Bug 1573406 - SELinux is preventing /usr/lib/systemd/systemd-journald from read, write access on the arquivo /var/log/journal/0e4f2329ec1d426a9283085c0256cb46/user-1000.journal.
Summary: SELinux is preventing /usr/lib/systemd/systemd-journald from read, write acce...
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy
Version: 27
Hardware: x86_64
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Lukas Vrabec
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard: abrt_hash:b1b87bc02d146bb878fc8b3342a...
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2018-05-01 06:03 UTC by Thiago Rodrigues
Modified: 2018-05-01 16:16 UTC (History)
5 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2018-05-01 16:16:48 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)

Description Thiago Rodrigues 2018-05-01 06:03:27 UTC 
Description of problem:
Ao formatar a maquina, o problema começou. 
Sem motivos aparetemente, ou falta de conhecimento pessoal pra tal.
SELinux is preventing /usr/lib/systemd/systemd-journald from read, write access on the arquivo /var/log/journal/0e4f2329ec1d426a9283085c0256cb46/user-1000.journal.

*****  Plugin restorecon (99.5 confidence) suggests   ************************

If you want to fix the label. 
/var/log/journal/0e4f2329ec1d426a9283085c0256cb46/user-1000.journal default label should be var_log_t.
Then you can run restorecon. The access attempt may have been stopped due to insufficient permissions to access a parent directory in which case try to change the following command accordingly.
Do
# /sbin/restorecon -v /var/log/journal/0e4f2329ec1d426a9283085c0256cb46/user-1000.journal

*****  Plugin catchall (1.49 confidence) suggests   **************************

If you believe that systemd-journald should be allowed read write access on the user-1000.journal file by default.
Then você deve informar que este é um erro.
Você pode gerar um módulo de política local para permitir este acesso.
Do
allow this access for now by executing:
# ausearch -c 'systemd-journal' --raw | audit2allow -M my-systemdjournal
# semodule -X 300 -i my-systemdjournal.pp

Additional Information:
Source Context                system_u:system_r:syslogd_t:s0
Target Context                system_u:object_r:unlabeled_t:s0
Target Objects                /var/log/journal/0e4f2329ec1d426a9283085c0256cb46/
                              user-1000.journal [ file ]
Source                        systemd-journal
Source Path                   /usr/lib/systemd/systemd-journald
Port                          <Desconhecido>
Host                          (removed)
Source RPM Packages           systemd-234-10.git5f8984e.fc27.x86_64
Target RPM Packages           
Policy RPM                    selinux-policy-3.13.1-283.32.fc27.noarch
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Enforcing
Host Name                     (removed)
Platform                      Linux (removed) 4.16.5-200.fc27.x86_64 #1 SMP Fri
                              Apr 27 19:05:44 UTC 2018 x86_64 x86_64
Alert Count                   1078
First Seen                    2018-05-01 02:46:58 -03
Last Seen                     2018-05-01 02:47:51 -03
Local ID                      bbcefa8e-8ea8-45eb-b80e-8ed263dde899

Raw Audit Messages
type=AVC msg=audit(1525153671.942:3752): avc:  denied  { read write } for  pid=558 comm="systemd-journal" name="user-1000.journal" dev="sda4" ino=159869 scontext=system_u:system_r:syslogd_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=file permissive=0


type=SYSCALL msg=audit(1525153671.942:3752): arch=x86_64 syscall=openat success=no exit=EACCES a0=ffffffffffffff9c a1=55abe9a3c830 a2=80042 a3=1a0 items=2 ppid=1 pid=558 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=systemd-journal exe=/usr/lib/systemd/systemd-journald subj=system_u:system_r:syslogd_t:s0 key=(null)

type=CWD msg=audit(1525153671.942:3752): cwd=/

type=PATH msg=audit(1525153671.942:3752): item=0 name=/var/log/journal/0e4f2329ec1d426a9283085c0256cb46/ inode=159735 dev=00:2a mode=042755 ouid=0 ogid=190 rdev=00:00 obj=system_u:object_r:var_log_t:s0 nametype=PARENT cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0

type=PATH msg=audit(1525153671.942:3752): item=1 name=/var/log/journal/0e4f2329ec1d426a9283085c0256cb46/user-1000.journal inode=159869 dev=00:2a mode=0100640 ouid=0 ogid=190 rdev=00:00 obj=system_u:object_r:unlabeled_t:s0 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0

Hash: systemd-journal,syslogd_t,unlabeled_t,file,read,write

Version-Release number of selected component:
selinux-policy-3.13.1-283.32.fc27.noarch

Additional info:
component:      selinux-policy
reporter:       libreport-2.9.3
hashmarkername: setroubleshoot
kernel:         4.16.5-200.fc27.x86_64
type:           libreport

Potential duplicate: bug 1295046
Comment 1 Lukas Vrabec 2018-05-01 16:16:48 UTC 
*****  Plugin restorecon (99.5 confidence) suggests   ************************

If you want to fix the label. 
/var/log/journal/0e4f2329ec1d426a9283085c0256cb46/user-1000.journal default label should be var_log_t.
Then you can run restorecon. The access attempt may have been stopped due to insufficient permissions to access a parent directory in which case try to change the following command accordingly.
Do
# /sbin/restorecon -v /var/log/journal/0e4f2329ec1d426a9283085c0256cb46/user-1000.journal
Note You need to log in before you can comment on or make changes to this bug.