Bug 1655813 - SELinux is preventing pmdalinux from unix_read access and 'getattr, associate' accesses
Summary: SELinux is preventing pmdalinux from unix_read access and 'getattr, associate...
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Fedora
Classification: Fedora
Component: pcp
Version: 29
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Nathan Scott
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2018-12-04 01:46 UTC by Louis van Dyk
Modified: 2019-03-05 04:56 UTC (History)
11 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2019-03-05 04:56:17 UTC
Type: Bug

Attachments (Terms of Use)
Output of: ausearch -c 'pmdalinux' --raw (954.19 KB, text/plain)
2018-12-04 01:46 UTC, Louis van Dyk 		no flags Details
Add an attachment (proposed patch, testcase, etc.)

Description Louis van Dyk 2018-12-04 01:46:08 UTC 
Created attachment 1511160 [details]
Output of:  ausearch -c 'pmdalinux' --raw

Description of problem:

After upgrading from F28 to F29 I am getting hundreds of SEAlerts.  The plugin line shows:

SELinux is preventing pmdalinux from 'getattr, associate' accesses on the shared memory labeled unconfined_service_t
SELinux is preventing pmdalinux from unix_read access on the shared memory labeled unconfined_service_t
SELinux is preventing pmdalinux from 'getattr, associate' accesses on the semaphore labeled initrc_t.
SELinux is preventing pmdalinux from unix_read access on the semaphore labeled initrc_t.

I haven't done anything to setup (or even install) pcp, which runs this pmdalinux.


Version-Release number of selected component (if applicable):
# rpm -q --whatprovides /var/lib/pcp/pmdas/linux/pmdalinux
pcp-4.2.0-1.fc29.x86_64

selinux-policy-3.14.2-42.fc29.noarch


How reproducible:
The error is constantly appearing


Steps to Reproduce:
1.  I guess upgrade from F28 to F29?
2.  Reboot


Actual results:
See attached output of   ausearch -c 'pmdalinux' --raw 

Expected results:
This didn't happen in F28 so it shouldn't happen now.

Additional info:

Additional Information:
Source Context                system_u:system_r:pcp_pmcd_t:s0
Target Context                system_u:system_r:initrc_t:s0
Target Objects                Unknown [ sem ]
Source                        pmdalinux
Source Path                   pmdalinux
      ... and ...
Additional Information:
Source Context                system_u:system_r:pcp_pmcd_t:s0
Target Context                system_u:system_r:unconfined_service_t:s0
Target Objects                Unknown [ shm ]
Source                        pmdalinux
Source Path                   pmdalinux
Comment 1 Lukas Vrabec 2018-12-12 15:35:48 UTC 
This should be fixed with my fix in pcp upstream policy. 

https://github.com/wrabcak/pcp/commit/3e6e622a12d6bf80202e2446971ad531f2b4eea1
Comment 2 Louis van Dyk 2018-12-13 23:45:44 UTC 
When will the above mentioned fix be available in the repo?
Comment 3 Lukas Berk 2018-12-17 15:39:29 UTC 
Louis, PCP's next release is slated for Dec 21st, and this change will be included in that release as it ships.
Comment 4 Nathan Scott 2019-03-05 04:56:17 UTC 
This is resolved by a recent PCP update (4.3.1)
Note You need to log in before you can comment on or make changes to this bug.