Bug 2223788 - mkfs was denied mounton access on /proc/1018/mounts when starting systemd-zram-setup during boot
Summary: mkfs was denied mounton access on /proc/1018/mounts when starting systemd-zra...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy
Version: 38
Hardware: Unspecified
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Zdenek Pytela
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2023-07-18 23:07 UTC by Matt Fagnani
Modified: 2023-08-01 02:49 UTC (History)
8 users (show)

Fixed In Version: selinux-policy-38.22-1.fc38
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2023-08-01 02:49:25 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github fedora-selinux selinux-policy pull 1790 0 None open Allow fsadm_t the file mounton permission 2023-07-19 14:27:32 UTC

Description Matt Fagnani 2023-07-18 23:07:39 UTC 
I booted Fedora-KDE-Live-x86_64-Rawhide-20230718.n.0.iso in a GNOME Boxes QEMU/KVM VM on a Fedora 38 KDE Plasma installation. mkfs was denied mounton access on /proc/1018/mounts when starting systemd-zram-setup during boot according to the journal.

Jul 18 18:32:13 systemd[1]: Found device dev-zram0.device - /dev/zram0.
Jul 18 18:32:14 systemd[1]: Starting systemd-zram-setup - Create swap on /dev/zram0...
Jul 18 18:32:14 kernel: zram0: detected capacity change from 0 to 5883904
Jul 18 18:32:14 kernel: audit: type=1400 audit(1689719534.077:9): avc:  denied  { mounton } for  pid=1018 comm="(mkfs)" path="/proc/1018/mounts" dev="proc" ino=21787 scontext=system_u:system_r:fsadm_t:s0 tcontext=system_u:system_r:fsadm_t:s0 tclass=file permissive=0
Jul 18 18:32:14 systemd-makefs[1011]: /dev/zram0 successfully formatted as swap (label "zram0", uuid a88fae4b-6e0f-4866-a680-2106f0555fe6)
Jul 18 18:32:14 systemd[1]: Finished systemd-zram-setup - Create swap on /dev/zram0.
Jul 18 18:32:14 systemd[1]: Activating swap dev-zram0.swap - Compressed Swap on /dev/zram0...
Jul 18 18:32:14 kernel: Adding 2941948k swap on /dev/zram0.  Priority:100 extents:1 across:2941948k SSDscFS
Jul 18 18:32:14 systemd[1]: Activated swap dev-zram0.swap - Compressed Swap on /dev/zram0.
Jul 18 18:32:14 systemd[1]: Reached target swap.target - Swaps.

The denial also happened when I ran sudo systemctl restart systemd-zram-setup in Konsole.


Reproducible: Always

Steps to Reproduce:
1. boot Fedora-KDE-Live-x86_64-Rawhide-20230718.n.0.iso https://koji.fedoraproject.org/koji/buildinfo?buildID=2234366 in a GNOME Boxes QEMU/KVM VM on a Fedora 38 KDE Plasma installation.
2.
3.
Actual Results:  
mkfs was denied mounton access on /proc/1018/mounts when starting systemd-zram-setup during boot

Expected Results:  
No denial should have happened.

systemd-254~rc2-4.fc39.x86_64 and kernel-6.5.0-0.rc2.17.fc39.x86_64 were in use. The denial might be related to some change in systemd 254
Comment 1 Fedora Update System 2023-07-25 17:23:38 UTC 
FEDORA-2023-0b46b767d3 has been submitted as an update to Fedora 38. https://bodhi.fedoraproject.org/updates/FEDORA-2023-0b46b767d3
Comment 2 Fedora Update System 2023-07-26 02:09:56 UTC 
FEDORA-2023-0b46b767d3 has been pushed to the Fedora 38 testing repository.
Soon you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2023-0b46b767d3`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2023-0b46b767d3

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
Comment 3 Fedora Update System 2023-08-01 02:49:25 UTC 
FEDORA-2023-0b46b767d3 has been pushed to the Fedora 38 stable repository.
If problem still persists, please make note of it in this bug report.
Note You need to log in before you can comment on or make changes to this bug.