Summary: | SELinux is preventing systemd-logind from 'rename' accesses on the file .#scheduledhAaMOb. | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Vinicius Reis <angiolucci> |
Component: | selinux-policy | Assignee: | Vit Mojzis <vmojzis> |
Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | unspecified | Docs Contact: | |
Priority: | unspecified | ||
Version: | 23 | CC: | alex.ploumistos, dominick.grift, dwalsh, lvrabec, mgrepl, plautrba, vmojzis |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | x86_64 | ||
OS: | Unspecified | ||
Whiteboard: | abrt_hash:feb858c84f5452692e828d8693f95f2db6372887bf8405906b4c235b64075504;VARIANT_ID=workstation; | ||
Fixed In Version: | selinux-policy-3.13.1-155.fc23 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2015-11-26 20:57:50 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: |
Description
Vinicius Reis
2015-11-04 13:37:45 UTC
Description of problem: I was trying to schedule a shutdown: $ sudo shutdown -h 4:30 It was possible to do that because SELinux is in permissive mode. Otherwise, scheduled shutdown fails and turn off the system immediately. Version-Release number of selected component: selinux-policy-3.13.1-152.fc23.noarch Additional info: reporter: libreport-2.6.3 hashmarkername: setroubleshoot kernel: 4.2.5-300.fc23.x86_64 type: libreport The latest selinux-policy package on F22, where you can schedule a shutdown, is selinux-policy-3.13.1-128.19, so the bug was introduced somewhere between that and 3.13.1-152. Within that range, grep'ing for systemctl yields releases 142 and 148 (commits 1ba0a986f6f7a8c6960a1643878498c68659573b and ec0c1bc01ebca0b2927b75b53836fd2ed0e40be9 respectively). I don't know the first thing about the internals of SELinux, but those two might be worth investigating. Good point. Systemd has a known bug (introduced in newer releases, but already fixed on upstream I guess) that prevents shutdown to work properly with a TIME parameter (https://github.com/systemd/systemd/issues/1120). Perhaps this bug in systemd is triggering some unexpected behavior that is blocked or affected by SELinux. But it's just a guess, unfortunately I know nothing about SELinux and Systemd internals. *** Bug 1278659 has been marked as a duplicate of this bug. *** https://github.com/fedora-selinux/selinux-policy/commit/278db282fc299d63fc65dd5ceb2755ae35772019 https://github.com/fedora-selinux/selinux-policy/commit/e8b47663ab68ae38a80da83965fd8f901dd8d4f1 https://github.com/fedora-selinux/selinux-policy/commit/04bb898e69498c9c51746e12081e0c6fcd2ef342 https://github.com/fedora-selinux/selinux-policy/commit/02f981d4a2d0d483e0c91dcc1fe7f4af4d3f79f4 selinux-policy-3.13.1-155.fc23 has been submitted as an update to Fedora 23. https://bodhi.fedoraproject.org/updates/FEDORA-2015-0d84d6c75f selinux-policy-3.13.1-155.fc23 has been pushed to the Fedora 23 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with $ su -c 'dnf --enablerepo=updates-testing update selinux-policy' You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2015-0d84d6c75f It's working fine while SELinux is in permissive mode, no more warnings are shown and at the scheduled time, the system shuts down itself. But when I set SELinux to enforcing mode (and do a reboot to changes take effect), the warnings are shown again if I try to shutdown with a TIME argument, but even with the warning, the system shuts down itself on the correct scheduled time. Please, see here: https://bugzilla.redhat.com/show_bug.cgi?id=1285019 selinux-policy-3.13.1-155.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report. |