Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.
Bug 1255238
Summary: | shutdown ignoring time argument in Fedora 23 Alpha Cinnamon Spin | |||
---|---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | steveboss111 | |
Component: | selinux-policy | Assignee: | Vit Mojzis <vmojzis> | |
Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | |
Severity: | high | Docs Contact: | ||
Priority: | high | |||
Version: | 23 | CC: | dominick.grift, dwalsh, johannbg, jsynacek, lnykryn, lvrabec, mgrepl, msekleta, ncross, obrer, plautrba, s, steveboss111, systemd-maint, vmojzis, zbyszek | |
Target Milestone: | --- | |||
Target Release: | --- | |||
Hardware: | x86_64 | |||
OS: | Linux | |||
Whiteboard: | ||||
Fixed In Version: | selinux-policy-3.13.1-155.fc23 | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | ||
Clone Of: | ||||
: | 1279928 (view as bug list) | Environment: | ||
Last Closed: | 2015-11-26 20:57:37 UTC | Type: | Bug | |
Regression: | --- | Mount Type: | --- | |
Documentation: | --- | CRM: | ||
Verified Versions: | Category: | --- | ||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
Cloudforms Team: | --- | Target Upstream Version: | ||
Embargoed: | ||||
Bug Depends On: | ||||
Bug Blocks: | 1279928 |
Description
steveboss111
2015-08-20 05:18:32 UTC
journalctl reveals systemd-logind[684]: Failed to save information about scheduled shutdowns: Permission denied for each instance in which I tested this and it failed. Perhaps related: why does it demand root to shutdown? Fedora normally allows user to use shutdown without sudo or root login. On my rawhide machine, systemd gets blocked by selinux: Aug 26 13:37:43 rawhide-systemd-virt audit[425]: AVC avc: denied { lock } for pid=425 comm="systemd-logind" path="/run/utmp" dev="tmpfs" ino=18859 scontext=system_u:system_r:systemd_logind_t:s0 tcontext=system_u:object_r:initrc_var_run_t:s0 tclass=file permissive=0 Aug 26 13:37:43 rawhide-systemd-virt audit[425]: AVC avc: denied { create } for pid=425 comm="systemd-logind" name=".#scheduledJrCTA4" scontext=system_u:system_r:systemd_logind_t:s0 tcontext=system_u:object_r:init_var_run_t:s0 tclass=file permissive=0 Aug 26 13:37:43 rawhide-systemd-virt systemd-logind[425]: Failed to save information about scheduled shutdowns: Permission denied Aug 26 13:37:43 rawhide-systemd-virt systemd-logind[425]: Creating /run/nologin, blocking further logins... Aug 26 13:37:43 rawhide-systemd-virt audit[425]: AVC avc: denied { create } for pid=425 comm="systemd-logind" name=".#nologinrU6C4v" scontext=system_u:system_r:systemd_logind_t:s0 tcontext=system_u:object_r:var_run_t:s0 tclass=file permissive=0 Aug 26 13:37:43 rawhide-systemd-virt systemd-logind[425]: Failed to create /run/nologin: Permission denied Could you please verify that, in your case, you are seeing similar AVC messages in the system log? I didn't mention this, but "setenforce 0" works around the problem. Aug 17 00:50:51 localhost.localdomain audit[1]: USER_AVC pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='Unknown permission start for class system exe="/usr/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?' Aug 17 00:50:51 localhost.localdomain audit[1]: USER_AVC pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='Unknown permission start for class system exe="/usr/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?' Aug 17 00:50:51 localhost.localdomain audit[1]: USER_AVC pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='Unknown permission start for class system exe="/usr/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?' Aug 17 00:52:46 localhost.localdomain audit[1]: USER_AVC pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='Unknown permission start for class system exe="/usr/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?' Aug 17 00:52:46 localhost.localdomain audit[1]: USER_AVC pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='Unknown permission start for class system exe="/usr/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?' Aug 17 00:52:46 localhost.localdomain audit[1]: USER_AVC pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='Unknown permission start for class system exe="/usr/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?' Aug 17 01:52:25 localhost.localdomain audit[1]: USER_AVC pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='Unknown permission start for class system exe="/usr/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?' Aug 17 01:52:25 localhost.localdomain audit[1]: USER_AVC pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='Unknown permission start for class system exe="/usr/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?' Aug 17 01:52:25 localhost.localdomain audit[1]: USER_AVC pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='Unknown permission start for class system exe="/usr/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?' Aug 17 01:54:18 localhost.localdomain audit[1]: USER_AVC pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='Unknown permission start for class system exe="/usr/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?' Aug 17 01:54:18 localhost.localdomain audit[1]: USER_AVC pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='Unknown permission start for class system exe="/usr/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?' Aug 17 01:54:18 localhost.localdomain audit[1]: USER_AVC pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='Unknown permission start for class system exe="/usr/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?' Aug 17 01:59:57 localhost.localdomain dbus[1434]: avc: received policyload notice (seqno=2) Aug 17 01:59:57 localhost.localdomain dbus[1276]: avc: received policyload notice (seqno=2) Aug 17 01:59:57 localhost.localdomain dbus[1233]: avc: received policyload notice (seqno=2) Aug 17 01:59:57 localhost.localdomain dbus[630]: avc: received policyload notice (seqno=2) Aug 17 02:00:39 localhost.localdomain audit[1]: USER_AVC pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='avc: received policyload notice (seqno=2) Aug 17 02:26:44 localhost.localdomain audit[464]: AVC avc: denied { sys_ptrace } for pid=464 comm="systemd-sysctl" capability=19 scontext=system_u:system_r:systemd_sysctl_t:s0 tcontext=system_u:system_r:systemd_sysctl_t:s0 tclass=capability permissive=0 Aug 17 02:26:48 localhost.localdomain audit[590]: AVC avc: denied { sys_ptrace } for pid=590 comm="systemd-sysctl" capability=19 scontext=system_u:system_r:systemd_sysctl_t:s0 tcontext=system_u:system_r:systemd_sysctl_t:s0 tclass=capability permissive=0 Aug 17 02:26:48 localhost.localdomain kernel: audit: type=1400 audit(1439792808.067:60): avc: denied { sys_ptrace } for pid=590 comm="systemd-sysctl" capability=19 scontext=system_u:system_r:systemd_sysctl_t:s0 tcontext=system_u:system_r:systemd_sysctl_t:s0 tclass=capability permissive=0 Aug 17 02:26:57 localhost.localdomain audit[1]: USER_AVC pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='Unknown permission start for class system exe="/usr/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?' Aug 17 02:26:57 localhost.localdomain audit[1]: USER_AVC pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='Unknown permission start for class system exe="/usr/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?' Aug 17 02:26:57 localhost.localdomain audit[1]: USER_AVC pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='Unknown permission start for class system exe="/usr/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?' Aug 17 02:29:14 localhost.localdomain audit[1]: USER_AVC pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='Unknown permission start for class system exe="/usr/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?' Aug 17 02:29:14 localhost.localdomain audit[1]: USER_AVC pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='Unknown permission start for class system exe="/usr/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?' Aug 17 02:29:14 localhost.localdomain audit[1]: USER_AVC pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='Unknown permission start for class system exe="/usr/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?' Aug 17 02:48:10 localhost.localdomain audit[1]: USER_AVC pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='Unknown permission start for class system exe="/usr/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?' Aug 20 00:58:07 localhost.localdomain audit[440]: AVC avc: denied { sys_ptrace } for pid=440 comm="systemd-sysctl" capability=19 scontext=system_u:system_r:systemd_sysctl_t:s0 tcontext=system_u:system_r:systemd_sysctl_t:s0 tclass=capability permissive=0 Aug 20 00:58:12 localhost.localdomain audit[587]: AVC avc: denied { sys_ptrace } for pid=587 comm="systemd-sysctl" capability=19 scontext=system_u:system_r:systemd_sysctl_t:s0 tcontext=system_u:system_r:systemd_sysctl_t:s0 tclass=capability permissive=0 Aug 20 00:58:24 localhost.localdomain audit[1]: USER_AVC pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='Unknown permission start for class system exe="/usr/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?' Aug 20 00:58:24 localhost.localdomain audit[1]: USER_AVC pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='Unknown permission start for class system exe="/usr/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?' Aug 20 00:58:24 localhost.localdomain audit[1]: USER_AVC pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='Unknown permission start for class system exe="/usr/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?' Aug 20 00:59:26 localhost.localdomain audit[1]: USER_AVC pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='Unknown permission start for class system exe="/usr/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?' Aug 20 00:59:26 localhost.localdomain audit[1]: USER_AVC pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='Unknown permission start for class system exe="/usr/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?' Aug 20 00:59:26 localhost.localdomain audit[1]: USER_AVC pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='Unknown permission start for class system exe="/usr/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?' Aug 20 01:00:24 localhost.localdomain audit[666]: AVC avc: denied { create } for pid=666 comm="systemd-logind" name=".#scheduledd1IFUj" scontext=system_u:system_r:systemd_logind_t:s0 tcontext=system_u:object_r:init_var_run_t:s0 tclass=file permissive=0 Aug 20 01:01:02 localhost.localdomain kernel: audit: type=1400 audit(1440046860.487:48): avc: denied { sys_ptrace } for pid=461 comm="systemd-sysctl" capability=19 scontext=system_u:system_r:systemd_sysctl_t:s0 tcontext=system_u:system_r:systemd_sysctl_t:s0 tclass=capability permissive=0 Aug 20 01:01:00 localhost.localdomain audit[461]: AVC avc: denied { sys_ptrace } for pid=461 comm="systemd-sysctl" capability=19 scontext=system_u:system_r:systemd_sysctl_t:s0 tcontext=system_u:system_r:systemd_sysctl_t:s0 tclass=capability permissive=0 Aug 20 01:01:04 localhost.localdomain audit[590]: AVC avc: denied { sys_ptrace } for pid=590 comm="systemd-sysctl" capability=19 scontext=system_u:system_r:systemd_sysctl_t:s0 tcontext=system_u:system_r:systemd_sysctl_t:s0 tclass=capability permissive=0 Aug 20 01:01:14 localhost.localdomain audit[1]: USER_AVC pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='Unknown permission start for class system exe="/usr/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?' Aug 20 01:01:14 localhost.localdomain audit[1]: USER_AVC pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='Unknown permission start for class system exe="/usr/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?' Aug 20 01:01:14 localhost.localdomain audit[1]: USER_AVC pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='Unknown permission start for class system exe="/usr/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?' Aug 20 01:01:32 localhost.localdomain audit[1]: USER_AVC pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='Unknown permission start for class system exe="/usr/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?' Aug 20 01:01:32 localhost.localdomain audit[1]: USER_AVC pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='Unknown permission start for class system exe="/usr/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?' Aug 20 01:01:32 localhost.localdomain audit[1]: USER_AVC pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='Unknown permission start for class system exe="/usr/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?' Aug 20 01:18:59 localhost.localdomain audit[657]: AVC avc: denied { read } for pid=657 comm="systemd-logind" name="utmp" dev="tmpfs" ino=15117 scontext=system_u:system_r:systemd_logind_t:s0 tcontext=system_u:object_r:initrc_var_run_t:s0 tclass=file permissive=0 Aug 20 01:18:59 localhost.localdomain audit[657]: AVC avc: denied { read } for pid=657 comm="systemd-logind" name="utmp" dev="tmpfs" ino=15117 scontext=system_u:system_r:systemd_logind_t:s0 tcontext=system_u:object_r:initrc_var_run_t:s0 tclass=file permissive=0 Aug 20 01:18:59 localhost.localdomain audit[657]: AVC avc: denied { create } for pid=657 comm="systemd-logind" name=".#scheduledqzwxJS" scontext=system_u:system_r:systemd_logind_t:s0 tcontext=system_u:object_r:init_var_run_t:s0 tclass=file permissive=0 Aug 20 01:19:40 localhost.localdomain audit[469]: AVC avc: denied { sys_ptrace } for pid=469 comm="systemd-sysctl" capability=19 scontext=system_u:system_r:systemd_sysctl_t:s0 tcontext=system_u:system_r:systemd_sysctl_t:s0 tclass=capability permissive=0 Aug 20 01:19:40 localhost.localdomain kernel: audit: type=1400 audit(1440047980.626:49): avc: denied { sys_ptrace } for pid=469 comm="systemd-sysctl" capability=19 scontext=system_u:system_r:systemd_sysctl_t:s0 tcontext=system_u:system_r:systemd_sysctl_t:s0 tclass=capability permissive=0 Aug 20 01:19:44 localhost.localdomain audit[588]: AVC avc: denied { sys_ptrace } for pid=588 comm="systemd-sysctl" capability=19 scontext=system_u:system_r:systemd_sysctl_t:s0 tcontext=system_u:system_r:systemd_sysctl_t:s0 tclass=capability permissive=0 Aug 20 01:19:55 localhost.localdomain audit[1]: USER_AVC pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='Unknown permission start for class system exe="/usr/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?' Aug 20 01:19:55 localhost.localdomain audit[1]: USER_AVC pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='Unknown permission start for class system exe="/usr/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?' Aug 20 01:19:55 localhost.localdomain audit[1]: USER_AVC pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='Unknown permission start for class system exe="/usr/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?' Aug 20 01:20:05 localhost.localdomain audit[1]: USER_AVC pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='Unknown permission start for class system exe="/usr/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?' Aug 20 01:20:05 localhost.localdomain audit[1]: USER_AVC pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='Unknown permission start for class system exe="/usr/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?' Aug 20 01:20:05 localhost.localdomain audit[1]: USER_AVC pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='Unknown permission start for class system exe="/usr/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?' Aug 20 01:20:46 localhost.localdomain audit[684]: AVC avc: denied { read } for pid=684 comm="systemd-logind" name="utmp" dev="tmpfs" ino=16573 scontext=system_u:system_r:systemd_logind_t:s0 tcontext=system_u:object_r:initrc_var_run_t:s0 tclass=file permissive=0 Aug 20 01:20:46 localhost.localdomain audit[684]: AVC avc: denied { read } for pid=684 comm="systemd-logind" name="utmp" dev="tmpfs" ino=16573 scontext=system_u:system_r:systemd_logind_t:s0 tcontext=system_u:object_r:initrc_var_run_t:s0 tclass=file permissive=0 Aug 20 01:20:46 localhost.localdomain audit[684]: AVC avc: denied { create } for pid=684 comm="systemd-logind" name=".#scheduledrtdZS7" scontext=system_u:system_r:systemd_logind_t:s0 tcontext=system_u:object_r:init_var_run_t:s0 tclass=file permissive=0 Aug 20 01:22:30 localhost.localdomain kernel: audit: type=1400 audit(1440048150.479:50): avc: denied { sys_ptrace } for pid=439 comm="systemd-sysctl" capability=19 scontext=system_u:system_r:systemd_sysctl_t:s0 tcontext=system_u:system_r:systemd_sysctl_t:s0 tclass=capability permissive=0 Aug 20 01:22:30 localhost.localdomain audit[439]: AVC avc: denied { sys_ptrace } for pid=439 comm="systemd-sysctl" capability=19 scontext=system_u:system_r:systemd_sysctl_t:s0 tcontext=system_u:system_r:systemd_sysctl_t:s0 tclass=capability permissive=0 Aug 20 01:22:33 localhost.localdomain audit[562]: AVC avc: denied { sys_ptrace } for pid=562 comm="systemd-sysctl" capability=19 scontext=system_u:system_r:systemd_sysctl_t:s0 tcontext=system_u:system_r:systemd_sysctl_t:s0 tclass=capability permissive=0 Aug 20 01:22:45 localhost.localdomain audit[1]: USER_AVC pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='Unknown permission start for class system exe="/usr/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?' Aug 20 01:22:45 localhost.localdomain audit[1]: USER_AVC pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='Unknown permission start for class system exe="/usr/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?' Aug 20 01:22:45 localhost.localdomain audit[1]: USER_AVC pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='Unknown permission start for class system exe="/usr/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?' Aug 20 01:23:50 localhost.localdomain audit[1]: USER_AVC pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='Unknown permission start for class system exe="/usr/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?' Aug 20 01:23:50 localhost.localdomain audit[1]: USER_AVC pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='Unknown permission start for class system exe="/usr/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?' Aug 20 01:23:50 localhost.localdomain audit[1]: USER_AVC pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='Unknown permission start for class system exe="/usr/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?' Aug 20 03:34:27 localhost.localdomain audit[464]: AVC avc: denied { sys_ptrace } for pid=464 comm="systemd-sysctl" capability=19 scontext=system_u:system_r:systemd_sysctl_t:s0 tcontext=system_u:system_r:systemd_sysctl_t:s0 tclass=capability permissive=0 Aug 20 03:34:27 localhost.localdomain kernel: audit: type=1400 audit(1440056067.486:51): avc: denied { sys_ptrace } for pid=464 comm="systemd-sysctl" capability=19 scontext=system_u:system_r:systemd_sysctl_t:s0 tcontext=system_u:system_r:systemd_sysctl_t:s0 tclass=capability permissive=0 Aug 20 03:34:32 localhost.localdomain audit[612]: AVC avc: denied { sys_ptrace } for pid=612 comm="systemd-sysctl" capability=19 scontext=system_u:system_r:systemd_sysctl_t:s0 tcontext=system_u:system_r:systemd_sysctl_t:s0 tclass=capability permissive=0 Aug 20 03:34:42 localhost.localdomain audit[1]: USER_AVC pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='Unknown permission start for class system exe="/usr/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?' Aug 20 03:34:42 localhost.localdomain audit[1]: USER_AVC pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='Unknown permission start for class system exe="/usr/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?' Aug 20 03:34:42 localhost.localdomain audit[1]: USER_AVC pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='Unknown permission start for class system exe="/usr/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?' Aug 20 03:35:01 localhost.localdomain audit[1]: USER_AVC pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='Unknown permission start for class system exe="/usr/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?' Aug 20 03:35:01 localhost.localdomain audit[1]: USER_AVC pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='Unknown permission start for class system exe="/usr/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?' Aug 20 03:35:01 localhost.localdomain audit[1]: USER_AVC pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='Unknown permission start for class system exe="/usr/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?' Aug 26 11:01:33 localhost.localdomain kernel: audit: type=1400 audit(1440601287.496:50): avc: denied { sys_ptrace } for pid=478 comm="systemd-sysctl" capability=19 scontext=system_u:system_r:systemd_sysctl_t:s0 tcontext=system_u:system_r:systemd_sysctl_t:s0 tclass=capability permissive=0 Aug 26 11:01:27 localhost.localdomain audit[478]: AVC avc: denied { sys_ptrace } for pid=478 comm="systemd-sysctl" capability=19 scontext=system_u:system_r:systemd_sysctl_t:s0 tcontext=system_u:system_r:systemd_sysctl_t:s0 tclass=capability permissive=0 Aug 26 11:01:31 localhost.localdomain audit[622]: AVC avc: denied { sys_ptrace } for pid=622 comm="systemd-sysctl" capability=19 scontext=system_u:system_r:systemd_sysctl_t:s0 tcontext=system_u:system_r:systemd_sysctl_t:s0 tclass=capability permissive=0 Aug 26 11:01:45 localhost.localdomain audit[1]: USER_AVC pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='Unknown permission start for class system exe="/usr/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?' Aug 26 11:01:45 localhost.localdomain audit[1]: USER_AVC pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='Unknown permission start for class system exe="/usr/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?' Aug 26 11:01:45 localhost.localdomain audit[1]: USER_AVC pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='Unknown permission start for class system exe="/usr/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?' Aug 26 11:02:08 localhost.localdomain audit[1]: USER_AVC pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='Unknown permission start for class system exe="/usr/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?' Aug 26 11:02:08 localhost.localdomain audit[1]: USER_AVC pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='Unknown permission start for class system exe="/usr/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?' Aug 26 11:02:08 localhost.localdomain audit[1]: USER_AVC pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='Unknown permission start for class system exe="/usr/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?' Same issue in Fedora 23 final version. command "shutdown -h 17:00" but it shutdowns immediately, setting setenforce 0 is a workaround, definitely is a selinux policy problem. https://github.com/fedora-selinux/selinux-policy/commit/278db282fc299d63fc65dd5ceb2755ae35772019 https://github.com/fedora-selinux/selinux-policy/commit/e8b47663ab68ae38a80da83965fd8f901dd8d4f1 https://github.com/fedora-selinux/selinux-policy/commit/04bb898e69498c9c51746e12081e0c6fcd2ef342 https://github.com/fedora-selinux/selinux-policy/commit/02f981d4a2d0d483e0c91dcc1fe7f4af4d3f79f4 selinux-policy-3.13.1-155.fc23 has been submitted as an update to Fedora 23. https://bodhi.fedoraproject.org/updates/FEDORA-2015-0d84d6c75f selinux-policy-3.13.1-155.fc23 has been pushed to the Fedora 23 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with $ su -c 'dnf --enablerepo=updates-testing update selinux-policy' You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2015-0d84d6c75f selinux-policy-3.13.1-155.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report. SELinux is preventing systemd-logind from create access on the file .#nologingImpUU. ***** Plugin catchall (100. confidence) suggests ************************** If you believe that systemd-logind should be allowed create access on the .#nologingImpUU file by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # grep systemd-logind /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context system_u:system_r:systemd_logind_t:s0 Target Context system_u:object_r:var_run_t:s0 Target Objects .#nologingImpUU [ file ] Source systemd-logind Source Path systemd-logind Port <Unknown> Host localhost.localdomain Source RPM Packages Target RPM Packages Policy RPM selinux-policy-3.13.1-155.fc23.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name localhost.localdomain Platform Linux localhost.localdomain 4.2.6-301.fc23.x86_64 #1 SMP Fri Nov 20 22:22:41 UTC 2015 x86_64 x86_64 Alert Count 1 First Seen 2015-11-26 21:28:16 EST Last Seen 2015-11-26 21:28:16 EST Local ID 8000412c-d9ff-40d9-8934-2c3a86bf3f2e Raw Audit Messages type=AVC msg=audit(1448591296.182:509): avc: denied { create } for pid=643 comm="systemd-logind" name=".#nologingImpUU" scontext=system_u:system_r:systemd_logind_t:s0 tcontext=system_u:object_r:var_run_t:s0 tclass=file permissive=0 Hash: systemd-logind,systemd_logind_t,var_run_t,file,create Yes, this is a separate issue. See bug #1287592. |