1395211 – Installation throws avc unlink hwdb.bin

Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.

Bug 1395211 - Installation throws avc unlink hwdb.bin

Summary: Installation throws avc unlink hwdb.bin

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	systemd
Sub Component:
Version:	24
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Assignee:	systemd-maint
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2016-11-15 12:17 UTC by Jakub Jelen
Modified:	2017-02-06 01:49 UTC (History)
CC List:	16 users (show)
Fixed In Version:	systemd-229-17.fc24
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2017-02-06 01:49:00 UTC
Type:	Bug
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Jakub Jelen 2016-11-15 12:17:06 UTC

Description of problem:
The installation of Fedora 24 (in Beaker) throws the following messages on console and the AVC in the dmesg. According to Lukas, the hwdb.bin is mislabeled in this stage. Feel free to reassign if some other component is to blame.

[   13.080232] audit: type=1400 audit(1479154609.302:51): avc:  denied  { unlink } for  pid=531 comm="systemd-hwdb" name="hwdb.bin" dev="dm-0" ino=1704577 scontext=system_u:system_r:systemd_hwdb_t:s0 tcontext=system_u:object_r:etc_t:s0 tclass=file permissive=0 
[   13.105672] audit: type=1300 audit(1479154609.302:51): arch=c000003e syscall=82 success=no exit=-13 a0=5577a10d90b0 a1=5577a112a800 a2=7ff21c51ab58 a3=20 items=0 ppid=1 pid=531 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="systemd-hwdb" exe="/usr/bin/systemd-hwdb" subj=system_u:system_r:systemd_hwdb_t:s0 key=(null) 


Version-Release number of selected component (if applicable):
selinux-policy-3.13.1-191.20.fc24.noarch
[    9.309352] systemd[1]: systemd 229 running in system mode. (+PAM +AUDIT +SELINUX +IMA -APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT +GNUTLS +ACL +XZ +LZ4 +SECCOMP +BLKID +ELFUTILS +KMOD +IDN) 

How reproducible:
always

Steps to Reproduce:
1. Install Fedora 24 in Beaker

Actual results:
2. see the dmesg/console with errors

Expected results:
no errors

Additional info:
Messages with a bit more context:

] Mounted NFSD configuration filesystem.  
[      
  OK   [[   12.808910] audit: type=1130 audit(1479154609.031:50): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=lvm2-monitor comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' 
0m] Started Monitoring of LVM2 mirrors,...ng dmeventd or progress polling.  
[   13.080232] audit: type=1400 audit(1479154609.302:51): avc:  denied  { unlink } for  pid=531 comm="systemd-hwdb" name="hwdb.bin" dev="dm-0" ino=1704577 scontext=system_u:system_r:systemd_hwdb_t:s0 tcontext=system_u:object_r:etc_t:s0 tclass=file permissive=0 
[   13.105672] audit: type=1300 audit(1479154609.302:51): arch=c000003e syscall=82 success=no exit=-13 a0=5577a10d90b0 a1=5577a112a800 a2=7ff21c51ab58 a3=20 items=0 ppid=1 pid=531 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="systemd-hwdb" exe="/usr/bin/systemd-hwdb" subj=system_u:system_r:systemd_hwdb_t:s0 key=(null) 
[   13.105677] audit: type=1327 audit(1479154609.302:51): proctitle=2F7573722F62696E2F73797374656D642D6877646200757064617465 
[   13.154784] audit: type=1130 audit(1479154609.378:52): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=fedora-readonly comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' 
[      
  OK     
] Started Configure read-only root support.

Comment 1 Lukas Vrabec 2016-12-08 16:18:38 UTC

Michal, we have this issue again.

Comment 2 Jan Pazdziora 2017-01-10 13:46:49 UTC

Any word on getting this bug fixed? It seems to have gotten errata in RHEL, via bug 1343648.

Comment 3 Michal Sekletar 2017-01-16 15:00:55 UTC

Yes, this was fixed in RHEL but those patches were never backported to Fedora.

Comment 4 Michal Sekletar 2017-01-16 15:11:21 UTC

https://src.fedoraproject.org/cgit/rpms/systemd.git/commit/?h=f24&id=6037cb4380b3411bbac912ceb2828cc0d324a265 -> POST

Comment 5 Fedora Update System 2017-02-01 11:15:45 UTC

systemd-229-17.fc24 has been submitted as an update to Fedora 24. https://bodhi.fedoraproject.org/updates/FEDORA-2017-7fac567c88

Comment 6 Fedora Update System 2017-02-01 22:48:09 UTC

systemd-229-17.fc24 has been pushed to the Fedora 24 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2017-7fac567c88

Comment 7 Fedora Update System 2017-02-06 01:49:00 UTC

systemd-229-17.fc24 has been pushed to the Fedora 24 stable repository. If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.