First Last Prev Next    This bug is not in your last search results.
Bug 837487 - SELinux is preventing lspci from using the 'sys_admin' capabilities.
SELinux is preventing lspci from using the 'sys_admin' capabilities.
Status: CLOSED ERRATA
Product: Fedora
Classification: Fedora
Component: selinux-policy (Show other bugs)
17
i686 Unspecified
unspecified Severity unspecified
: ---
: ---
Assigned To: Miroslav Grepl
Fedora Extras Quality Assurance
abrt_hash:3fb39a742bceedbffeb537b3c6e...
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2012-07-04 01:26 EDT by jo
Modified: 2012-07-04 09:03 EDT (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2012-07-04 09:03:10 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

  None (edit)
Description jo 2012-07-04 01:26:11 EDT 
libreport version: 2.0.10
executable:     /usr/bin/python2.7
hashmarkername: setroubleshoot
kernel:         3.3.4-5.fc17.i686
time:           Tue 03 Jul 2012 08:42:32 PM PDT

description:
:SELinux is preventing lspci from using the 'sys_admin' capabilities.
:
:*****  Plugin catchall (100. confidence) suggests  ***************************
:
:If you believe that lspci should have the sys_admin capability by default.
:Then you should report this as a bug.
:You can generate a local policy module to allow this access.
:Do
:allow this access for now by executing:
:# grep lspci /var/log/audit/audit.log | audit2allow -M mypol
:# semodule -i mypol.pp
:
:Additional Information:
:Source Context                system_u:system_r:sectoolm_t:s0-s0:c0.c1023
:Target Context                system_u:system_r:sectoolm_t:s0-s0:c0.c1023
:Target Objects                 [ capability ]
:Source                        lspci
:Source Path                   lspci
:Port                          <Unknown>
:Host                          (removed)
:Source RPM Packages           
:Target RPM Packages           
:Policy RPM                    selinux-policy-3.10.0-121.fc17.noarch
:Selinux Enabled               True
:Policy Type                   targeted
:Enforcing Mode                Enforcing
:Host Name                     (removed)
:Platform                      Linux (removed) 3.3.4-5.fc17.i686 #1
:                              SMP Mon May 7 17:45:26 UTC 2012 i686 i686
:Alert Count                   15
:First Seen                    Tue 03 Jul 2012 08:30:21 PM PDT
:Last Seen                     Tue 03 Jul 2012 08:33:24 PM PDT
:Local ID                      6987b5fc-1e13-4f3f-98b9-5a4d85081479
:
:Raw Audit Messages
:type=AVC msg=audit(1341372804.988:2641): avc:  denied  { sys_admin } for  pid=6561 comm="lspci" capability=21  scontext=system_u:system_r:sectoolm_t:s0-s0:c0.c1023 tcontext=system_u:system_r:sectoolm_t:s0-s0:c0.c1023 tclass=capability
:
:
:Hash: lspci,sectoolm_t,sectoolm_t,capability,sys_admin
:
:audit2allowunable to open /sys/fs/selinux/policy:  Permission denied
:
:
:audit2allow -Runable to open /sys/fs/selinux/policy:  Permission denied
:
:
Comment 1 Miroslav Grepl 2012-07-04 09:03:10 EDT 
Please update your system.

# yum update
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.