Bug 220334 - Error SeLinux after startup
Error SeLinux after startup
Status: CLOSED DUPLICATE of bug 219606
Product: Fedora
Classification: Fedora
Component: irqbalance (Show other bugs)
6
i586 Linux
medium Severity medium
: ---
: ---
Assigned To: Neil Horman
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2006-12-20 09:41 EST by Vittorio Camilloni
Modified: 2007-11-30 17:11 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-12-20 10:54:49 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
dmesg file (17.34 KB, application/octet-stream)
2006-12-20 09:42 EST, Vittorio Camilloni
no flags Details

  None (edit)
Description Vittorio Camilloni 2006-12-20 09:41:59 EST
Description of problem:
Summary
    SELinux is preventing /usr/sbin/irqbalance (irqbalance_t) "search" access to
    net (proc_net_t).

Detailed Description
    SELinux denied access requested by /usr/sbin/irqbalance. It is not expected
    that this access is required by /usr/sbin/irqbalance and this access may
    signal an intrusion attempt. It is also possible that the specific version
    or configuration of the application is causing it to require additional
    access. Please file a http://bugzilla.redhat.com/bugzilla/enter_bug.cgi
    against this package.

Allowing Access
    Sometimes labeling problems can cause SELinux denials.  You could try to
    restore the default system file context for net, restorecon -v net. There is
    currently no automatic way to allow this access. Instead, you can generate a
    local policy module to allow this access - see http://fedora.redhat.com/docs
    /selinux-faq-fc5/#id2961385 - or you can disable SELinux protection entirely
    for the application. Disabling SELinux protection is not recommended. Please
    file a http://bugzilla.redhat.com/bugzilla/enter_bug.cgi against this
    package. Changing the "irqbalance_disable_trans" boolean to true will
    disable SELinux protection this application: "setsebool -P
    irqbalance_disable_trans=1."

    The following command will allow this access:
    setsebool -P irqbalance_disable_trans=1

Additional Information:       

Source Context:               system_u:system_r:irqbalance_t
Target Context:               system_u:object_r:proc_net_t
Target Objects:               net [ dir ]
Affected RPM Packages:        irqbalance-0.55-2.fc6 [application]
Policy RPM:                   selinux-policy-2.4.6-7.fc6
Selinux Enabled:              True
Policy Type:                  targeted
MLS Enabled:                  True
Enforcing Mode:               Enforcing
Plugin Name:                  plugins.disable_trans
Host Name:                    localhost.localdomain
Platform:                     Linux localhost.localdomain 2.6.18-1.2868.fc6 #1
SMP Fri Dec 15 17:31:29 EST 2006 i686 i686
Alert Count:                  65
Line Numbers:                 

Raw Audit Messages:           

avc: denied { search } for comm="irqbalance" dev=proc egid=0 euid=0
exe="/usr/sbin/irqbalance" exit=-13 fsgid=0 fsuid=0 gid=0 items=0 name="net"
pid=2324 scontext=system_u:system_r:irqbalance_t:s0 sgid=0
subj=system_u:system_r:irqbalance_t:s0 suid=0 tclass=dir
tcontext=system_u:object_r:proc_net_t:s0 tty=(none) uid=0 

_______________________________________________________________________________

I tried to disable as suggest in setroubleshoot browser but error remains.
Also I tried as FAQ procedure for create policy avcs but it's no working I
receive error:
 audit2allow -M local < /tmp/avcs
bash: /tmp/avcs: No such file or directory
Comment 1 Vittorio Camilloni 2006-12-20 09:42:00 EST
Created attachment 144104 [details]
dmesg  file
Comment 2 Neil Horman 2006-12-20 10:54:49 EST

*** This bug has been marked as a duplicate of 219606 ***

Note You need to log in before you can comment on or make changes to this bug.