libreport version: 2.0.10 executable: /usr/bin/python2.7 hashmarkername: setroubleshoot kernel: 3.3.7-1.fc16.x86_64 time: pią, 1 cze 2012, 17:12:46 description: :SELinux is preventing /bin/systemd-tmpfiles from 'read' accesses on the lnk_file tmp. : :***** Plugin catchall (100. confidence) suggests *************************** : :If aby systemd-tmpfiles powinno mieć domyślnie read dostęp do tmp lnk_file. :Then proszę to zgłosić jako błąd. :Można utworzyć lokalny moduł polityki, aby umożliwić ten dostęp. :Do :można tymczasowo zezwolić na ten dostęp wykonując polecenia: :# grep systemd-tmpfile /var/log/audit/audit.log | audit2allow -M mojapolityka :# semodule -i mojapolityka.pp : :Additional Information: :Source Context system_u:system_r:systemd_tmpfiles_t:s0 :Target Context system_u:object_r:tmp_t:s0 :Target Objects tmp [ lnk_file ] :Source systemd-tmpfile :Source Path /bin/systemd-tmpfiles :Port <Nieznane> :Host (removed) :Source RPM Packages systemd-units-37-25.fc16.x86_64 :Target RPM Packages filesystem-2.4.44-1.fc16.x86_64 :Policy RPM selinux-policy-3.10.0-86.fc16.noarch :Selinux Enabled True :Policy Type targeted :Enforcing Mode Enforcing :Host Name (removed) :Platform Linux (removed) 3.3.7-1.fc16.x86_64 #1 SMP : Tue May 22 13:59:39 UTC 2012 x86_64 x86_64 :Alert Count 1 :First Seen pią, 1 cze 2012, 17:11:06 :Last Seen pią, 1 cze 2012, 17:11:06 :Local ID 8f8f8ee6-19e2-4c69-8b7e-1cb0019aa990 : :Raw Audit Messages :type=AVC msg=audit(1338563466.532:50): avc: denied { read } for pid=1544 comm="systemd-tmpfile" name="tmp" dev="dm-1" ino=786468 scontext=system_u:system_r:systemd_tmpfiles_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=lnk_file : : :type=SYSCALL msg=audit(1338563466.532:50): arch=x86_64 syscall=openat success=no exit=EACCES a0=ffffffffffffff9c a1=c09b50 a2=90800 a3=0 items=0 ppid=1 pid=1544 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=systemd-tmpfile exe=/bin/systemd-tmpfiles subj=system_u:system_r:systemd_tmpfiles_t:s0 key=(null) : :Hash: systemd-tmpfile,systemd_tmpfiles_t,tmp_t,lnk_file,read : :audit2allow : :#============= systemd_tmpfiles_t ============== :allow systemd_tmpfiles_t tmp_t:lnk_file read; : :audit2allow -R : :#============= systemd_tmpfiles_t ============== :allow systemd_tmpfiles_t tmp_t:lnk_file read; :
Fixed in selinux-policy-3.10.0-129.fc17
Could you fix it also in F16? Regards
Sure. Fixed in selinux-policy-3.10.0-89.fc16
I looked for this package release, but I couldn't find it. I looked here: http://dl.fedoraproject.org/pub/fedora/linux/updates/16/x86_64/ and only release I see is 86.
I apologize, I have not built it yet.
selinux-policy-3.10.0-89.fc16 has been submitted as an update for Fedora 16. https://admin.fedoraproject.org/updates/selinux-policy-3.10.0-89.fc16
Package selinux-policy-3.10.0-89.fc16: * should fix your issue, * was pushed to the Fedora 16 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing selinux-policy-3.10.0-89.fc16' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2012-9507/selinux-policy-3.10.0-89.fc16 then log in and leave karma (feedback).
selinux-policy-3.10.0-89.fc16 has been pushed to the Fedora 16 stable repository. If problems still persist, please make note of it in this bug report.