Bug 802508 - SELinux is preventing /usr/sbin/tmpwatch from 'read' accesses on the directory grub.
Summary: SELinux is preventing /usr/sbin/tmpwatch from 'read' accesses on the director...
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy
Version: 16
Hardware: i686
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Miroslav Grepl
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard: abrt_hash:89e0e8f0d602540b381672ea15d...
: 802500 (view as bug list)
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2012-03-12 17:19 UTC by Bill Davidsen
Modified: 2012-03-28 13:26 UTC (History)
3 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2012-03-28 13:26:55 UTC
Type: ---
Embargoed:


Attachments (Terms of Use)

Description Bill Davidsen 2012-03-12 17:19:11 UTC
libreport version: 2.0.8
executable:     /usr/bin/python
hashmarkername: setroubleshoot
kernel:         3.2.9-2.fc16.i686
reason:         SELinux is preventing /usr/sbin/tmpwatch from 'read' accesses on the directory grub.
time:           Mon 12 Mar 2012 01:18:51 PM EDT

description:
:SELinux is preventing /usr/sbin/tmpwatch from 'read' accesses on the directory grub.
:
:*****  Plugin catchall (100. confidence) suggests  ***************************
:
:If you believe that tmpwatch should be allowed read access on the grub directory by default.
:Then you should report this as a bug.
:You can generate a local policy module to allow this access.
:Do
:allow this access for now by executing:
:# grep tmpwatch /var/log/audit/audit.log | audit2allow -M mypol
:# semodule -i mypol.pp
:
:Additional Information:
:Source Context                system_u:system_r:tmpreaper_t:s0-s0:c0.c1023
:Target Context                system_u:object_r:boot_t:s0
:Target Objects                grub [ dir ]
:Source                        tmpwatch
:Source Path                   /usr/sbin/tmpwatch
:Port                          <Unknown>
:Host                          (removed)
:Source RPM Packages           tmpwatch-2.10.3-1.fc16.i686
:Target RPM Packages           
:Policy RPM                    selinux-policy-3.10.0-75.fc16.noarch
:Selinux Enabled               True
:Policy Type                   targeted
:Enforcing Mode                Enforcing
:Host Name                     (removed)
:Platform                      Linux (removed) 3.2.9-2.fc16.i686 #1
:                              SMP Mon Mar 5 21:12:36 UTC 2012 i686 i686
:Alert Count                   1
:First Seen                    Mon 12 Mar 2012 01:17:58 PM EDT
:Last Seen                     Mon 12 Mar 2012 01:17:58 PM EDT
:Local ID                      d481189b-01ed-457b-aaee-e499e824fff1
:
:Raw Audit Messages
:type=AVC msg=audit(1331572678.9:121): avc:  denied  { read } for  pid=6665 comm="tmpwatch" name="grub" dev=dm-0 ino=392476 scontext=system_u:system_r:tmpreaper_t:s0-s0:c0.c1023 tcontext=system_u:object_r:boot_t:s0 tclass=dir
:
:
:type=SYSCALL msg=audit(1331572678.9:121): arch=i386 syscall=openat success=no exit=EACCES a0=ffffff9c a1=804bf87 a2=98800 a3=0 items=0 ppid=6663 pid=6665 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=5 comm=tmpwatch exe=/usr/sbin/tmpwatch subj=system_u:system_r:tmpreaper_t:s0-s0:c0.c1023 key=(null)
:
:Hash: tmpwatch,tmpreaper_t,boot_t,dir,read
:
:audit2allow
:
:#============= tmpreaper_t ==============
:allow tmpreaper_t boot_t:dir read;
:
:audit2allow -R
:
:#============= tmpreaper_t ==============
:allow tmpreaper_t boot_t:dir read;
:

Comment 1 Daniel Walsh 2012-03-12 17:55:56 UTC
Did you mv content to /tmp?

 find /tmp -type d -context "*:boot_t:*"


Then remove the content?

Comment 2 Daniel Walsh 2012-03-12 17:56:30 UTC
*** Bug 802500 has been marked as a duplicate of this bug. ***

Comment 3 Bill Davidsen 2012-03-27 21:11:08 UTC
I did nothing with /tmp or content, this was one of a series of machines being installed on FC16 or upgraded to it. I don't see the machine name in the report, and I just forwarded the info by clicking the "report via bugzilla" in hopes it would be useful. If there's nothing in the info it sent I can't really tell from this which of MANY machines I did that week was the one, not did I bury you in reports from every one which had problems, I assume you have lots of stuff coming in.

If it's not useful feel free to close it, I did about 16 machines that week.

Comment 4 Miroslav Grepl 2012-03-28 13:26:55 UTC
Ok, let's close this one and reopen if this happens again. Thank you.


Note You need to log in before you can comment on or make changes to this bug.