Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.
Bug 1432759
| Summary: | SELinux is preventing (fwupd) from 'mounton' accesses on the directory /var/lib/fwupd. | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Heiko Adams <bugzilla> |
| Component: | selinux-policy | Assignee: | Lukas Vrabec <lvrabec> |
| Status: | CLOSED DUPLICATE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 26 | CC: | dominick.grift, dwalsh, lvrabec, mgrepl, plautrba, pmoore, robatino, ssekidde, vondruch |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | x86_64 | ||
| OS: | Unspecified | ||
| Whiteboard: | abrt_hash:cc901ee8e40191f3fa74ff3d206c0246a8ed176f88c962540610214294c4e4e2;VARIANT_ID=workstation; | ||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2017-03-21 08:52:19 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | |||
| Bug Blocks: | 1349188 | ||
Proposed as a Blocker for 26-final by Fedora user vondruch using the blocker tracking app because: I think this violates: "There must be no SELinux denial notifications or crash notifications on boot of or during installation from a release-blocking live image, or at first login after a default install of a release-blocking desktop." Although I am not sure it pops up after first login, it propably pops up sooner or later ... *** This bug has been marked as a duplicate of bug 1429341 *** |
Description of problem: SELinux is preventing (fwupd) from 'mounton' accesses on the directory /var/lib/fwupd. ***** Plugin catchall (100. confidence) suggests ************************** If sie denken, dass es (fwupd) standardmäßig erlaubt sein sollte, mounton Zugriff auf fwupd directory zu erhalten. Then sie sollten dies als Fehler melden. Um diesen Zugriff zu erlauben, können Sie ein lokales Richtlinien-Modul erstellen. Do allow this access for now by executing: # ausearch -c '(fwupd)' --raw | audit2allow -M my-fwupd # semodule -X 300 -i my-fwupd.pp Additional Information: Source Context system_u:system_r:init_t:s0 Target Context system_u:object_r:fwupd_var_lib_t:s0 Target Objects /var/lib/fwupd [ dir ] Source (fwupd) Source Path (fwupd) Port <Unknown> Host (removed) Source RPM Packages Target RPM Packages Policy RPM <Unknown> Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 4.11.0-0.rc2.git0.1.fc26.x86_64 #1 SMP Mon Mar 13 17:14:58 UTC 2017 x86_64 x86_64 Alert Count 1 First Seen 2017-03-16 07:57:33 CET Last Seen 2017-03-16 07:57:33 CET Local ID 2400e99c-ecc6-4c6e-ae9d-c82d1a75aeca Raw Audit Messages type=AVC msg=audit(1489647453.250:264): avc: denied { mounton } for pid=2234 comm="(fwupd)" path="/var/lib/fwupd" dev="dm-0" ino=3145846 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:fwupd_var_lib_t:s0 tclass=dir permissive=0 Hash: (fwupd),init_t,fwupd_var_lib_t,dir,mounton Additional info: component: selinux-policy reporter: libreport-2.9.0 hashmarkername: setroubleshoot kernel: 4.11.0-0.rc2.git0.1.fc26.x86_64 type: libreport