Bug 809228 - SELinux is preventing /bin/systemd-tmpfiles from 'getattr' accesses on the sock_file /run/lirc/lircd.
SELinux is preventing /bin/systemd-tmpfiles from 'getattr' accesses on the so...
Status: CLOSED ERRATA
Product: Fedora
Classification: Fedora
Component: selinux-policy (Show other bugs)
16
x86_64 Unspecified
unspecified Severity unspecified
: ---
: ---
Assigned To: Miroslav Grepl
Fedora Extras Quality Assurance
abrt_hash:d18b63968060a5182519155c362...
:
: 809157 (view as bug list)
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2012-04-02 15:12 EDT by czenda1985
Modified: 2012-04-21 23:38 EDT (History)
4 users (show)

See Also:
Fixed In Version: selinux-policy-3.10.0-84.fc16
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2012-04-21 23:38:19 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description czenda1985 2012-04-02 15:12:02 EDT
libreport version: 2.0.8
executable:     /usr/bin/python
hashmarkername: setroubleshoot
kernel:         3.3.0-8.fc16.x86_64
reason:         SELinux is preventing /bin/systemd-tmpfiles from 'getattr' accesses on the sock_file /run/lirc/lircd.
time:           Po 2. duben 2012, 21:11:47 CEST

description:
:SELinux is preventing /bin/systemd-tmpfiles from 'getattr' accesses on the sock_file /run/lirc/lircd.
:
:*****  Plugin catchall (100. confidence) suggests  ***************************
:
:If you believe that systemd-tmpfiles should be allowed getattr access on the lircd sock_file by default.
:Then you should report this as a bug.
:You can generate a local policy module to allow this access.
:Do
:allow this access for now by executing:
:# grep systemd-tmpfile /var/log/audit/audit.log | audit2allow -M mypol
:# semodule -i mypol.pp
:
:Additional Information:
:Source Context                system_u:system_r:systemd_tmpfiles_t:s0
:Target Context                system_u:object_r:lircd_var_run_t:s0
:Target Objects                /run/lirc/lircd [ sock_file ]
:Source                        systemd-tmpfile
:Source Path                   /bin/systemd-tmpfiles
:Port                          <Neznámé>
:Host                          (removed)
:Source RPM Packages           systemd-units-37-17.fc16.x86_64
:Target RPM Packages           lirc-0.9.0-7.fc16.x86_64
:Policy RPM                    selinux-policy-3.10.0-80.fc16.noarch
:Selinux Enabled               True
:Policy Type                   targeted
:Enforcing Mode                Enforcing
:Host Name                     (removed)
:Platform                      Linux (removed) 3.3.0-8.fc16.x86_64 #1 SMP Thu
:                              Mar 29 18:37:19 UTC 2012 x86_64 x86_64
:Alert Count                   1
:First Seen                    Po 2. duben 2012, 21:10:05 CEST
:Last Seen                     Po 2. duben 2012, 21:10:05 CEST
:Local ID                      bc98eebe-c54b-49f7-a772-8616a5d3f869
:
:Raw Audit Messages
:type=AVC msg=audit(1333393805.965:265): avc:  denied  { getattr } for  pid=8325 comm="systemd-tmpfile" path="/run/lirc/lircd" dev="tmpfs" ino=25322 scontext=system_u:system_r:systemd_tmpfiles_t:s0 tcontext=system_u:object_r:lircd_var_run_t:s0 tclass=sock_file
:
:
:type=SYSCALL msg=audit(1333393805.965:265): arch=x86_64 syscall=newfstatat success=no exit=EACCES a0=4 a1=270260b a2=7fff23b6c100 a3=100 items=0 ppid=1 pid=8325 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=systemd-tmpfile exe=/bin/systemd-tmpfiles subj=system_u:system_r:systemd_tmpfiles_t:s0 key=(null)
:
:Hash: systemd-tmpfile,systemd_tmpfiles_t,lircd_var_run_t,sock_file,getattr
:
:audit2allow
:
:#============= systemd_tmpfiles_t ==============
:allow systemd_tmpfiles_t lircd_var_run_t:sock_file getattr;
:
:audit2allow -R
:
:#============= systemd_tmpfiles_t ==============
:allow systemd_tmpfiles_t lircd_var_run_t:sock_file getattr;
:
Comment 1 Daniel Walsh 2012-04-02 15:28:59 EDT
Fixed in F17 ec1c0bfce5f3e84b68197a3145171928ad371a7e
Comment 2 Miroslav Grepl 2012-04-05 08:20:28 EDT
*** Bug 809157 has been marked as a duplicate of this bug. ***
Comment 3 Fedora Update System 2012-04-18 08:55:57 EDT
selinux-policy-3.10.0-84.fc16 has been submitted as an update for Fedora 16.
https://admin.fedoraproject.org/updates/selinux-policy-3.10.0-84.fc16
Comment 4 Fedora Update System 2012-04-21 23:38:19 EDT
selinux-policy-3.10.0-84.fc16 has been pushed to the Fedora 16 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.