Red Hat Bugzilla – Bug 864931
SELinux is preventing firewalld from 'getattr' accesses on the directory /var/lib/rpm.
Last modified: 2012-12-20 10:36:04 EST
Additional info: libreport version: 2.0.15 kernel: 3.6.1-1.fc18.x86_64 description: :SELinux is preventing firewalld from 'getattr' accesses on the directory /var/lib/rpm. : :***** Plugin catchall (100. confidence) suggests *************************** : :If cree que de manera predeterminada, firewalld debería permitir acceso getattr sobre rpm directory. :Then debería reportar esto como un error. :Puede generar un módulo de política local para permitir este acceso. :Do :permita el acceso momentáneamente executando: :# grep firewalld /var/log/audit/audit.log | audit2allow -M mypol :# semodule -i mypol.pp : :Additional Information: :Source Context system_u:system_r:firewalld_t:s0 :Target Context system_u:object_r:rpm_var_lib_t:s0 :Target Objects /var/lib/rpm [ dir ] :Source firewalld :Source Path firewalld :Port <Desconocido> :Host (removed) :Source RPM Packages :Target RPM Packages :Policy RPM selinux-policy-3.11.1-32.fc18.noarch :Selinux Enabled True :Policy Type targeted :Enforcing Mode Enforcing :Host Name (removed) :Platform Linux (removed) 3.6.1-1.fc18.x86_64 #1 SMP Mon Oct : 8 17:19:09 UTC 2012 x86_64 x86_64 :Alert Count 3 :First Seen 2012-10-06 12:23:00 ART :Last Seen 2012-10-10 05:59:31 ART :Local ID b5d4a0fa-36e0-43f2-9e1c-676c18129309 : :Raw Audit Messages :type=AVC msg=audit(1349859571.821:14): avc: denied { getattr } for pid=620 comm="firewalld" path="/var/lib/rpm" dev="sda2" ino=1704188 scontext=system_u:system_r:firewalld_t:s0 tcontext=system_u:object_r:rpm_var_lib_t:s0 tclass=dir : : :Hash: firewalld,firewalld_t,rpm_var_lib_t,dir,getattr : :audit2allow : :#============= firewalld_t ============== :allow firewalld_t rpm_var_lib_t:dir getattr; : :audit2allow -R : :#============= firewalld_t ============== :allow firewalld_t rpm_var_lib_t:dir getattr; :
Created attachment 624837 [details] File: type
Created attachment 624838 [details] File: hashmarkername
Does firewalld do anything with rpm?
No, besides providing rpm packages, there is no rpm use in firewalld.
Ernesto do you have a file system mounted at /var/lib/rpm? Did this AVC happen during an update?
Daniel, /var/lib/rpm is not a mountpoint (I hope that's what you are asking). It's inside my only EXT4 partition (/). Yes, this was during a "yum update" from a terminal (I have uninstalled some time ago the graphical update notification thing, don't know if that's important).
Ok most likely this is a leak or something happening because the process was sitting in /var/lib/rpm when it got restarted. I think I will just dontaudit this access in the future to prevent these random AVCs.
Fixed in selinux-policy-3.11.1-36.fc18.noarch
selinux-policy-3.11.1-36.fc18 has been submitted as an update for Fedora 18. https://admin.fedoraproject.org/updates/selinux-policy-3.11.1-36.fc18
Package selinux-policy-3.11.1-36.fc18: * should fix your issue, * was pushed to the Fedora 18 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing selinux-policy-3.11.1-36.fc18' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2012-15934/selinux-policy-3.11.1-36.fc18 then log in and leave karma (feedback).
selinux-policy-3.11.1-36.fc18 has been pushed to the Fedora 18 stable repository. If problems still persist, please make note of it in this bug report.