Bug 797437 - SELinux is preventing /usr/lib64/virtualbox/VirtualBox from read, open access on the fichier VirtualBox.
Summary: SELinux is preventing /usr/lib64/virtualbox/VirtualBox from read, open access...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy
Version: 16
Hardware: x86_64
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Miroslav Grepl
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard: abrt_hash:8e96141e17e2ec5f6c0b40821e2...
: 798392 798393 798394 798396 (view as bug list)
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2012-02-25 20:05 UTC by Pascal94
Modified: 2012-04-22 03:36 UTC (History)
3 users (show)

Fixed In Version: selinux-policy-3.10.0-84.fc16
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2012-04-22 03:36:46 UTC
Type: ---


Attachments (Terms of Use)

Description Pascal94 2012-02-25 20:05:24 UTC
libreport version: 2.0.8
executable:     /usr/bin/python
hashmarkername: setroubleshoot
kernel:         3.2.7-1.fc16.x86_64
reason:         SELinux is preventing /usr/lib64/virtualbox/VirtualBox from read, open access on the fichier VirtualBox.
time:           sam. 25 févr. 2012 21:05:14 CET

description:
:SELinux is preventing /usr/lib64/virtualbox/VirtualBox from read, open access on the fichier VirtualBox.
:
:*****  Plugin catchall (100. confidence) suggests  ***************************
:
:If you believe that VirtualBox should be allowed read open access on the VirtualBox file by default.
:Then you should report this as a bug.
:You can generate a local policy module to allow this access.
:Do
:allow this access for now by executing:
:# grep VirtualBox /var/log/audit/audit.log | audit2allow -M mypol
:# semodule -i mypol.pp
:
:Additional Information:
:Source Context                system_u:system_r:boinc_project_t:s0
:Target Context                system_u:object_r:execmem_exec_t:s0
:Target Objects                VirtualBox [ file ]
:Source                        VirtualBox
:Source Path                   /usr/lib64/virtualbox/VirtualBox
:Port                          <Inconnu>
:Host                          (removed)
:Source RPM Packages           VirtualBox-OSE-4.1.8-2.fc16.x86_64
:Target RPM Packages           
:Policy RPM                    selinux-policy-3.10.0-75.fc16.noarch
:Selinux Enabled               True
:Policy Type                   targeted
:Enforcing Mode                Enforcing
:Host Name                     (removed)
:Platform                      Linux CM-ELITE-341 3.2.7-1.fc16.x86_64 #1 SMP Tue
:                              Feb 21 01:40:47 UTC 2012 x86_64 x86_64
:Alert Count                   2
:First Seen                    sam. 25 févr. 2012 19:56:25 CET
:Last Seen                     sam. 25 févr. 2012 20:32:27 CET
:Local ID                      c56507f6-4ea3-40b3-a8f3-072b9a4dfeb5
:
:Raw Audit Messages
:type=AVC msg=audit(1330198347.402:225): avc:  denied  { read open } for  pid=3699 comm="VBoxSVC" name="VirtualBox" dev=sda1 ino=403046 scontext=system_u:system_r:boinc_project_t:s0 tcontext=system_u:object_r:execmem_exec_t:s0 tclass=file
:
:
:type=AVC msg=audit(1330198347.402:225): avc:  denied  { execute_no_trans } for  pid=3699 comm="VBoxSVC" path="/usr/lib64/virtualbox/VirtualBox" dev=sda1 ino=403046 scontext=system_u:system_r:boinc_project_t:s0 tcontext=system_u:object_r:execmem_exec_t:s0 tclass=file
:
:
:type=SYSCALL msg=audit(1330198347.402:225): arch=x86_64 syscall=execve success=yes exit=0 a0=7fe85e41d740 a1=7fe85e41d690 a2=7fffbb672320 a3=7fe8602ae7f8 items=0 ppid=3410 pid=3699 auid=4294967295 uid=993 gid=990 euid=0 suid=0 fsuid=0 egid=990 sgid=990 fsgid=990 tty=(none) ses=4294967295 comm=VirtualBox exe=/usr/lib64/virtualbox/VirtualBox subj=system_u:system_r:boinc_project_t:s0 key=(null)
:
:Hash: VirtualBox,boinc_project_t,execmem_exec_t,file,read,open
:
:audit2allow
:
:#============= boinc_project_t ==============
:#!!!! This avc is allowed in the current policy
:
:allow boinc_project_t execmem_exec_t:file { read open execute_no_trans };
:
:audit2allow -R
:
:#============= boinc_project_t ==============
:#!!!! This avc is allowed in the current policy
:
:allow boinc_project_t execmem_exec_t:file { read open execute_no_trans };
:

Comment 1 Miroslav Grepl 2012-02-27 09:07:18 UTC
Did you change a label for

/usr/lib64/virtualbox/VirtualBox

Comment 2 Pascal94 2012-02-27 17:35:28 UTC
No, I didn't change anything. Just installer VirtualBox, and try to work on the Test4Theory Boinc project.

I uninstaller VirtualBox, and Installed it again as described on the fedora Wiki.

All my workunits go to crash after 45 seconds maximum.

here are my workunits : http://lhcathome2.cern.ch/test4theory/results.php?hostid=14878

Comment 3 Miroslav Grepl 2012-02-29 11:25:32 UTC
*** Bug 798392 has been marked as a duplicate of this bug. ***

Comment 4 Miroslav Grepl 2012-02-29 11:25:37 UTC
*** Bug 798393 has been marked as a duplicate of this bug. ***

Comment 5 Miroslav Grepl 2012-02-29 11:25:41 UTC
*** Bug 798394 has been marked as a duplicate of this bug. ***

Comment 6 Miroslav Grepl 2012-02-29 11:25:47 UTC
*** Bug 798396 has been marked as a duplicate of this bug. ***

Comment 7 Miroslav Grepl 2012-02-29 11:27:31 UTC
Ah, you are right. This on F16 machine

/usr/lib/virtualbox/VirtualBox  --  gen_context(system_u:object_r:execmem_exec_t,s0)

Comment 8 Miroslav Grepl 2012-03-16 11:18:28 UTC
Fixed in selinux-policy-3.10.0-81.fc16 for now.

Comment 9 Fedora Update System 2012-04-18 12:54:37 UTC
selinux-policy-3.10.0-84.fc16 has been submitted as an update for Fedora 16.
https://admin.fedoraproject.org/updates/selinux-policy-3.10.0-84.fc16

Comment 10 Fedora Update System 2012-04-22 03:36:46 UTC
selinux-policy-3.10.0-84.fc16 has been pushed to the Fedora 16 stable repository.  If problems still persist, please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.