820464 – tuned-related ethtool boot-time SELinux alert

Bug 820464 - tuned-related ethtool boot-time SELinux alert

Summary: tuned-related ethtool boot-time SELinux alert

Keywords:
Status:	CLOSED DUPLICATE of bug 809832
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	selinux-policy-targeted
Sub Component:
Version:	17
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Assignee:	Miroslav Grepl
QA Contact:	Ben Levenson
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2012-05-10 04:30 UTC by Michel Lind
Modified:	2012-05-11 05:22 UTC (History)
CC List:	1 user (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2012-05-11 05:22:58 UTC
Type:	Bug
Embargoed:
Dependent Products:

Attachments	(Terms of Use)
tuned AVC messages (21.17 KB, text/plain) 2012-05-11 04:14 UTC, Michel Lind	no flags	Details
View All

Description Michel Lind 2012-05-10 04:30:22 UTC

Description of problem:
When the tuned "powersave" profile is active, the following SELinux alert is generated when the system is booted


SELinux is preventing /usr/sbin/ethtool from write access on the file /var/log/tuned/tuned.log.

Additional Information:
Source Context                system_u:system_r:ifconfig_t:s0
Target Context                system_u:object_r:tuned_log_t:s0
Target Objects                /var/log/tuned/tuned.log [ file ]
Source                        ethtool
Source Path                   /usr/sbin/ethtool
Port                          <Unknown>
Host                          hermione.localdomain
Source RPM Packages           ethtool-3.2-2.fc17.x86_64
Target RPM Packages           
Policy RPM                    selinux-policy-3.10.0-118.fc17.noarch

Version-Release number of selected component (if applicable):
selinux-policy-targeted-3.10.0-118.fc17.noarch
tuned-2.0.1-1.fc17.noarch
kernel-3.3.4-4.fc17.x86_64


How reproducible:
Always

Steps to Reproduce:
1. enable tuned (systemctl enable tuned.service)
2. restart
  
Actual results:
As reported

Expected results:
No warning

Additional info:
This is on a clean install of Fedora 17 TC3 x86_64, fully updated

Comment 1 Miroslav Grepl 2012-05-10 08:03:12 UTC

Could you attach full AVC msg?

$ ausearch -m avc |grep tuned

Comment 2 Michel Lind 2012-05-11 04:14:07 UTC

Created attachment 583713 [details]
tuned AVC messages

Certainly; the output is attached

Comment 3 Miroslav Grepl 2012-05-11 05:22:58 UTC


*** This bug has been marked as a duplicate of bug 809832 ***

Note You need to log in before you can comment on or make changes to this bug.