Description of problem: SELinux is preventing boinc_client from 'read' accesses on the file cpuset.mems. ***** Plugin catchall (100. confidence) suggests ************************** If you believe that boinc_client should be allowed read access on the cpuset.mems file by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # ausearch -c 'boinc_client' --raw | audit2allow -M my-boincclient # semodule -X 300 -i my-boincclient.pp Additional Information: Source Context system_u:system_r:boinc_t:s0 Target Context system_u:object_r:cgroup_t:s0 Target Objects cpuset.mems [ file ] Source boinc_client Source Path boinc_client Port <Unknown> Host (removed) Source RPM Packages Target RPM Packages Policy RPM selinux-policy-3.13.1-261.fc27.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 4.12.0-0.rc7.git2.1.fc27.x86_64 #1 SMP Thu Jun 29 19:31:13 UTC 2017 x86_64 x86_64 Alert Count 6 First Seen 2017-07-06 14:48:09 MDT Last Seen 2017-07-06 15:53:20 MDT Local ID 79a619cd-4c45-4692-aef7-d05d7c9f2244 Raw Audit Messages type=AVC msg=audit(1499378000.601:5890): avc: denied { read } for pid=31199 comm="boinc_client" name="cpuset.mems" dev="cgroup" ino=9 scontext=system_u:system_r:boinc_t:s0 tcontext=system_u:object_r:cgroup_t:s0 tclass=file permissive=0 Hash: boinc_client,boinc_t,cgroup_t,file,read Version-Release number of selected component: selinux-policy-3.13.1-261.fc27.noarch Additional info: component: selinux-policy reporter: libreport-2.9.1 hashmarkername: setroubleshoot kernel: 4.12.0-0.rc7.git2.1.fc27.x86_64 type: libreport Potential duplicate: bug 1435112
This bug appears to have been reported against 'rawhide' during the Fedora 27 development cycle. Changing version to '27'.
Description of problem: Since upgrade from F26 to F27 Beta Version-Release number of selected component: selinux-policy-3.13.1-283.5.fc27.noarch Additional info: reporter: libreport-2.9.2 hashmarkername: setroubleshoot kernel: 4.13.5-300.fc27.x86_64 type: libreport
Works fine with selinux-policy-3.13.1-283.9.fc27.noarch and selinux-policy-targeted-3.13.1-283.9.fc27.noarch
*** Bug 1541770 has been marked as a duplicate of this bug. ***
I can reproduce it with selinux-policy-targeted-3.13.1-283.21.fc27.noarch type=AVC msg=audit(8.2.2018 02:31:07.628:200) : avc: denied { read } for pid=5953 comm=boinc_client name=cpuset.cpus dev="cgroup" ino=8 scontext=system_u:system_r:boinc_t:s0 tcontext=system_u:object_r:cgroup_t:s0 tclass=file permissive=0 ---- type=AVC msg=audit(8.2.2018 02:31:07.628:201) : avc: denied { read } for pid=5953 comm=boinc_client name=cpuset.mems dev="cgroup" ino=9 scontext=system_u:system_r:boinc_t:s0 tcontext=system_u:object_r:cgroup_t:s0 tclass=file permissive=0
selinux-policy-3.13.1-283.28.fc27 has been submitted as an update to Fedora 27. https://bodhi.fedoraproject.org/updates/FEDORA-2018-32ebae3424
selinux-policy-3.13.1-283.28.fc27 has been pushed to the Fedora 27 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-32ebae3424
selinux-policy-3.13.1-283.28.fc27 has been pushed to the Fedora 27 stable repository. If problems still persist, please make note of it in this bug report.