Bug 1626487 - SELinux is preventing pmdalinux from 'unix_read' accesses on the shared memory labeled gpsd_t.
Summary: SELinux is preventing pmdalinux from 'unix_read' accesses on the shared memor...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: pcp
Version: 29
Hardware: x86_64
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Lukas Berk
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard: abrt_hash:f63ba26fdf56704f32dd1496c08...
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2018-09-07 13:02 UTC by sedrubal
Modified: 2018-11-28 02:45 UTC (History)
10 users (show)

Fixed In Version: pcp-4.2.0-1.fc27 pcp-4.2.0-1.fc29 pcp-4.2.0-1.fc28
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2018-11-28 02:21:49 UTC
Type: ---


Attachments (Terms of Use)

Description sedrubal 2018-09-07 13:02:11 UTC
Description of problem:
SELinux is preventing pmdalinux from 'unix_read' accesses on the shared memory labeled gpsd_t.

*****  Plugin catchall (100. confidence) suggests   **************************

If you believe that pmdalinux should be allowed unix_read access on the Unknown shm by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# ausearch -c 'pmdalinux' --raw | audit2allow -M my-pmdalinux
# semodule -X 300 -i my-pmdalinux.pp

Additional Information:
Source Context                system_u:system_r:pcp_pmcd_t:s0
Target Context                system_u:system_r:gpsd_t:s0
Target Objects                Unknown [ shm ]
Source                        pmdalinux
Source Path                   pmdalinux
Port                          <Unknown>
Host                          (removed)
Source RPM Packages           
Target RPM Packages           
Policy RPM                    selinux-policy-3.14.2-32.fc29.noarch
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Enforcing
Host Name                     (removed)
Platform                      Linux (removed) 4.18.5-300.fc29.x86_64 #1 SMP Fri
                              Aug 24 17:16:35 UTC 2018 x86_64 x86_64
Alert Count                   414
First Seen                    2018-09-07 03:49:58 CEST
Last Seen                     2018-09-07 14:59:58 CEST
Local ID                      59d53f5a-3f31-47d0-91cf-0d0fa01f6243

Raw Audit Messages
type=AVC msg=audit(1536325198.261:1816): avc:  denied  { unix_read } for  pid=1218 comm="pmdalinux" key=1196446532  scontext=system_u:system_r:pcp_pmcd_t:s0 tcontext=system_u:system_r:gpsd_t:s0 tclass=shm permissive=0


Hash: pmdalinux,pcp_pmcd_t,gpsd_t,shm,unix_read

Version-Release number of selected component:
selinux-policy-3.14.2-32.fc29.noarch

Additional info:
component:      selinux-policy
reporter:       libreport-2.9.5
hashmarkername: setroubleshoot
kernel:         4.18.5-300.fc29.x86_64
type:           libreport

Comment 1 phkoenig 2018-11-04 12:04:21 UTC
Description of problem:
A la première ouverture de session après la mise à jour en Fedora 29

Version-Release number of selected component:
selinux-policy-3.14.2-40.fc29.noarch

Additional info:
reporter:       libreport-2.9.6
hashmarkername: setroubleshoot
kernel:         4.18.16-300.fc29.x86_64
type:           libreport

Comment 2 Lukas Berk 2018-11-05 15:55:50 UTC
Fixed in upstream;

commit 4e637a8865ed17ea5cf5f7e46cc32eb33940a0d8 (HEAD -> master, origin/master, origin/HEAD)
Author: Lukas Berk <lberk@redhat.com>
Date:   Mon Nov 5 10:32:12 2018 -0500

    selinux: rhbz1626487 unix_read on gpsd_t:shm
    
    update policy package as well as qa

Comment 3 Fedora Update System 2018-11-16 10:24:50 UTC
pcp-4.2.0-1.fc29 has been submitted as an update to Fedora 29. https://bodhi.fedoraproject.org/updates/FEDORA-2018-3b0d7f7858

Comment 4 Fedora Update System 2018-11-16 10:25:55 UTC
pcp-4.2.0-1.fc28 has been submitted as an update to Fedora 28. https://bodhi.fedoraproject.org/updates/FEDORA-2018-ae612244a9

Comment 5 Fedora Update System 2018-11-16 10:26:47 UTC
pcp-4.2.0-1.fc27 has been submitted as an update to Fedora 27. https://bodhi.fedoraproject.org/updates/FEDORA-2018-8da69c3c21

Comment 6 Fedora Update System 2018-11-17 04:44:11 UTC
pcp-4.2.0-1.fc29 has been pushed to the Fedora 29 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-3b0d7f7858

Comment 7 Fedora Update System 2018-11-17 05:58:27 UTC
pcp-4.2.0-1.fc27 has been pushed to the Fedora 27 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-8da69c3c21

Comment 8 Fedora Update System 2018-11-17 06:39:28 UTC
pcp-4.2.0-1.fc28 has been pushed to the Fedora 28 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-ae612244a9

Comment 9 Fedora Update System 2018-11-28 02:21:49 UTC
pcp-4.2.0-1.fc27 has been pushed to the Fedora 27 stable repository. If problems still persist, please make note of it in this bug report.

Comment 10 Fedora Update System 2018-11-28 02:41:53 UTC
pcp-4.2.0-1.fc29 has been pushed to the Fedora 29 stable repository. If problems still persist, please make note of it in this bug report.

Comment 11 Fedora Update System 2018-11-28 02:45:33 UTC
pcp-4.2.0-1.fc28 has been pushed to the Fedora 28 stable repository. If problems still persist, please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.