Bug 819313 - SELinux is preventing systemd-logind from using the 'signal' accesses on a process.
SELinux is preventing systemd-logind from using the 'signal' accesses on a pr...
Product: Fedora
Classification: Fedora
Component: selinux-policy (Show other bugs)
i686 Unspecified
unspecified Severity unspecified
: ---
: ---
Assigned To: Miroslav Grepl
Fedora Extras Quality Assurance
Depends On:
  Show dependency treegraph
Reported: 2012-05-06 10:36 EDT by antonio montagnani
Modified: 2012-06-11 06:59 EDT (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2012-05-09 09:46:37 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description antonio montagnani 2012-05-06 10:36:39 EDT
libreport version: 2.0.10
executable:     /usr/bin/python2.7
hashmarkername: setroubleshoot
kernel:         3.3.4-3.fc17.i686.PAE
time:           dom 06 mag 2012 16:35:40 CEST

:SELinux is preventing systemd-logind from using the 'signal' accesses on a process.
:*****  Plugin catchall (100. confidence) suggests  ***************************
:If si crede che systemd-logind dovrebbe avere possibilità di accesso signal ai processi etichettati rpm_script_t in modo predefinito.
:Then si dovrebbe riportare il problema come bug.
:E' possibile generare un modulo di politica locale per consentire questo accesso.
:consentire questo accesso per il momento eseguendo:
:# grep systemd-logind /var/log/audit/audit.log | audit2allow -M mypol
:# semodule -i mypol.pp
:Additional Information:
:Source Context                system_u:system_r:systemd_logind_t:s0
:Target Context                system_u:system_r:rpm_script_t:s0-s0:c0.c1023
:Target Objects                 [ process ]
:Source                        systemd-logind
:Source Path                   systemd-logind
:Port                          <Sconosciuto>
:Host                          (removed)
:Source RPM Packages           
:Target RPM Packages           
:Policy RPM                    selinux-policy-3.10.0-118.fc17.noarch
:Selinux Enabled               True
:Policy Type                   targeted
:Enforcing Mode                Enforcing
:Host Name                     (removed)
:Platform                      Linux (removed) 3.3.4-3.fc17.i686.PAE #1 SMP Wed
:                              May 2 16:30:57 UTC 2012 i686 i686
:Alert Count                   8
:First Seen                    dom 06 mag 2012 16:32:15 CEST
:Last Seen                     dom 06 mag 2012 16:35:11 CEST
:Local ID                      31997f72-1819-45b4-84ee-6ad13b2ce7a1
:Raw Audit Messages
:type=AVC msg=audit(1336314911.110:141): avc:  denied  { signal } for  pid=644 comm="systemd-logind" scontext=system_u:system_r:systemd_logind_t:s0 tcontext=system_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=process
:Hash: systemd-logind,systemd_logind_t,rpm_script_t,process,signal
:audit2allowunable to open /sys/fs/selinux/policy:  Permission denied
:audit2allow -Runable to open /sys/fs/selinux/policy:  Permission denied
Comment 1 Daniel Walsh 2012-05-07 09:41:41 EDT
This looks strange, do you have processes running on your machine as rpm_script_t?

ps -eZ | grep rpm_script_t
Comment 2 antonio montagnani 2012-05-09 01:20:52 EDT
no, I don't
Comment 3 Daniel Walsh 2012-05-09 09:46:37 EDT
Any idea what you were doing when this happened.  It looks like for at least a short time you did, have an rpm_script_t process running that systemd_login sent a signal to.

rpm_script_t is the default label of processes run as scripts by rpm.  Likely a post install script started a process that ran for a while that systemd tried to signal.  This is not something we want to allow. If you have an idea what happened reopen this bug, or if it happens again.

Note You need to log in before you can comment on or make changes to this bug.