Bug 671596 – SELinux is preventing systemd-readahe from 'write' accesses on the file /sbin/auditctl.

Bug 671596 - SELinux is preventing systemd-readahe from 'write' accesses on the file /sbin/auditctl.

Summary:	SELinux is preventing systemd-readahe from 'write' accesses on the file /sbin...

Status:	CLOSED DUPLICATE of bug 669672

Aliases:	None

Product:	Fedora
Classification:	Fedora
Component:	selinux-policy (Show other bugs)
Sub Component:
Version:	rawhide
Hardware:	x86_64 Linux

Priority	unspecified Severity medium
Target Milestone:	---
Target Release:	---
Assigned To:	Miroslav Grepl
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:

URL:
Whiteboard:	setroubleshoot_trace_hash:122c58c88e4...
Keywords:

Depends On:
Blocks:
	Show dependency tree / graph

Reported:	2011-01-21 20:15 EST by satellitgo
Modified:	2011-01-24 04:10 EST (History)
CC List:	3 users (show)

See Also:
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Story Points:	---
Clone Of:
Environment:
Last Closed:	2011-01-24 04:10:59 EST
Type:	---
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Groups: None (edit)

Description satellitgo 2011-01-21 20:15:00 EST

SELinux is preventing systemd-readahe from 'write' accesses on the file /sbin/auditctl.

*****  Plugin catchall (100. confidence) suggests  ***************************

If you believe that systemd-readahe should be allowed write access on the auditctl file by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# grep systemd-readahe /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp

Additional Information:
Source Context                system_u:system_r:readahead_t:s0
Target Context                system_u:object_r:auditctl_exec_t:s0
Target Objects                /sbin/auditctl [ file ]
Source                        systemd-readahe
Source Path                   systemd-readahe
Port                          <Unknown>
Host                          (removed)
Source RPM Packages           
Target RPM Packages           audit-2.0.5-2.fc15
Policy RPM                    selinux-policy-3.9.13-3.fc15
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Permissive
Host Name                     (removed)
Platform                      Linux (removed) 2.6.37-2.fc15.x86_64
                              #1 SMP Fri Jan 7 14:57:36 UTC 2011 x86_64 x86_64
Alert Count                   1
First Seen                    Sat 22 Jan 2011 01:12:32 AM EST
Last Seen                     Sat 22 Jan 2011 01:12:32 AM EST
Local ID                      60a04912-8a53-4552-99c1-62fabec74d1c

Raw Audit Messages
type=AVC msg=audit(1295676752.843:99): avc:  denied  { write } for  pid=343 comm="systemd-readahe" path="/sbin/auditctl" dev=dm-0 ino=18395 scontext=system_u:system_r:readahead_t:s0 tcontext=system_u:object_r:auditctl_exec_t:s0 tclass=file


Hash: systemd-readahe,readahead_t,auditctl_exec_t,file,write

audit2allow

#============= readahead_t ==============
allow readahead_t auditctl_exec_t:file write;

audit2allow -R

#============= readahead_t ==============
allow readahead_t auditctl_exec_t:file write;

Comment 1 satellitgo 2011-01-21 20:22:44 EST

1 0f 66 bugs reported on boot up of soas x86-2110121 in Virtualbox4. 64 bit
I only reported this one on bugzilla

Soas only boots to openbox grey screen with right click menus
log out goes to Live User login screen
on login goes to same screen

Comment 2 Miroslav Grepl 2011-01-24 04:10:59 EST


*** This bug has been marked as a duplicate of bug 669672 ***

Note You need to log in before you can comment on or make changes to this bug.