Bug 1767184 - denied { create } for pid=12870 comm="collectd" scontext=system_u:system_r:collectd_t:s0 tcontext=system_u:system_r:collectd_t:s0 tclass=netlink_generic_socket
Summary: denied { create } for pid=12870 comm="collectd" scontext=system_u:system_r:...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy
Version: 31
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Lukas Vrabec
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2019-10-30 21:17 UTC by Adam Williamson
Modified: 2019-11-13 10:05 UTC (History)
5 users (show)

Fixed In Version: selinux-policy-3.14.4-40.fc31
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2019-11-13 10:05:53 UTC
Type: Bug
Embargoed:


Attachments (Terms of Use)

Description Adam Williamson 2019-10-30 21:17:18 UTC
See summary :)

denied  { create } for  pid=12870 comm="collectd" scontext=system_u:system_r:collectd_t:s0 tcontext=system_u:system_r:collectd_t:s0 tclass=netlink_generic_socket

this happens when starting collectd on F31 (possibly depending on collectd config, I'm seeing it on infra hosts). It seems associated with this error in the collectd log:

collectd[12870]: utils_taskstats: mnl_socket_open(NETLINK_GENERIC) = Permission denied

Comment 1 Lukas Vrabec 2019-10-30 22:03:46 UTC
commit 787fa45a8ceadb5e77e59b9ed4fbf899a4b23064 (HEAD -> rawhide)
Author: Lukas Vrabec <lvrabec>
Date:   Wed Oct 30 23:03:19 2019 +0100

    Allow collectd_t domain to create netlink_generic_socket sockets

Comment 2 Fedora Update System 2019-11-03 14:09:07 UTC
FEDORA-2019-aec8f7ab50 has been submitted as an update to Fedora 31. https://bodhi.fedoraproject.org/updates/FEDORA-2019-aec8f7ab50

Comment 3 Fedora Update System 2019-11-04 02:18:47 UTC
selinux-policy-3.14.4-40.fc31 has been pushed to the Fedora 31 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2019-aec8f7ab50

Comment 4 Fedora Update System 2019-11-13 10:05:53 UTC
selinux-policy-3.14.4-40.fc31 has been pushed to the Fedora 31 stable repository. If problems still persist, please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.