Bug 819313 - SELinux is preventing systemd-logind from using the 'signal' accesses on a process.
Summary: SELinux is preventing systemd-logind from using the 'signal' accesses on a pr...
Keywords:
Status: CLOSED INSUFFICIENT_DATA
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy
Version: 17
Hardware: i686
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Miroslav Grepl
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard: abrt_hash:9b4bd28cc16ae84edbb82314255...
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2012-05-06 14:36 UTC by antonio montagnani
Modified: 2012-06-11 10:59 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2012-05-09 13:46:37 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)

Description antonio montagnani 2012-05-06 14:36:39 UTC 
libreport version: 2.0.10
executable:     /usr/bin/python2.7
hashmarkername: setroubleshoot
kernel:         3.3.4-3.fc17.i686.PAE
time:           dom 06 mag 2012 16:35:40 CEST

description:
:SELinux is preventing systemd-logind from using the 'signal' accesses on a process.
:
:*****  Plugin catchall (100. confidence) suggests  ***************************
:
:If si crede che systemd-logind dovrebbe avere possibilità di accesso signal ai processi etichettati rpm_script_t in modo predefinito.
:Then si dovrebbe riportare il problema come bug.
:E' possibile generare un modulo di politica locale per consentire questo accesso.
:Do
:consentire questo accesso per il momento eseguendo:
:# grep systemd-logind /var/log/audit/audit.log | audit2allow -M mypol
:# semodule -i mypol.pp
:
:Additional Information:
:Source Context                system_u:system_r:systemd_logind_t:s0
:Target Context                system_u:system_r:rpm_script_t:s0-s0:c0.c1023
:Target Objects                 [ process ]
:Source                        systemd-logind
:Source Path                   systemd-logind
:Port                          <Sconosciuto>
:Host                          (removed)
:Source RPM Packages           
:Target RPM Packages           
:Policy RPM                    selinux-policy-3.10.0-118.fc17.noarch
:Selinux Enabled               True
:Policy Type                   targeted
:Enforcing Mode                Enforcing
:Host Name                     (removed)
:Platform                      Linux (removed) 3.3.4-3.fc17.i686.PAE #1 SMP Wed
:                              May 2 16:30:57 UTC 2012 i686 i686
:Alert Count                   8
:First Seen                    dom 06 mag 2012 16:32:15 CEST
:Last Seen                     dom 06 mag 2012 16:35:11 CEST
:Local ID                      31997f72-1819-45b4-84ee-6ad13b2ce7a1
:
:Raw Audit Messages
:type=AVC msg=audit(1336314911.110:141): avc:  denied  { signal } for  pid=644 comm="systemd-logind" scontext=system_u:system_r:systemd_logind_t:s0 tcontext=system_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=process
:
:
:Hash: systemd-logind,systemd_logind_t,rpm_script_t,process,signal
:
:audit2allowunable to open /sys/fs/selinux/policy:  Permission denied
:
:
:audit2allow -Runable to open /sys/fs/selinux/policy:  Permission denied
:
:
Comment 1 Daniel Walsh 2012-05-07 13:41:41 UTC 
This looks strange, do you have processes running on your machine as rpm_script_t?

ps -eZ | grep rpm_script_t
Comment 2 antonio montagnani 2012-05-09 05:20:52 UTC 
no, I don't
Comment 3 Daniel Walsh 2012-05-09 13:46:37 UTC 
Any idea what you were doing when this happened.  It looks like for at least a short time you did, have an rpm_script_t process running that systemd_login sent a signal to.

rpm_script_t is the default label of processes run as scripts by rpm.  Likely a post install script started a process that ran for a while that systemd tried to signal.  This is not something we want to allow. If you have an idea what happened reopen this bug, or if it happens again.
Note You need to log in before you can comment on or make changes to this bug.