence) suggests   **************************

If you believe that firewalld should be allowed write access on the __pycache__ directory by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# ausearch -c 'firewalld' --raw | audit2allow -M my-firewalld
# semodule -X 300 -i my-firewalld.pp

Additional Information:
Source Context                system_u:system_r:firewalld_t:s0
Target Context                system_u:object_r:lib_t:s0
Target Objects                /usr/lib/python3.5/site-
                              packages/firewall/core/__pycache__ [ dir ]
Source                        firewalld
Source Path                   firewalld
Port                          <Unknown>
Host                          (removed)
Source RPM Packages           
Target RPM Packages           python3-firewall-0.4.4.2-2.fc25.noarch
Policy RPM                    selinux-policy-3.13.1-225.6.fc25.noarch
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Enforcing
Host Name                     (removed)
Platform                      Linux (removed) 4.9.6-200.fc25.x86_64 #1 SMP Thu
                              Jan 26 10:17:45 UTC 2017 x86_64 x86_64
Alert Count                   93
First Seen                    2017-02-02 10:19:06 CET
Last Seen                     2017-02-02 10:19:07 CET
Local ID                      b973fc19-1f03-49cc-9c53-e50ddc513dea

Raw Audit Messages
type=AVC msg=audit(1486027147.91:204): avc:  denied  { write } for  pid=1157 comm="firewalld" name="__pycache__" dev="dm-1" ino=1313629 scontext=system_u:system_r:firewalld_t:s0 tcontext=system_u:object_r:lib_t:s0 tclass=dir permissive=0


Hash: firewalld,firewalld_t,lib_t,dir,write

Version-Release number of selected component:
selinux-policy-3.13.1-225.6.fc25.noarch

Additional info:
reporter:       libreport-2.8.0
hashmarkername: setroubleshoot
kernel:         4.9.6-200.fc25.x86_64
type:           libreport

Potential duplicate: bug 1056137
Comment 1 Alexander Ploumistos 2017-03-02 13:57:37 UTC 
Description of problem:
This started happening after the update to selinux-policy-3.13.1-225.10.fc25 and it is still present in selinux-policy-3.13.1-225.11.fc25.


Additional info:
reporter:       libreport-2.8.0
hashmarkername: setroubleshoot
kernel:         4.9.13-200.fc25.x86_64
type:           libreport
Comment 2 Eduardo Habkost 2017-06-21 19:13:31 UTC 
Description of problem:
Happened just after a fresh install o Fedora 25, when I installed firewall-config.

Version-Release number of selected component:
selinux-policy-3.13.1-225.18.fc25.noarch

Additional info:
reporter:       libreport-2.8.0
hashmarkername: setroubleshoot
kernel:         4.8.6-300.fc25.x86_64
type:           libreport
Comment 3 Jeremy 2017-07-02 16:50:39 UTC 
*** Bug 1467091 has been marked as a duplicate of this bug. ***
Comment 4 Fernando Rodríguez 2017-07-14 07:26:59 UTC 
*** Bug 1470969 has been marked as a duplicate of this bug. ***
Note You need to log in before you can comment on or make changes to this bug.