Bug 1768951 - SELinux is preventing NetworkManager from 'write' accesses on the fifo_file /var/tmp/dracut.1CwfJY/systemd-cat.
Summary: SELinux is preventing NetworkManager from 'write' accesses on the fifo_file /...
Keywords:
Status: CLOSED DUPLICATE of bug 1750428
Alias: None
Product: Fedora
Classification: Fedora
Component: dracut
Version: 31
Hardware: x86_64
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: dracut-maint-list
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard: abrt_hash:afb851bf52067b5be08ad4fab61...
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2019-11-05 16:12 UTC by Enrique Meléndez
Modified: 2020-06-02 11:01 UTC (History)
23 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2020-06-02 11:01:09 UTC
Type: ---
Embargoed:


Attachments (Terms of Use)

Description Enrique Meléndez 2019-11-05 16:12:31 UTC
Description of problem:
On startup
SELinux is preventing NetworkManager from 'write' accesses on the fifo_file /var/tmp/dracut.1CwfJY/systemd-cat.

*****  Plugin catchall (100. confidence) suggests   **************************

If you believe that NetworkManager should be allowed write access on the systemd-cat fifo_file by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# ausearch -c 'NetworkManager' --raw | audit2allow -M my-NetworkManager
# semodule -X 300 -i my-NetworkManager.pp

Additional Information:
Source Context                system_u:system_r:NetworkManager_t:s0
Target Context                system_u:object_r:initrc_tmp_t:s0
Target Objects                /var/tmp/dracut.1CwfJY/systemd-cat [ fifo_file ]
Source                        NetworkManager
Source Path                   NetworkManager
Port                          <Unknown>
Host                          (removed)
Source RPM Packages           
Target RPM Packages           
Policy RPM                    <Unknown>
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Enforcing
Host Name                     (removed)
Platform                      Linux (removed) 5.3.7-301.fc31.x86_64 #1 SMP Mon
                              Oct 21 19:18:58 UTC 2019 x86_64 x86_64
Alert Count                   1
First Seen                    2019-11-05 17:04:28 CET
Last Seen                     2019-11-05 17:04:28 CET
Local ID                      a565b538-e2c6-4a79-9d21-166f894a6b69

Raw Audit Messages
type=AVC msg=audit(1572969868.388:208): avc:  denied  { write } for  pid=6790 comm="NetworkManager" path="/var/tmp/dracut.1CwfJY/systemd-cat" dev="dm-0" ino=655746 scontext=system_u:system_r:NetworkManager_t:s0 tcontext=system_u:object_r:initrc_tmp_t:s0 tclass=fifo_file permissive=0


Hash: NetworkManager,NetworkManager_t,initrc_tmp_t,fifo_file,write


Additional info:
component:      selinux-policy
reporter:       libreport-2.10.1
hashmarkername: setroubleshoot
kernel:         5.3.7-301.fc31.x86_64
type:           libreport

Comment 1 Lukas Vrabec 2019-11-05 18:49:20 UTC
Hi NetworkManager maintainers, 

Any idea why NetworkManager is writing to the "/var/tmp/dracut.1CwfJY/systemd-cat" ? If you answer and it's expected please move the component back to selinux-policy. 

Thanks,
Lukas.

Comment 2 Beniamino Galvani 2020-02-27 07:24:32 UTC
/var/tmp/dracut.1CwfJY/systemd-cat appears to be a fifo used for
logging in dracut. I'm not familiar with dracut internals but perhaps
NM is writing logging information to it through standard error or
through syslog. Reassigning to dracut maintainers so that they can
confirm what is going on and how to proceed about this.

Comment 3 Doncho Gunchev 2020-04-10 14:26:37 UTC
Similar problem has been detected:

Restarted the machine after dnf update.

hashmarkername: setroubleshoot
kernel:         5.5.15-200.fc31.x86_64
package:        selinux-policy-3.14.4-50.fc31.noarch
reason:         SELinux is preventing NetworkManager from 'write' accesses on the fifo_file /var/tmp/dracut.n2fbhR/systemd-cat.
type:           libreport

Comment 4 Martin Pitt 2020-06-02 11:01:09 UTC

*** This bug has been marked as a duplicate of bug 1750428 ***


Note You need to log in before you can comment on or make changes to this bug.