Bug 840877 - SELinux is preventing pool from 'read' accesses on the directory .
SELinux is preventing pool from 'read' accesses on the directory .
Status: CLOSED NOTABUG
Product: Fedora
Classification: Fedora
Component: selinux-policy (Show other bugs)
17
x86_64 Unspecified
unspecified Severity unspecified
: ---
: ---
Assigned To: Miroslav Grepl
Fedora Extras Quality Assurance
abrt_hash:504f8f675f93bf34f6246adc40b...
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2012-07-17 09:33 EDT by Todd Thomas
Modified: 2012-07-23 12:08 EDT (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2012-07-23 12:08:58 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Todd Thomas 2012-07-17 09:33:01 EDT
libreport version: 2.0.10
executable:     /usr/bin/python2.7
hashmarkername: setroubleshoot
kernel:         3.4.4-5.fc17.x86_64
time:           Tue 17 Jul 2012 08:26:15 AM CDT

description:
:SELinux is preventing pool from 'read' accesses on the directory .
:
:*****  Plugin catchall_boolean (89.3 confidence) suggests  *******************
:
:If you want to use_nfs_home_dirs
:Then you must tell SELinux about this by enabling the 'use_nfs_home_dirs' boolean.You can read 'nfs_selinux' man page for more details.
:Do
:setsebool -P use_nfs_home_dirs 1
:
:*****  Plugin catchall (11.6 confidence) suggests  ***************************
:
:If you believe that pool should be allowed read access on the  directory by default.
:Then you should report this as a bug.
:You can generate a local policy module to allow this access.
:Do
:allow this access for now by executing:
:# grep pool /var/log/audit/audit.log | audit2allow -M mypol
:# semodule -i mypol.pp
:
:Additional Information:
:Source Context                unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c
:                              0.c1023
:Target Context                system_u:object_r:nfs_t:s0
:Target Objects                 [ dir ]
:Source                        pool
:Source Path                   pool
:Port                          <Unknown>
:Host                          (removed)
:Source RPM Packages           totem-3.4.2-1.fc17.x86_64
:Target RPM Packages           
:Policy RPM                    selinux-policy-3.10.0-134.fc17.noarch
:Selinux Enabled               True
:Policy Type                   targeted
:Enforcing Mode                Enforcing
:Host Name                     (removed)
:Platform                      Linux (removed) 3.4.4-5.fc17.x86_64 #1 SMP
:                              Thu Jul 5 20:20:59 UTC 2012 x86_64 x86_64
:Alert Count                   4
:First Seen                    Fri 13 Jul 2012 12:25:09 PM CDT
:Last Seen                     Fri 13 Jul 2012 12:25:09 PM CDT
:Local ID                      85fbdf70-8a77-49c6-8296-d5430ac6b5da
:
:Raw Audit Messages
:type=AVC msg=audit(1342200309.448:15166): avc:  denied  { read } for  pid=23375 comm="pool" name="" dev="0:32" ino=50855937 scontext=unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c0.c1023 tcontext=system_u:object_r:nfs_t:s0 tclass=dir
:
:
:type=SYSCALL msg=audit(1342200309.448:15166): arch=x86_64 syscall=open success=no exit=EACCES a0=1d43360 a1=40000 a2=18541d0 a3=746163696c707061 items=0 ppid=1 pid=23375 auid=1007 uid=1007 gid=1007 euid=1007 suid=1007 fsuid=1007 egid=1007 sgid=1007 fsgid=1007 tty=(none) ses=2 comm=pool exe=/usr/bin/totem subj=unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c0.c1023 key=(null)
:
:Hash: pool,mozilla_plugin_t,nfs_t,dir,read
:
:audit2allowunable to open /sys/fs/selinux/policy:  Permission denied
:
:
:audit2allow -Runable to open /sys/fs/selinux/policy:  Permission denied
:
:
Comment 1 Daniel Walsh 2012-07-23 12:08:58 EDT
Did you read the alert, it tells you what to do if you are using nfs homedirs.

Note You need to log in before you can comment on or make changes to this bug.