Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.
Bug 1973808
Summary: | SELinux is preventing /usr/bin/file from 'search' accesses on the directory /dev/dma_heap/system. | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Michael Setzer II <mikes> |
Component: | selinux-policy | Assignee: | Zdenek Pytela <zpytela> |
Status: | ON_QA --- | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 33 | CC: | dwalsh, grepl.miroslav, lvrabec, mmalik, ncarboni, omosnace, vmojzis, zpytela |
Target Milestone: | --- | Keywords: | Triaged |
Target Release: | --- | ||
Hardware: | x86_64 | ||
OS: | Unspecified | ||
Whiteboard: | abrt_hash:f782e24f5987b5e5adad5944db5d628f806c2b08704562b6ddc71cb864c9e721;VARIANT_ID=workstation; | ||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | Type: | --- | |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Michael Setzer II
2021-06-18 18:34:42 UTC
I've submitted a Fedora PR to backport the solution to F33: https://github.com/fedora-selinux/selinux-policy/pull/788 For anyone else who might be running into this.. Relabeling after disabling selinux didn't work for me, but I was able to get things working again by doing a `dnf downgrade selinux-policy` which brought me from selinux-policy-3.14.6-38.fc33.noarch to selinux-policy-3.14.6-28.fc33.noarch. This issue was preventing docker from running some containers for me with audit logs like the following: type=AVC msg=audit(1624300881.843:1562): avc: denied { read } for pid=1760 comm="dockerd" name="dma_heap" dev="devtmpfs" ino=150 scontext=system_u:system_r:container_runtime_t:s0 tcontext=system_u:object_r:dma_device_t:s0 tclass=dir permissive=0 FEDORA-2021-3b341e9e71 has been submitted as an update to Fedora 33. https://bodhi.fedoraproject.org/updates/FEDORA-2021-3b341e9e71 FEDORA-2021-3b341e9e71 has been pushed to the Fedora 33 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2021-3b341e9e71` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2021-3b341e9e71 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates. |