Hide Forgot
Description of problem: There are +45000 SELinux errors about boinc_client trying to read fifo_file and growing many more each second. SELinux is preventing /usr/bin/boinc_client from read access on the fifo_file fifo_file. ***** Plugin catchall (100. confidence) suggests *************************** If you believe that boinc_client should be allowed read access on the fifo_file fifo_file by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # grep boinc_client /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Version-Release number of selected component (if applicable): selinux-policy-3.10.0-67.fc16.noarch selinux-policy-targeted-3.10.0-67.fc16.noarch boinc-client-6.12.35-1.r24014svn.fc16.x86_64 How reproducible: Just start the service and thousands of errors happen. Steps to Reproduce: 1. systemctl start boinc-client.service Actual results: The Boinc service doesn't work and many errors per second happen. Expected results: No errors and a functional service. Additional info: It was working without problems until today
More verbose output: SELinux is preventing /usr/bin/boinc_client from 'read' accesses on the fifo_file fifo_file. ***** Plugin catchall (100. confidence) suggests *************************** If cree que de manera predeterminada, boinc_client debería permitir acceso read sobre fifo_file fifo_file. Then debería reportar esto como un error. Puede generar un módulo de política local para permitir este acceso. Do permita el acceso momentáneamente executando: # grep boinc_client /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context system_u:system_r:boinc_t:s0 Target Context system_u:system_r:boinc_t:s0 Target Objects fifo_file [ fifo_file ] Source boinc_client Source Path /usr/bin/boinc_client Port <Desconocido> Host (removed) Source RPM Packages Target RPM Packages Policy RPM selinux-policy-3.10.0-67.fc16 Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 3.1.6-1.fc16.x86_64 #1 SMP Wed Dec 21 22:41:17 UTC 2011 x86_64 x86_64 Alert Count 70324 First Seen dom 25 dic 2011 13:27:33 CET Last Seen dom 25 dic 2011 20:35:51 CET Local ID 244f4ccb-3b35-49cb-86a0-ce9ddd253433 Raw Audit Messages type=AVC msg=audit(1324841751.395:4679143): avc: denied { read } for pid=16757 comm="boinc_client" path="pipe:[78227]" dev=pipefs ino=78227 scontext=system_u:system_r:boinc_t:s0 tcontext=system_u:system_r:boinc_t:s0 tclass=fifo_file Hash: boinc_client,boinc_t,boinc_t,fifo_file,read audit2allow #============= boinc_t ============== allow boinc_t self:fifo_file read; audit2allow -R #============= boinc_t ============== allow boinc_t self:fifo_file read;
*** This bug has been marked as a duplicate of bug 770148 ***