1655813 – SELinux is preventing pmdalinux from unix_read access and 'getattr, associate' accesses

Bug 1655813 - SELinux is preventing pmdalinux from unix_read access and 'getattr, associate' accesses

Summary: SELinux is preventing pmdalinux from unix_read access and 'getattr, associate...

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	pcp
Sub Component:
Version:	29
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Assignee:	Nathan Scott
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2018-12-04 01:46 UTC by Louis van Dyk
Modified:	2019-03-05 04:56 UTC (History)
CC List:	11 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2019-03-05 04:56:17 UTC
Dependent Products:

Attachments	(Terms of Use)
Output of: ausearch -c 'pmdalinux' --raw (954.19 KB, text/plain) 2018-12-04 01:46 UTC, Louis van Dyk	no flags	Details
Add an attachment (proposed patch, testcase, etc.)

Description Louis van Dyk 2018-12-04 01:46:08 UTC

Created attachment 1511160 [details]
Output of:  ausearch -c 'pmdalinux' --raw

Description of problem:

After upgrading from F28 to F29 I am getting hundreds of SEAlerts.  The plugin line shows:

SELinux is preventing pmdalinux from 'getattr, associate' accesses on the shared memory labeled unconfined_service_t
SELinux is preventing pmdalinux from unix_read access on the shared memory labeled unconfined_service_t
SELinux is preventing pmdalinux from 'getattr, associate' accesses on the semaphore labeled initrc_t.
SELinux is preventing pmdalinux from unix_read access on the semaphore labeled initrc_t.

I haven't done anything to setup (or even install) pcp, which runs this pmdalinux.


Version-Release number of selected component (if applicable):
# rpm -q --whatprovides /var/lib/pcp/pmdas/linux/pmdalinux
pcp-4.2.0-1.fc29.x86_64

selinux-policy-3.14.2-42.fc29.noarch


How reproducible:
The error is constantly appearing


Steps to Reproduce:
1.  I guess upgrade from F28 to F29?
2.  Reboot


Actual results:
See attached output of   ausearch -c 'pmdalinux' --raw 

Expected results:
This didn't happen in F28 so it shouldn't happen now.

Additional info:

Additional Information:
Source Context                system_u:system_r:pcp_pmcd_t:s0
Target Context                system_u:system_r:initrc_t:s0
Target Objects                Unknown [ sem ]
Source                        pmdalinux
Source Path                   pmdalinux
      ... and ...
Additional Information:
Source Context                system_u:system_r:pcp_pmcd_t:s0
Target Context                system_u:system_r:unconfined_service_t:s0
Target Objects                Unknown [ shm ]
Source                        pmdalinux
Source Path                   pmdalinux

Comment 1 Lukas Vrabec 2018-12-12 15:35:48 UTC

This should be fixed with my fix in pcp upstream policy. 

https://github.com/wrabcak/pcp/commit/3e6e622a12d6bf80202e2446971ad531f2b4eea1

Comment 2 Louis van Dyk 2018-12-13 23:45:44 UTC

When will the above mentioned fix be available in the repo?

Comment 3 Lukas Berk 2018-12-17 15:39:29 UTC

Louis, PCP's next release is slated for Dec 21st, and this change will be included in that release as it ships.

Comment 4 Nathan Scott 2019-03-05 04:56:17 UTC

This is resolved by a recent PCP update (4.3.1)

Note You need to log in before you can comment on or make changes to this bug.