Bug 1648636 - SELinux is preventing systemd-user-ru from 'rmdir' accesses on the katalog services.
Summary: SELinux is preventing systemd-user-ru from 'rmdir' accesses on the katalog se...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy
Version: 29
Hardware: x86_64
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Lukas Vrabec
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard: abrt_hash:93136792764be207e7114437015...
: 1648933 (view as bug list)
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2018-11-11 10:02 UTC by gruszczynskit
Modified: 2018-12-14 20:41 UTC (History)
7 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2018-12-11 17:04:09 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)

Description gruszczynskit 2018-11-11 10:02:41 UTC 
Description of problem:
SELinux is preventing systemd-user-ru from 'rmdir' accesses on the katalog services.

*****  Plugin catchall (100. confidence) suggests   **************************

Aby systemd-user-ru powinno mieć domyślnie rmdir dostęp do services directory.
Then proszę to zgłosić jako błąd.
Można utworzyć lokalny moduł polityki, aby umożliwić ten dostęp.
Do
można tymczasowo zezwolić na ten dostęp wykonując polecenia:
# ausearch -c 'systemd-user-ru' --raw | audit2allow -M my-systemduserru
# semodule -X 300 -i my-systemduserru.pp

Additional Information:
Source Context                system_u:system_r:systemd_logind_t:s0
Target Context                unconfined_u:object_r:tmpfs_t:s0
Target Objects                services [ dir ]
Source                        systemd-user-ru
Source Path                   systemd-user-ru
Port                          <Nieznane>
Host                          (removed)
Source RPM Packages           
Target RPM Packages           
Policy RPM                    selinux-policy-3.14.2-42.fc29.noarch
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Enforcing
Host Name                     (removed)
Platform                      Linux (removed) 4.18.16-300.fc29.x86_64 #1 SMP Sat
                              Oct 20 23:24:08 UTC 2018 x86_64 x86_64
Alert Count                   1
First Seen                    2018-11-11 10:55:02 CET
Last Seen                     2018-11-11 10:55:02 CET
Local ID                      9a0877b2-f735-44bc-9a23-e10ab16245d0

Raw Audit Messages
type=AVC msg=audit(1541930102.276:493): avc:  denied  { rmdir } for  pid=18481 comm="systemd-user-ru" name="services" dev="tmpfs" ino=37149 scontext=system_u:system_r:systemd_logind_t:s0 tcontext=unconfined_u:object_r:tmpfs_t:s0 tclass=dir permissive=0


Hash: systemd-user-ru,systemd_logind_t,tmpfs_t,dir,rmdir

Version-Release number of selected component:
selinux-policy-3.14.2-42.fc29.noarch

Additional info:
component:      selinux-policy
reporter:       libreport-2.9.6
hashmarkername: setroubleshoot
kernel:         4.18.17-300.fc29.x86_64
type:           libreport
Comment 1 flaviohenriquedesousaribeiro 2018-11-12 13:43:50 UTC 
*** Bug 1648933 has been marked as a duplicate of this bug. ***
Comment 2 Lukas Vrabec 2018-11-22 10:03:07 UTC 
commit 26f96dfe0800dbec3af4b6fce5b223cda91e7a09 (HEAD -> rawhide)
Author: Lukas Vrabec <lvrabec>
Date:   Thu Nov 22 10:59:38 2018 +0100

    Allow systemd_logind_t domain to remove directories labeled as tmpfs_t
    BZ(1648636)
Comment 3 Fedora Update System 2018-12-07 15:36:13 UTC 
selinux-policy-3.14.2-44.fc29 has been submitted as an update to Fedora 29. https://bodhi.fedoraproject.org/updates/FEDORA-2018-0eac5b1bd7
Comment 4 Randy Barlow 2018-12-11 17:04:09 UTC 
A Fedora update associated with this bug has been pushed to the stable repository.
Comment 5 Randy Barlow 2018-12-14 20:41:19 UTC 
A Fedora update associated with this bug has been pushed to the stable repository.
Note You need to log in before you can comment on or make changes to this bug.