Bug 206544 - SELinux breaks xfs after update
SELinux breaks xfs after update
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted (Show other bugs)
rawhide
All Linux
medium Severity medium
: ---
: ---
Assigned To: Daniel Walsh
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2006-09-14 19:06 EDT by W. Michael Petullo
Modified: 2007-11-30 17:11 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-09-18 15:13:59 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description W. Michael Petullo 2006-09-14 19:06:10 EDT
Description of problem:
I recently updated to the Rawhide targeted SELinux policy.  Since then, xfs will
not start properly.  Xfs and X11 starts fine when SELinux is in permissive mode.

Version-Release number of selected component (if applicable):
selinux-policy-targeted-2.3.13-3

How reproducible:
Every time

Steps to Reproduce:
Try to start X while SELinux is enforcing the targeted policy.
  
Actual results:
X does not start.  X complains that fonts are not available.  This is because
xfs did not start. 

Expected results:
Xfs and X should start.

Additional info:
I have tried relabeling my filesystem.

Audit log while SELinux enforcing the targeted policy:

type=AVC msg=audit(1158269934.981:69): avc:  denied  { dac_override } for 
pid=2522 comm="xfs" capability=1 scontext=root:system_r:xfs_t:s0
tcontext=root:system_r:xfs_t:s0 tclass=capability
type=SYSCALL msg=audit(1158269934.981:69): arch=40000003 syscall=5 success=no
exit=-13 a0=805c869 a1=42 a2=1b6 a3=805c869 items=0 ppid=2521 pid=2522 auid=0
uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="xfs"
exe="/usr/bin/xfs" subj=root:system_r:xfs_t:s0 key=(null)

Audit log while SELinux in permissive mode:

type=AVC msg=audit(1158269965.368:71): avc:  denied  { dac_override } for 
pid=2544 comm="xfs" capability=1 scontext=root:system_r:xfs_t:s0
tcontext=root:system_r:xfs_t:s0 tclass=capability
type=SYSCALL msg=audit(1158269965.368:71): arch=40000003 syscall=5 success=yes
exit=3 a0=805c869 a1=42 a2=1b6 a3=805c869 items=0 ppid=2543 pid=2544 auid=0
uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="xfs"
exe="/usr/bin/xfs" subj=root:system_r:xfs_t:s0 key=(null)
Comment 1 Daniel Walsh 2006-09-18 15:13:59 EDT
Fixed in selinux-policy-2.3.14-3
Comment 2 W. Michael Petullo 2006-09-21 20:04:31 EDT
Verified as fixed.  Thank you.

Note You need to log in before you can comment on or make changes to this bug.