1497506 – SELinux is preventing rc.local from 'create' accesses on the Datei power_save.

Bug 1497506 - SELinux is preventing rc.local from 'create' accesses on the Datei power_save.

Summary: SELinux is preventing rc.local from 'create' accesses on the Datei power_save.

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	selinux-policy
Sub Component:
Version:	26
Hardware:	x86_64
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Assignee:	Lukas Vrabec
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:	abrt_hash:d907196a32dda9b4c25e1a46d7f...
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2017-10-01 07:34 UTC by Matthias Andree
Modified:	2017-11-15 20:10 UTC (History)
CC List:	6 users (show)
Fixed In Version:	selinux-policy-3.13.1-260.14.fc26
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2017-11-15 20:10:31 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Matthias Andree 2017-10-01 07:34:03 UTC

Description of problem:
try to configure power settings from a boot script rc.local
SELinux is preventing rc.local from 'create' accesses on the Datei power_save.

*****  Plugin catchall (100. confidence) suggests   **************************

If sie denken, dass es rc.local standardmäßig erlaubt sein sollte, create Zugriff auf power_save file zu erhalten.
Then sie sollten dies als Fehler melden.
Um diesen Zugriff zu erlauben, können Sie ein lokales Richtlinien-Modul erstellen.
Do
allow this access for now by executing:
# ausearch -c 'rc.local' --raw | audit2allow -M my-rclocal
# semodule -X 300 -i my-rclocal.pp

Additional Information:
Source Context                system_u:system_r:init_t:s0
Target Context                system_u:object_r:sysfs_t:s0
Target Objects                power_save [ file ]
Source                        rc.local
Source Path                   rc.local
Port                          <Unbekannt>
Host                          (removed)
Source RPM Packages           
Target RPM Packages           
Policy RPM                    <Unbekannt>
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Enforcing
Host Name                     (removed)
Platform                      Linux (removed) 4.12.13-300.fc26.x86_64 #1 SMP Thu
                              Sep 14 16:00:38 UTC 2017 x86_64 x86_64
Alert Count                   14
First Seen                    2017-09-22 21:29:31 CEST
Last Seen                     2017-09-24 16:16:22 CEST
Local ID                      eb2bcee9-a2e3-4295-88b4-4e0733edb9b6

Raw Audit Messages
type=AVC msg=audit(1506262582.901:120): avc:  denied  { create } for  pid=861 comm="rc.local" name="power_save" scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=file permissive=0


Hash: rc.local,init_t,sysfs_t,file,create


Additional info:
component:      selinux-policy
reporter:       libreport-2.9.1
hashmarkername: setroubleshoot
kernel:         4.12.14-300.fc26.x86_64
type:           libreport

Potential duplicate: bug 1424674

Comment 1 Fedora Update System 2017-10-26 12:31:16 UTC

selinux-policy-3.13.1-260.14.fc26 has been pushed to the Fedora 26 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2017-d312739a4e

Comment 2 Fedora Update System 2017-11-15 20:10:31 UTC

selinux-policy-3.13.1-260.14.fc26 has been pushed to the Fedora 26 stable repository. If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.