1662983 – SELinux denies mount for "tracefs" to pmlogger

Bug 1662983 - SELinux denies mount for "tracefs" to pmlogger

Summary: SELinux denies mount for "tracefs" to pmlogger

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	selinux-policy
Sub Component:
Version:	29
Hardware:	Unspecified
OS:	Unspecified
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Lukas Vrabec
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2019-01-02 16:04 UTC by Katerina Koukiou
Modified:	2019-01-17 02:16 UTC (History)
CC List:	5 users (show)
Fixed In Version:	selinux-policy-3.14.2-46.fc29
Clone Of:
Environment:
Last Closed:	2019-01-17 02:16:31 UTC
Type:	Bug
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Katerina Koukiou 2019-01-02 16:04:39 UTC

Description of problem: Similar to bug 1662441 and 1662866, a recent pcp and/or SELinux update now started to throw these violations with pcp:

audit: type=1400 audit(1546422872.804:524): avc:  denied  { mount } for  pid=1375 comm="find" name="/" dev="tracefs" ino=1 scontext=system_u:system_r:pcp_pmlogger_t:s0 tcontext=system_u:object_r:tracefs_t:s0 tclass=filesystem permissive=0

Version-Release number of selected component (if applicable):

selinux-policy 3.14.2-44.fc29
pcp 4.3.0-1.fc29

How reproducible: Always


Steps to Reproduce:
1. Install and enable PCP, reboot

Comment 1 Lukas Vrabec 2019-01-09 11:58:24 UTC

commit d8ef17fa357af8e8c2c41fc268b4eb81415f75c7 (HEAD -> rawhide)
Author: Lukas Vrabec <lvrabec>
Date:   Wed Jan 9 12:57:47 2019 +0100

    Allow pcp_pmlogger_t to mount tracefs_t filesystem BZ(1662983

Comment 2 Fedora Update System 2019-01-13 15:44:46 UTC

selinux-policy-3.14.2-46.fc29 has been submitted as an update to Fedora 29. https://bodhi.fedoraproject.org/updates/FEDORA-2019-6a20cfef61

Comment 3 Fedora Update System 2019-01-14 03:03:02 UTC

selinux-policy-3.14.2-46.fc29 has been pushed to the Fedora 29 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2019-6a20cfef61

Comment 4 Fedora Update System 2019-01-17 02:16:31 UTC

selinux-policy-3.14.2-46.fc29 has been pushed to the Fedora 29 stable repository. If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.