1332119 – selinux errors for rpm-ostreed

Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.

Bug 1332119 - selinux errors for rpm-ostreed

Summary: selinux errors for rpm-ostreed

Keywords:
Status:	CLOSED DUPLICATE of bug 1330318
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	rpm-ostree
Sub Component:
Version:	24
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Assignee:	Colin Walters
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2016-05-02 09:23 UTC by Dusty Mabe
Modified:	2016-05-02 16:29 UTC (History)
CC List:	3 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2016-05-02 16:29:48 UTC
Type:	Bug
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Dusty Mabe 2016-05-02 09:23:41 UTC

Description of problem:

selinux errors for rpm-ostreed - see below: 


```
-bash-4.3# rpm-ostree status
error: Error calling StartServiceByName for org.projectatomic.rpmostree1: Timeout was reached
-bash-4.3# 
-bash-4.3# systemctl status rpm-ostreed
● rpm-ostreed.service - RPM OSTree Manager
   Loaded: loaded (/usr/lib/systemd/system/rpm-ostreed.service; static; vendor preset: disabled)
   Active: failed (Result: exit-code) since Mon 2016-05-02 08:16:21 UTC; 37s ago
  Process: 1204 ExecStart=/usr/libexec/rpm-ostreed (code=exited, status=203/EXEC)
 Main PID: 1204 (code=exited, status=203/EXEC)

May 02 08:16:21 vanilla-f23atomic systemd[1]: Starting RPM OSTree Manager...
May 02 08:16:21 vanilla-f23atomic systemd[1]: rpm-ostreed.service: Main process exited, code=exited, status=203/EXEC
May 02 08:16:21 vanilla-f23atomic systemd[1]: Failed to start RPM OSTree Manager.
May 02 08:16:21 vanilla-f23atomic systemd[1]: rpm-ostreed.service: Unit entered failed state.
May 02 08:16:21 vanilla-f23atomic systemd[1]: rpm-ostreed.service: Failed with result 'exit-code'.
-bash-4.3# 
-bash-4.3# ausearch -m avc | tail -n 10 
----
time->Mon May  2 08:13:47 2016
type=PROCTITLE msg=audit(1462176827.989:240): proctitle=2F7573722F6C69622F73797374656D642F73797374656D642D757365722D73657373696F6E730073746F70
type=SYSCALL msg=audit(1462176827.989:240): arch=c000003e syscall=2 success=no exit=-13 a0=560896198240 a1=800c2 a2=180 a3=0 items=0 ppid=1 pid=2233 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="systemd-user-se" exe="/usr/lib/systemd/systemd-user-sessions" subj=system_u:system_r:init_t:s0 key=(null)
type=AVC msg=audit(1462176827.989:240): avc:  denied  { create } for  pid=2233 comm="systemd-user-se" name=".#nologinGfgc45" scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:systemd_logind_var_run_t:s0 tclass=file permissive=0
----
time->Mon May  2 08:16:21 2016
type=PROCTITLE msg=audit(1462176981.808:176): proctitle="(-ostreed)"
type=SYSCALL msg=audit(1462176981.808:176): arch=c000003e syscall=59 success=no exit=-13 a0=558f2e45ea60 a1=558f2e48a000 a2=558f2e4005c0 a3=558f2e4895e0 items=0 ppid=1 pid=1204 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="(-ostreed)" exe="/usr/lib/systemd/systemd" subj=system_u:system_r:init_t:s0 key=(null)
type=AVC msg=audit(1462176981.808:176): avc:  denied  { execute } for  pid=1204 comm="(-ostreed)" name="rpm-ostreed" dev="dm-0" ino=5238905 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:install_exec_t:s0 tclass=file permissive=0
```



Version-Release number of selected component (if applicable):
-bash-4.3# rpm -qf /usr/lib/systemd/system/rpm-ostreed.service
rpm-ostree-2015.11-2.fc24.x86_64
-bash-4.3# setenforce 0
-bash-4.3# 
-bash-4.3# rpm-ostree status
  TIMESTAMP (UTC)         VERSION    ID             OSNAME            REFSPEC                                                
* 2016-04-26 09:50:11     24.19      76d6ea28b2     fedora-atomic     fedora-atomic:fedora-atomic/24/x86_64/docker-host      
  2016-04-19 19:04:34     23.106     05052ae3bb     fedora-atomic     fedora-atomic:fedora-atomic/f23/x86_64/docker-host


How reproducible:
Always

Steps to Reproduce:
1. Start on F23
2. setenforce 0
3. Rebase to F24: `rpm-ostree rebase fedora-atomic:fedora-atomic/24/x86_64/docker-host`
4. reboot
5. run `rpm-ostree status` -> see error

Comment 1 Giuseppe Scrivano 2016-05-02 10:16:26 UTC

is this a duplicate of https://bugzilla.redhat.com/show_bug.cgi?id=1309075?

Comment 2 Dusty Mabe 2016-05-02 11:16:40 UTC

(In reply to Giuseppe Scrivano from comment #1)
> is this a duplicate of https://bugzilla.redhat.com/show_bug.cgi?id=1309075?

Maybe.. Did the fix not propagate to F24? here are the differences between the latest rpms in 23 and 24 right now:  

!selinux-policy-3.13.1-158.14.fc23.noarch
=selinux-policy-3.13.1-182.fc24.noarch

!rpm-ostree-2015.11-1.fc23.x86_64
=rpm-ostree-2015.11-2.fc24.x86_64

Comment 3 Dusty Mabe 2016-05-02 11:19:19 UTC

Giuseppe, Can you follow my reproducer steps and observe the issue?

Comment 4 Dusty Mabe 2016-05-02 16:26:13 UTC

Now that we have an image building for F24 you can just boot the following image and reproduce the issue:

https://kojipkgs.fedoraproject.org//work/tasks/5745/13885745/Fedora-Atomic-24-20160502.n.0.x86_64.qcow2

Comment 5 Colin Walters 2016-05-02 16:29:48 UTC


*** This bug has been marked as a duplicate of bug 1330318 ***

Note You need to log in before you can comment on or make changes to this bug.