Bug 2231731 - SELinux is preventing systemd-logind from 'getattr' accesses on the directory /dev/shm/slapd-CB-ETTLE-ORG-UK. [NEEDINFO]
Summary: SELinux is preventing systemd-logind from 'getattr' accesses on the directory...
Keywords:
Status: ASSIGNED
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy
Version: 38
Hardware: x86_64
OS: Unspecified
medium
unspecified
Target Milestone: ---
Assignee: Zdenek Pytela
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard: abrt_hash:66ff8f1ba829e2a95c40a150690...
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2023-08-13 16:39 UTC by James
Modified: 2023-08-14 08:59 UTC (History)
9 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:
Type: ---
Embargoed:
zpytela: needinfo? (james)


Attachments (Terms of Use)
File: description (2.00 KB, text/plain)
2023-08-13 16:39 UTC, James
no flags Details
File: os_info (688 bytes, text/plain)
2023-08-13 16:39 UTC, James
no flags Details

Description James 2023-08-13 16:39:09 UTC
Description of problem:
SELinux is preventing systemd-logind from 'getattr' accesses on the directory /dev/shm/slapd-CB-ETTLE-ORG-UK.

*****  Plugin catchall (100. confidence) suggests   **************************

If you believe that systemd-logind should be allowed getattr access on the slapd-CB-ETTLE-ORG-UK directory by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# ausearch -c 'systemd-logind' --raw | audit2allow -M my-systemdlogind
# semodule -X 300 -i my-systemdlogind.pp

Additional Information:
Source Context                system_u:system_r:systemd_logind_t:s0
Target Context                system_u:object_r:dirsrv_tmpfs_t:s0
Target Objects                /dev/shm/slapd-CB-ETTLE-ORG-UK [ dir ]
Source                        systemd-logind
Source Path                   systemd-logind
Port                          <Unknown>
Host                          (removed)
Source RPM Packages           
Target RPM Packages           
SELinux Policy RPM            selinux-policy-targeted-38.24-1.fc38.noarch
Local Policy RPM              selinux-policy-targeted-38.24-1.fc38.noarch
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Enforcing
Host Name                     (removed)
Platform                      Linux (removed) 6.4.9-200.fc38.x86_64 #1 SMP
                              PREEMPT_DYNAMIC Tue Aug 8 21:21:11 UTC 2023 x86_64
Alert Count                   21
First Seen                    2023-07-13 21:32:51 BST
Last Seen                     2023-08-13 17:37:13 BST
Local ID                      da62c706-b60c-4843-8b7e-c7a3681d4778

Raw Audit Messages
type=AVC msg=audit(1691944633.170:571): avc:  denied  { getattr } for  pid=1155 comm="systemd-logind" path="/dev/shm/slapd-CB-ETTLE-ORG-UK" dev="tmpfs" ino=2 scontext=system_u:system_r:systemd_logind_t:s0 tcontext=system_u:object_r:dirsrv_tmpfs_t:s0 tclass=dir permissive=0


Hash: systemd-logind,systemd_logind_t,dirsrv_tmpfs_t,dir,getattr

Version-Release number of selected component:
selinux-policy-targeted-38.24-1.fc38.noarch

Additional info:
reporter:       libreport-2.17.11
reason:         SELinux is preventing systemd-logind from 'getattr' accesses on the directory /dev/shm/slapd-CB-ETTLE-ORG-UK.
package:        selinux-policy-targeted-38.24-1.fc38.noarch
component:      selinux-policy
hashmarkername: setroubleshoot
type:           libreport
kernel:         6.4.9-200.fc38.x86_64
component:      selinux-policy

Comment 1 James 2023-08-13 16:39:12 UTC
Created attachment 1983198 [details]
File: description

Comment 2 James 2023-08-13 16:39:14 UTC
Created attachment 1983199 [details]
File: os_info

Comment 3 Zdenek Pytela 2023-08-14 08:59:35 UTC
James,

Can you share with us what has changed on your system and what is the triggering condition to get this denial?


Note You need to log in before you can comment on or make changes to this bug.