Description of problem: Summary SELinux is preventing /usr/sbin/semodule (semanage_t) "read write" to socket (unconfined_t). Detailed Description SELinux denied access requested by /usr/sbin/semodule. It is not expected that this access is required by /usr/sbin/semodule and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Allowing Access You can generate a local policy module to allow this access - see http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385 Or you can disable SELinux protection altogether. Disabling SELinux protection is not recommended. Please file a http://bugzilla.redhat.com/bugzilla/enter_bug.cgi against this package. Additional Information Source Context system_u:system_r:semanage_t:s0 Target Context system_u:system_r:unconfined_t:s0 Target Objects socket [ tcp_socket ] Affected RPM Packages policycoreutils-2.0.33-3.fc8 [application] Policy RPM selinux-policy-3.0.8-74.fc8 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing Mode Enforcing Plugin Name plugins.catchall Host Name valent.oswireless Platform Linux valent.oswireless 2.6.23.9-85.fc8 #1 SMP Fri Dec 7 15:49:59 EST 2007 i686 i686 Alert Count 1 First Seen Mon 21 Jan 2008 10:27:08 PM CET Last Seen Mon 21 Jan 2008 10:27:08 PM CET Local ID 197495e2-243e-4d79-be89-ff8ac3bb38b6 Line Numbers Raw Audit Messages avc: denied { read write } for comm=semodule dev=sockfs egid=0 euid=0 exe=/usr/sbin/semodule exit=0 fsgid=0 fsuid=0 gid=0 items=0 path=socket:[182383] pid=605 scontext=system_u:system_r:semanage_t:s0 sgid=0 subj=system_u:system_r:semanage_t:s0 suid=0 tclass=tcp_socket tcontext=system_u:system_r:unconfined_t:s0 tty=(none) uid=0 Version-Release number of selected component (if applicable): How reproducible: Steps to Reproduce: 1. start fedora revisor and try to make live cd fased on F8 live cd 2. 3. Actual results: Expected results: Additional info:
Creating livecd images with SELinux in enforcing mode, does not currently work. The problem is you have a shared kernel and the act of creating the CD will load a different policy then the machine you are creating it on. So currently when you create a livecd, you need to put the machine in permissive mode, And will need to reboot when the machine is finished if you want to put the machine back in enforcing mode.
*** Bug 429682 has been marked as a duplicate of this bug. ***
*** Bug 429684 has been marked as a duplicate of this bug. ***
*** Bug 429685 has been marked as a duplicate of this bug. ***
*** Bug 429686 has been marked as a duplicate of this bug. ***
*** Bug 429687 has been marked as a duplicate of this bug. ***
*** Bug 429677 has been marked as a duplicate of this bug. ***
*** Bug 429683 has been marked as a duplicate of this bug. ***
I'll try create a fake SELinux policy - just for creation process of the live CD.
*** Bug 429676 has been marked as a duplicate of this bug. ***
This is now working in Rawhide, and is back ported to Fedora 9. With livecd from git repository Policy works, we are waiting for livecd packaged in rawhide and f9. Also requires -26 kernel for fedora 9.
livecd-tools for F9 has been pushed and rawhide is in git -- testers from git appreciated as more indicators to do a rawhide build. Worst case, I'll be doing one the end of next week for the alpha freeze
I have the same issue. When this happened I got all the error output from livecd-creator and I also saved the error messages from selinux troubleshooter. Let me know if you want me to include the info.
This is strange... the livecd works?!
This bug appears to have been reported against 'rawhide' during the Fedora 10 development cycle. Changing version to '10'. More information and reason for this action is here: http://fedoraproject.org/wiki/BugZappers/HouseKeeping
Closing out bug that's been in MODIFIED for a while.