Hide Forgot
libreport version: 2.0.8 executable: /usr/bin/python hashmarkername: setroubleshoot kernel: 3.3.0-0.rc5.git3.1.fc17.i686 reason: SELinux is preventing systemd-logind from using the 'signal' accesses on a process. time: Fri 02 Mar 2012 07:23:13 PM WIT description: :SELinux is preventing systemd-logind from using the 'signal' accesses on a process. : :***** Plugin catchall (100. confidence) suggests *************************** : :If you believe that systemd-logind should be allowed signal access on processes labeled initrc_t by default. :Then you should report this as a bug. :You can generate a local policy module to allow this access. :Do :allow this access for now by executing: :# grep systemd-logind /var/log/audit/audit.log | audit2allow -M mypol :# semodule -i mypol.pp : :Additional Information: :Source Context system_u:system_r:systemd_logind_t:s0 :Target Context system_u:system_r:initrc_t:s0 :Target Objects [ process ] :Source systemd-logind :Source Path systemd-logind :Port <Unknown> :Host (removed) :Source RPM Packages :Target RPM Packages :Policy RPM selinux-policy-3.10.0-95.fc17.noarch :Selinux Enabled True :Policy Type targeted :Enforcing Mode Enforcing :Host Name (removed) :Platform Linux (removed) 3.3.0-0.rc5.git3.1.fc17.i686 #1 : SMP Wed Feb 29 21:30:13 UTC 2012 i686 i686 :Alert Count 3 :First Seen Fri 02 Mar 2012 07:21:23 PM WIT :Last Seen Fri 02 Mar 2012 07:21:23 PM WIT :Local ID 28c996df-8709-4362-876d-4f0f3138af4d : :Raw Audit Messages :type=AVC msg=audit(1330690883.533:70): avc: denied { signal } for pid=603 comm="systemd-logind" scontext=system_u:system_r:systemd_logind_t:s0 tcontext=system_u:system_r:initrc_t:s0 tclass=process : : :Hash: systemd-logind,systemd_logind_t,initrc_t,process,signal : :audit2allowunable to open /sys/fs/selinux/policy: Permission denied : : :audit2allow -Runable to open /sys/fs/selinux/policy: Permission denied : :
What process is running as initrc_t? ps -eZ | grep initrc_t
(In reply to comment #1) > What process is running as initrc_t? > > ps -eZ | grep initrc_t I'm seeing this error, with some NetworKManager-dispatcher-triggered scripts running. They are shown by your ps command (as they are shell scripts written by me, for execution when a network interface comes up, I don't know their names are useful to you). Perhaps the selinux context / etc are wrong? > # ls -laZ /etc/NetworkManager/dispatcher.d/ | tail -2 > -rwxr-xr-x. root root system_u:object_r:NetworkManager_initrc_exec_t:s0 20-chrony > -rwxr--r--. root root unconfined_u:object_r:NetworkManager_initrc_exec_t:s0 50-martin-nm-dispatcher-mobile
No they are ok, since we have no idea what these scripts are going to do, we run them as initrc_t, which is an unconfined process. I just added rules to F18 to allow this access, and Miroslav will probably backport them into selinux-policy-3.10.0-130.fc17