Bug 1589339 - SELinux prevents p11_child from write permissions
Summary: SELinux prevents p11_child from write permissions
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy
Version: 28
Hardware: All
OS: All
unspecified
medium
Target Milestone: ---
Assignee: Lukas Vrabec
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2018-06-08 18:04 UTC by Orion Poplawski
Modified: 2018-07-29 03:22 UTC (History)
5 users (show)

Fixed In Version: selinux-policy-3.14.1-36.fc28
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2018-07-29 03:22:37 UTC
Type: Bug


Attachments (Terms of Use)

Description Orion Poplawski 2018-06-08 18:04:22 UTC
Description of problem:

type=AVC msg=audit(1528412042.933:535): avc:  denied  { write } for  pid=5718 comm="p11_child" name="cert9.db" dev="dm-1" ino=7733803 scontext=system_u:system_r:sssd_t:s0 tcontext=system_u:object_r:cert_t:s0 tclass=file permissive=0
type=AVC msg=audit(1528412042.934:536): avc:  denied  { write } for  pid=5718 comm="p11_child" name="key4.db" dev="dm-1" ino=7733805 scontext=system_u:system_r:sssd_t:s0 tcontext=system_u:object_r:cert_t:s0 tclass=file permissive=0

Version-Release number of selected component (if applicable):
selinux-policy-3.14.1-30.fc28.noarch
sssd-1.16.1-9.fc28.x86_64

/var/log/sssd/p11_child.log has:

(Thu Jun  7 15:54:02 2018) [[sssd[p11_child[5718]]]] [do_work] (0x0040): No removable slots found.
(Thu Jun  7 15:54:02 2018) [[sssd[p11_child[5718]]]] [main] (0x0040): do_work failed.
(Thu Jun  7 15:54:02 2018) [[sssd[p11_child[5718]]]] [main] (0x0020): p11_child failed!

not sure if they are related.  Not aware of any problems that may be a result of this.

Comment 1 Fedora Update System 2018-07-25 22:28:12 UTC
selinux-policy-3.14.1-36.fc28 has been submitted as an update to Fedora 28. https://bodhi.fedoraproject.org/updates/FEDORA-2018-1050fb248b

Comment 2 Fedora Update System 2018-07-26 16:30:40 UTC
selinux-policy-3.14.1-36.fc28 has been pushed to the Fedora 28 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-1050fb248b

Comment 3 Fedora Update System 2018-07-29 03:22:37 UTC
selinux-policy-3.14.1-36.fc28 has been pushed to the Fedora 28 stable repository. If problems still persist, please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.