Hide Forgot
Created attachment 550945 [details] Audit log extract Description of problem: Some Matahari agents cannot access the file /etc/machine-id (which all Matahari agents need to read). Additionally, the network and sysconfig agents are failing to access something in /proc. Version-Release number of selected component (if applicable): 3.10.0-69.fc16 How reproducible: 100% Steps to Reproduce: 1. Install Matahari 2. Start the services matahari-broker, matahari-host, matahari-network, matahari-sysconfig (and matahari-service) 3. ausearch --start recent -m avc Actual results: Multiple AVC entries in the audit log. See attached. Expected results: No (related) AVC entries in the audit log. Additional info:
We should allow all matahari domains to check the network state and read etc_runtime_t files. a8d9f1ebccef4a1e7c79a0e0aeb1fbe3603aa2c7
Fixed in selinux-policy-3.10.0-72.fc16
selinux-policy-3.10.0-72.fc16 has been submitted as an update for Fedora 16. https://admin.fedoraproject.org/updates/selinux-policy-3.10.0-72.fc16
Package selinux-policy-3.10.0-72.fc16: * should fix your issue, * was pushed to the Fedora 16 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing selinux-policy-3.10.0-72.fc16' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2012-0639/selinux-policy-3.10.0-72.fc16 then log in and leave karma (feedback).
selinux-policy-3.10.0-72.fc16 has been pushed to the Fedora 16 stable repository. If problems still persist, please make note of it in this bug report.