Description of problem: keepalived requires certain selinux permissions to work properly Version-Release number of selected component (if applicable): selinux-policy-3.14.4-12.fc31.noarch keepalived-2.0.12-1.fc30.x86_64 How reproducible: Steps to Reproduce: 1. dnf install keepalived 2. configure /etc/keepalived.conf test configuration vrrp_instance VI_1 { state MASTER interface eth0 virtual_router_id 51 priority 100 advert_int 1 authentication { auth_type PASS auth_pass 1234 } virtual_ipaddress { 10.0.0.15 } } 3. systemctl start keepalived Actual results: tem_r:keepalived_t:s0 tclass=netlink_connector_socket permissive=1 type=AVC msg=audit(1555843256.692:221): avc: denied { create } for pid=2415 comm="keepalived" scontext=system_u:system_r:keepalived_t:s0 tcontext=system_u:s ystem_r:keepalived_t:s0 tclass=netlink_connector_socket permissive=1 type=AVC msg=audit(1555843256.692:222): avc: denied { bind } for pid=2415 comm="keepalived" scontext=system_u:system_r:keepalived_t:s0 tcontext=system_u:sys tem_r:keepalived_t:s0 tclass=netlink_connector_socket permissive=1 Expected results: no avc denied error Additional info:
commit ec7fe75bc33ab662d1258c78b95a213f43e00d91 (HEAD -> rawhide) Author: Lukas Vrabec <lvrabec> Date: Tue Apr 23 12:54:27 2019 +0200 Allow keepalived_t domain to create and use netlink_connector sockets BZ(1701750)
(In reply to Lukas Vrabec from comment #1) > commit ec7fe75bc33ab662d1258c78b95a213f43e00d91 (HEAD -> rawhide) > Author: Lukas Vrabec <lvrabec> > Date: Tue Apr 23 12:54:27 2019 +0200 > > Allow keepalived_t domain to create and use netlink_connector sockets > BZ(1701750) Thank you. Note: Fedora 29 and 30 is also affected. Are you going to backport this to F29 and F30?
This bug appears to have been reported against 'rawhide' during the Fedora 31 development cycle. Changing version to '31'.
This bug appears to have been reported against 'rawhide' during the Fedora 31 development cycle. Changing version to 31.
FEDORA-2019-7ef1fde499 has been submitted as an update to Fedora 31. https://bodhi.fedoraproject.org/updates/FEDORA-2019-7ef1fde499
selinux-policy-3.14.4-38.fc31 has been pushed to the Fedora 31 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2019-7ef1fde499
FEDORA-2019-7d65c50fd6 has been submitted as an update to Fedora 31. https://bodhi.fedoraproject.org/updates/FEDORA-2019-7d65c50fd6
selinux-policy-3.14.4-39.fc31 has been pushed to the Fedora 31 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2019-7d65c50fd6
selinux-policy-3.14.4-39.fc31 has been pushed to the Fedora 31 stable repository. If problems still persist, please make note of it in this bug report.