Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.
Bug 984981
Summary: | SELinux is preventing systemd-tmpfile from using the 'sys_admin' capabilities. | ||||||
---|---|---|---|---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | plioski | ||||
Component: | selinux-policy | Assignee: | Miroslav Grepl <mgrepl> | ||||
Status: | CLOSED INSUFFICIENT_DATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||
Severity: | unspecified | Docs Contact: | |||||
Priority: | unspecified | ||||||
Version: | 19 | CC: | dominick.grift, dwalsh, eparis, lvrabec, mgrepl, plioski, systemd-maint, tpeplt | ||||
Target Milestone: | --- | ||||||
Target Release: | --- | ||||||
Hardware: | x86_64 | ||||||
OS: | Unspecified | ||||||
Whiteboard: | abrt_hash:dabdb3d7f945694ae5513e7b4e16db3ebca82513ae82b5eba8cac07ce507c5eb | ||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2014-08-22 12:15:29 UTC | Type: | --- | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Attachments: |
|
Description
plioski
2013-07-16 14:01:44 UTC
Would be nice if we new what syscall it was attempting. Did you stop collecting the SYSCALL record Dan? There should always be a SYSCALL record in the audit log, even if no rules are loaded. Loading rules only gives you PATHNAME records... This is the second bug without an associated SYSCALL record... No code changes to this code in years. plioski Can you attach the output of ausearch -m avc -i Created attachment 915737 [details]
Comment
(This comment was longer than 65,535 characters and has been moved to an attachment by Red Hat Bugzilla).
Why is systemd-tmpfiles going into /sys/kernel/debug/vgaswitcheroo/switch? Description of problem: The SELinux alert simply appeared, likely due to the systemd-tmpfile service carrying out its tasks to remove old temporary files. Additional info: reporter: libreport-2.1.6 hashmarkername: setroubleshoot kernel: 3.10.5-201.fc19.x86_64 type: libreport I am suprised to see it in those directories. /sys/kernel/debug/vgaswitcheroo/switch Hmm, is there some tmpfiles snippet listing things in /sys/kernel/ on your machine? I.e. do you see anything in /etc/sysctl.d or /usr/lib/sysctl.d/ referencing those dirs? If so, which package is that file from? |