Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.
Bug 1510478
| Summary: | SELinux is preventing vboxdrv.sh from 'create' accesses on the plik vbox-install.log. | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Marcin <marcin.wolyniak> |
| Component: | selinux-policy | Assignee: | Lukas Vrabec <lvrabec> |
| Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 28 | CC: | a0c42f44, ajacocks, A.J.Caines+RedHat, alex.go4more, a.lloyd.flanagan, andre.ocosta, andresandoval992, bexelbie, biddzy100, chad.farmer, chiguy1256, cristianockg, cutnioff, ddssantana89, deciccomarco71, dorianbullerwell, dwalsh, e.nedelec, gerald.goemaere, harivsc, iankarlwallace, jc.anicesa, jmetias, js.developer.undefined, kaig55, ketarino, leo.knoll.lk, lvrabec, lzavacky, madelfresno, maksim.radevski, mgrepl, ms, neoxant, nicolas, pavel.ondracka, plautrba, pmviva, pokhojo, qosmo96, rafael.ruiz, rgarcia2999, r_mun, robertogv64, royyvan1, sami, steffen, sungdh86, toch.in.go, tom.tdw, ulf.seltmann |
| Target Milestone: | --- | Keywords: | Reopened |
| Target Release: | --- | ||
| Hardware: | x86_64 | ||
| OS: | Unspecified | ||
| Whiteboard: | abrt_hash:d6b53ff203fa077bd9359a2559988acdc3420cdc04ece0f02d28f2b9767ab9b8; | ||
| Fixed In Version: | selinux-policy-3.14.1-44.fc28 | Doc Type: | If docs needed, set a value |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2018-10-09 03:09:37 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
*** Bug 1513571 has been marked as a duplicate of this bug. *** Description of problem: I've installed VirtualBox using a package downloaded from the project web page. Additional info: reporter: libreport-2.9.3 hashmarkername: setroubleshoot kernel: 4.13.15-300.fc27.x86_64 type: libreport *** Bug 1538038 has been marked as a duplicate of this bug. *** *** Bug 1540655 has been marked as a duplicate of this bug. *** Description of problem: I was configuring a virtual machine in Oracle VirtualBox that would run ReactOS with 256MiB RAM and 4GiB Storage. On startup it errored out that I should start "/vboxconfig" file in "/sbin/" folder as root. Even that errored out. What should I do? Here are my system specifications: (It's a laptop) CPU: Intel Pentium N3540 2.16GHz 4-Core RAM: 4GiB DDR3 GPU: Integrated Intel HD Graphics Mobile 1536MiB vRAM HDD: 500GiB HDD (40GiB allocated to Fedora) (GPT Partition Table) Display: Internal TN 1366x768 15,6" + External 1080p IPS Display (Connected through VGA) OS: Fedora 27 64-bit + Windows 8.1 Pro 64-bit Version-Release number of selected component: selinux-policy-3.13.1-283.21.fc27.noarch Additional info: reporter: libreport-2.9.3 hashmarkername: setroubleshoot kernel: 4.14.16-300.fc27.x86_64 type: libreport Description of problem: I start manually vboxdrv when i want to use VirtualBox: sudo systemctl start vboxdrv.service I use VirtualBox 5.2 from Oracle repository. Version-Release number of selected component: selinux-policy-3.13.1-283.24.fc27.noarch Additional info: reporter: libreport-2.9.3 hashmarkername: setroubleshoot kernel: 4.14.16-300.fc27.x86_64 type: libreport Description of problem: Unfortunately am not aware that I did anything to activate vboxdrv.sh. Perhaps it was related to SELinux problems on rpm upgrades? Additional info: reporter: libreport-2.9.3 hashmarkername: setroubleshoot kernel: 4.15.3-300.fc27.x86_64 type: libreport Description of problem: Updated VirtualBox Version-Release number of selected component: selinux-policy-3.13.1-283.26.fc27.noarch Additional info: reporter: libreport-2.9.3 hashmarkername: setroubleshoot kernel: 4.15.6-300.fc27.x86_64 type: libreport Description of problem: Upgrading from Fedora 25 to 27 I was no longer able to launch Virtualbox. Version-Release number of selected component: selinux-policy-3.13.1-283.26.fc27.noarch Additional info: reporter: libreport-2.9.3 hashmarkername: setroubleshoot kernel: 4.15.6-300.fc27.x86_64 type: libreport Description of problem: don't have details, noticed this just after upgrading from F26 to F27 HTH Version-Release number of selected component: selinux-policy-3.13.1-283.29.fc27.noarch Additional info: reporter: libreport-2.9.3 hashmarkername: setroubleshoot kernel: 4.15.12-301.fc27.x86_64 type: libreport Description of problem: During the upgrade process, after package installation, VirtualBox was attempting to rebuild its modules. The attempt to log the creation of the modules failed, due to SELinux restrictions. Version-Release number of selected component: selinux-policy-3.13.1-283.30.fc27.noarch Additional info: reporter: libreport-2.9.3 hashmarkername: setroubleshoot kernel: 4.15.13-300.fc27.x86_64 type: libreport Reopening as original reporter closed it but this keeps getting marked as the master for new reports. Description of problem: When turn on pc, after login password it stuck frezed, I manually reboot and then I receive the SELINUX error report Version-Release number of selected component: selinux-policy-3.13.1-283.32.fc27.noarch Additional info: reporter: libreport-2.9.3 hashmarkername: setroubleshoot kernel: 4.16.3-200.fc27.x86_64 type: libreport Description of problem: I updated Fedora (dnf update) and it started to report some selinux problems like this Version-Release number of selected component: selinux-policy-3.13.1-283.35.fc27.noarch Additional info: reporter: libreport-2.9.3 hashmarkername: setroubleshoot kernel: 4.16.17-200.fc27.x86_64 type: libreport Description of problem: 1. Downloaded and installed VirtualBox with rpm file and rpm fusion then used dnf install to install the kernel. 2. Kept installing older version of VirtualBox so installed direct from their repository 3. New to linux so didn't keep track of the files and couldn't tell if I deleted or cleaned up all the unecessary files 4. Left then kept getting notifications about tainted modules "vboxdrv" 5. Thought I deleted the modules but obviously not Version-Release number of selected component: selinux-policy-3.13.1-283.34.fc27.noarch Additional info: reporter: libreport-2.9.3 hashmarkername: setroubleshoot kernel: 4.17.3-100.fc27.x86_64 type: libreport Description of problem: After upgrading system Kernel and some other packages, rebooted system and this message poped up. Additional info: reporter: libreport-2.9.3 hashmarkername: setroubleshoot kernel: 4.17.5-100.fc27.x86_64 type: libreport *** Bug 1575220 has been marked as a duplicate of this bug. *** Description of problem: On July 26 I did a "dnf --refresh upgrade". On subsequent login was presented with this SELinux error. On desktop login I was presented with the SELinux altert. I assume a script should be able to create a log file in /var/log, so I'm submitting a bug report. Version-Release number of selected component: selinux-policy-3.13.1-283.35.fc27.noarch Additional info: reporter: libreport-2.9.3 hashmarkername: setroubleshoot kernel: 4.17.7-100.fc27.x86_64 type: libreport Description of problem: Having installed oracle VM I received the SELinux secruity alert straight away Version-Release number of selected component: selinux-policy-3.13.1-283.35.fc27.noarch Additional info: reporter: libreport-2.9.3 hashmarkername: setroubleshoot kernel: 4.17.11-100.fc27.x86_64 type: libreport Description of problem: Oracle VirtualBox VM On 4.13.16.302 FC 27 Version-Release number of selected component: selinux-policy-3.14.1-37.fc28.noarch Additional info: reporter: libreport-2.9.5 hashmarkername: setroubleshoot kernel: 4.13.16-302.fc27.x86_64 type: libreport Description of problem: Occurs after dnf update and reboot Version-Release number of selected component: selinux-policy-3.14.1-37.fc28.noarch Additional info: reporter: libreport-2.9.5 hashmarkername: setroubleshoot kernel: 4.17.12-200.fc28.x86_64 type: libreport bumping to F28 as it is still present. Description of problem: Installed virtual box via rpm. rebooted. Version-Release number of selected component: selinux-policy-3.14.1-40.fc28.noarch Additional info: reporter: libreport-2.9.5 hashmarkername: setroubleshoot kernel: 4.17.14-202.fc28.x86_64 type: libreport Description of problem: After doing 'sudo dnf update' I rebooted my machine and when I logged in again, the first notification I got was from SELinux giving me this warning message about vboxdrv. But other than that I dont know what caused it, I suspect that it has always been this way but now it is just being detected. Note THIS IS REALLY COOL THAT THIS VERSION OF FEDORA INTEGRATES SELINUX AND BUG REPORTING ON THE OS-LEVEL! I LOVE IT!!! Version-Release number of selected component: selinux-policy-3.14.1-40.fc28.noarch Additional info: reporter: libreport-2.9.5 hashmarkername: setroubleshoot kernel: 4.17.14-202.fc28.x86_64 type: libreport Description of problem: Recent upgrade with 'dnf upgrade' and then reboot caused SELinux to start complaining on startup that doesn't have access to log file. Version-Release number of selected component: selinux-policy-3.14.1-40.fc28.noarch Additional info: reporter: libreport-2.9.5 hashmarkername: setroubleshoot kernel: 4.17.14-202.fc28.x86_64 type: libreport Description of problem: kernel update Version-Release number of selected component: selinux-policy-3.14.1-40.fc28.noarch Additional info: reporter: libreport-2.9.5 hashmarkername: setroubleshoot kernel: 4.17.18-200.fc28.x86_64 type: libreport Description of problem: happened on system re-start-up after kernel update Version-Release number of selected component: selinux-policy-3.14.1-40.fc28.noarch Additional info: reporter: libreport-2.9.5 hashmarkername: setroubleshoot kernel: 4.17.19-200.fc28.x86_64 type: libreport Description of problem: On booting after updating new kernel. I can allow this access for now by executing (local policy): # ausearch -c 'vboxdrv.sh' --raw | audit2allow -M my-vboxdrvsh # semodule -X 300 -i my-vboxdrvsh.pp but on the next kernel update the problem comes back. Version-Release number of selected component: selinux-policy-3.14.1-40.fc28.noarch Additional info: reporter: libreport-2.9.5 hashmarkername: setroubleshoot kernel: 4.17.19-200.fc28.x86_64 type: libreport Hi, No if you add SELinux module as you mentioned in your comment: I can allow this access for now by executing (local policy): # ausearch -c 'vboxdrv.sh' --raw | audit2allow -M my-vboxdrvsh # semodule -X 300 -i my-vboxdrvsh.pp The change will be permanent. Description of problem: Booted system Version-Release number of selected component: selinux-policy-3.14.1-40.fc28.noarch Additional info: reporter: libreport-2.9.5 hashmarkername: setroubleshoot kernel: 4.17.19-200.fc28.x86_64 type: libreport Description of problem: SEApplet show me this alert after logging in. No other tasks been performed prior this. Version-Release number of selected component: selinux-policy-3.14.1-42.fc28.noarch Additional info: reporter: libreport-2.9.5 hashmarkername: setroubleshoot kernel: 4.18.5-200.fc28.x86_64 type: libreport Description of problem: SELinux message occuring after update. Version-Release number of selected component: selinux-policy-3.14.1-42.fc28.noarch Additional info: reporter: libreport-2.9.5 hashmarkername: setroubleshoot kernel: 4.18.7-200.fc28.x86_64 type: libreport selinux-policy-3.14.1-44.fc28 has been submitted as an update to Fedora 28. https://bodhi.fedoraproject.org/updates/FEDORA-2018-5e18426088 selinux-policy-3.14.1-44.fc28 has been pushed to the Fedora 28 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-5e18426088 selinux-policy-3.14.1-44.fc28 has been pushed to the Fedora 28 stable repository. If problems still persist, please make note of it in this bug report. *** Bug 1639033 has been marked as a duplicate of this bug. *** |
Description of problem: Automatic vbox creation of modules during startup with new kernel. Happened after upgrade to current Fedora 27. SELinux is preventing vboxdrv.sh from 'create' accesses on the file vbox-install.log. ***** Plugin catchall (100. confidence) suggests ************************** If aby vboxdrv.sh powinno mieć domyślnie create dostęp do vbox-install.log file. Then proszę to zgłosić jako błąd. Można utworzyć lokalny moduł polityki, aby umożliwić ten dostęp. Do allow this access for now by executing: # ausearch -c 'vboxdrv.sh' --raw | audit2allow -M my-vboxdrvsh # semodule -X 300 -i my-vboxdrvsh.pp Additional Information: Source Context system_u:system_r:init_t:s0 Target Context system_u:object_r:var_log_t:s0 Target Objects vbox-install.log [ file ] Source vboxdrv.sh Source Path vboxdrv.sh Port <Nieznane> Host (removed) Source RPM Packages Target RPM Packages Policy RPM <Nieznane> Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 4.11.9-200.fc25.x86_64 #1 SMP Wed Jul 5 18:19:05 UTC 2017 x86_64 x86_64 Alert Count 16 First Seen 2017-03-24 19:39:25 CET Last Seen 2017-07-15 21:57:09 CEST Local ID 51b6b8d7-a220-4ca2-a474-072282e29a70 Raw Audit Messages type=AVC msg=audit(1500148629.125:95): avc: denied { create } for pid=1584 comm="vboxdrv.sh" name="vbox-install.log" scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:var_log_t:s0 tclass=file permissive=0 Hash: vboxdrv.sh,init_t,var_log_t,file,create Additional info: component: selinux-policy reporter: libreport-2.9.2 hashmarkername: setroubleshoot kernel: 4.13.9-300.fc27.x86_64 type: libreport Potential duplicate: bug 1381179