Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.
Bug 1586329
Summary: | SELinux is preventing iw from 'write' accesses on the file /run/tlp/lock_tlp. | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | goghard |
Component: | selinux-policy | Assignee: | Lukas Vrabec <lvrabec> |
Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | unspecified | Docs Contact: | |
Priority: | unspecified | ||
Version: | 28 | CC: | albin, alex.go4more, arsalanrezazadeh4, bugzilla, dwalsh, ep, esm, jeg1972, jltastet.public+redhat, lvrabec, mgrepl, michael.scheiffler, mjclopes, mmalik, plautrba, pmoore, seb |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | x86_64 | ||
OS: | Linux | ||
Whiteboard: | abrt_hash:7bb98eff09db578f92e6b6786d9a3a24547375babba86273a01aedc9f76717e2; | ||
Fixed In Version: | selinux-policy-3.14.1-36.fc28 | Doc Type: | If docs needed, set a value |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2018-07-29 03:22:13 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
goghard
2018-06-06 02:07:02 UTC
# ls -Z /run/tlp/lock_tlp system_u:object_r:tlp_var_run_t:s0 /run/tlp/lock_tlp # matchpathcon /run/tlp/lock_tlp /run/tlp/lock_tlp system_u:object_r:var_run_t:s0 # I believe the problem is the first fcontext pattern: # semanage fcontext -l | grep tlp /run/tlp(/.*)? all files system_u:object_r:tlp_var_run_t:s0 /usr/lib/systemd/system/((tlp-sleep.*)|(tlp.*)) regular file system_u:object_r:tlp_unit_file_t:s0 /usr/sbin/tlp regular file system_u:object_r:tlp_exec_t:s0 /var/lib/tlp(/.*)? all files system_u:object_r:tlp_var_lib_t:s0 # The fcontext pattern should look this way: /var/run/tlp(/.*)? all files system_u:object_r:tlp_var_run_t:s0 Use of restorecon does not help the reporter: # restorecon -vn /run/tlp/lock_tlp Would relabel /run/tlp/lock_tlp from system_u:object_r:tlp_var_run_t:s0 to system_u:object_r:var_run_t:s0 # If the fcontext pattern was correctly defined, the denial would not have appeared, because appropriate rule is already present: # sesearch -s ifconfig_t -t tlp_var_run_t -c file -A allow ifconfig_t tlp_var_run_t:file { append create getattr ioctl link lock open read rename setattr unlink write }; # Tested on: # rpm -qa selinux\* | sort selinux-policy-3.14.1-30.fc28.noarch selinux-policy-devel-3.14.1-30.fc28.noarch selinux-policy-doc-3.14.1-30.fc28.noarch selinux-policy-minimum-3.14.1-30.fc28.noarch selinux-policy-mls-3.14.1-30.fc28.noarch selinux-policy-targeted-3.14.1-30.fc28.noarch # *** Bug 1585486 has been marked as a duplicate of this bug. *** *** Bug 1585485 has been marked as a duplicate of this bug. *** *** Bug 1577532 has been marked as a duplicate of this bug. *** *** Bug 1510249 has been marked as a duplicate of this bug. *** Not solved in selinux-policy-3.14.1-32.fc28.noarch :( Description of problem: After received the following updates: cinnamon-3.8.7-1.fc28.x86_64 Mon 09 Jul 2018 07:48:45 AM WEST nemo-3.8.4-1.fc28.x86_64 Mon 09 Jul 2018 07:48:43 AM WEST nemo-extensions-3.8.4-1.fc28.x86_64 Mon 09 Jul 2018 07:48:42 AM WEST After rebooting the machine iv start to receive the notifications on continuous loop Version-Release number of selected component: selinux-policy-3.14.1-32.fc28.noarch Additional info: reporter: libreport-2.9.5 hashmarkername: setroubleshoot kernel: 4.17.3-200.fc28.x86_64 type: libreport selinux-policy-3.14.1-36.fc28 has been submitted as an update to Fedora 28. https://bodhi.fedoraproject.org/updates/FEDORA-2018-1050fb248b selinux-policy-3.14.1-36.fc28 has been pushed to the Fedora 28 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-1050fb248b The problem is still present with selinux-policy-3.14.1-36.fc28. See: 1609307 selinux-policy-3.14.1-36.fc28 has been pushed to the Fedora 28 stable repository. If problems still persist, please make note of it in this bug report. Description of problem: Running TLP on Fedora 28. Dell XPS 9560, every time I plug in the power cable I get the SELinux error Version-Release number of selected component: selinux-policy-3.14.1-32.fc28.noarch Additional info: reporter: libreport-2.9.5 hashmarkername: setroubleshoot kernel: 4.17.7-200.fc28.x86_64 type: libreport Description of problem: installet TLP for PowerManagment on Fedora 28 and after a wakeup from standby this came up. Version-Release number of selected component: selinux-policy-3.14.1-37.fc28.noarch Additional info: reporter: libreport-2.9.5 hashmarkername: setroubleshoot kernel: 4.17.11-200.fc28.x86_64 type: libreport Description of problem: Installer TLP on Fedora 28 and after wake up from standby this message came up. Version-Release number of selected component: selinux-policy-3.14.1-37.fc28.noarch Additional info: reporter: libreport-2.9.5 hashmarkername: setroubleshoot kernel: 4.17.11-200.fc28.x86_64 type: libreport Description of problem: after installing TLP after a first troubleshoot here we are with this second one good luck guys Version-Release number of selected component: selinux-policy-3.14.1-32.fc28.noarch Additional info: reporter: libreport-2.9.5 hashmarkername: setroubleshoot kernel: 4.17.6-200.fc28.x86_64 type: libreport Still affected on Fedora 28, with selinux-policy-3.14.1-42.fc28. Running `sudo systemctl start tlp` results in an AVC and the TLP service fails to start: ● tlp.service - TLP system startup/shutdown Loaded: loaded (/usr/lib/systemd/system/tlp.service; enabled; vendor preset: enabled) Active: failed (Result: exit-code) since Mon 2018-09-24 19:34:56 CEST; 2min 54s ago Docs: http://linrunner.de/tlp Process: 21073 ExecStart=/usr/sbin/tlp init start (code=exited, status=1/FAILURE) Main PID: 21073 (code=exited, status=1/FAILURE) Sep 24 19:34:56 jl-xps systemd[1]: Starting TLP system startup/shutdown... Sep 24 19:34:56 jl-xps systemd[1]: tlp.service: Main process exited, code=exited, status=1/FAILURE Sep 24 19:34:56 jl-xps systemd[1]: tlp.service: Failed with result 'exit-code'. Sep 24 19:34:56 jl-xps systemd[1]: Failed to start TLP system startup/shutdown. The relevant part of the journal seems to be: -- Subject: Unit tlp.service has begun start-up -- Defined-By: systemd -- Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit tlp.service has begun starting up. Sep 24 19:37:53 jl-xps audit[21411]: AVC avc: denied { open } for pid=21411 comm="tlp" path="/run/tlp/lock_tlp" dev="tmpfs" ino=291918 scontext=system_u:system_r:tlp_t:s0 tcontext=unconfined_u:object_r:var_ru> Sep 24 19:37:53 jl-xps audit[21411]: AVC avc: denied { open } for pid=21411 comm="tlp" path="/run/tlp/lock_tlp" dev="tmpfs" ino=291918 scontext=system_u:system_r:tlp_t:s0 tcontext=unconfined_u:object_r:var_ru> Sep 24 19:37:53 jl-xps systemd[1]: tlp.service: Main process exited, code=exited, status=1/FAILURE Sep 24 19:37:53 jl-xps systemd[1]: tlp.service: Failed with result 'exit-code'. Sep 24 19:37:53 jl-xps systemd[1]: Failed to start TLP system startup/shutdown. -- Subject: Unit tlp.service has failed -- Defined-By: systemd -- Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit tlp.service has failed. -- -- The result is RESULT. Description of problem: When resuming the laptop from suspend, with TLP enabled. Version-Release number of selected component: selinux-policy-3.14.1-42.fc28.noarch Additional info: reporter: libreport-2.9.5 hashmarkername: setroubleshoot kernel: 4.18.6-301.local.fc29.x86_64 type: libreport Description of problem: 1- installed tlp 2-in each shutdown Selinux give this error 3- also tlp service is not active 4- systemctl status give a faild to running tlp 5- lock_tlp error I use fedora 27 Version-Release number of selected component: selinux-policy-3.13.1-284.37.fc27.noarch Additional info: reporter: libreport-2.9.3 hashmarkername: setroubleshoot kernel: 4.18.12-100.fc27.x86_64 type: libreport |