1536579 – current mock triggers SElinux AVC's, and fails to stop some processes

Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.

Bug 1536579 - current mock triggers SElinux AVC's, and fails to stop some processes

Summary: current mock triggers SElinux AVC's, and fails to stop some processes

Keywords:
Status:	CLOSED WORKSFORME
Alias:	None
Product:	Fedora EPEL
Classification:	Fedora
Component:	mock
Sub Component:
Version:	epel7
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Assignee:	Miroslav Suchý
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:	1528414
Blocks:
TreeView+	depends on / blocked

Reported:	2018-01-19 16:52 UTC by R P Herrold
Modified:	2023-09-12 01:22 UTC (History)
CC List:	7 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:	1528414
Environment:
Last Closed:	2020-02-24 07:35:01 UTC
Type:	Bug
Embargoed:

Attachments	(Terms of Use)

Description R P Herrold 2018-01-19 16:52:05 UTC

+++ This bug was initially created as a clone of Bug #1528414 +++

[herrold@centos-7 bin]$ ./which-signer.sh mock
mock-1.4.7-2.el7.noarch
Fedora EPEL (7) <epel> 352c64e5 52ae6884 
Version-Release number of selected component (if applicable):

mock-1.4.7-2.el7.noarch

How reproducible:

0. install fedora-review

1. mkdir a temporary directory 

2. place a SRPM and accompanying SPEC file in a directory

3. run: fedora-review -n ./directory/${packagename}

this eventually shells off into mock, and dies (it does a couple retries) for want of the needed directory

I patched to get past the missing directory issue, so I could look further

...

--- Additional comment from R P Herrold on 2018-01-19 11:43:37 EST ---

interestingly, I am not getting SElinux denials once past the first item

type=USER_AVC msg=audit(1516379905.117:47328): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='avc:  denied  { stop } for auid=n/a uid=0 gid=0 path="/run/systemd/system/machine-86355ec3dedd4b5784e215aefd50b775.scope" cmdline="/usr/lib/systemd/systemd-machined" scontext=system_u:system_r:systemd_machined_t:s0 tcontext=system_u:object_r:systemd_unit_file_t:s0 tclass=service  exe="/usr/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?'


Do you want this in a separate bug, cloned from this one?

(later)

I looked and there was not an open and relevant mock bug on this, so I cloned it

Comment 1 Pavel Raiskup 2019-11-06 08:25:15 UTC

Can you please test with mock-1.4.21 from
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-0549ec172d ?

Comment 2 Pavel Raiskup 2020-02-24 07:35:01 UTC

Closing for inactivity.  Please reopen if you still observe the same problem.

Comment 3 Red Hat Bugzilla 2023-09-12 01:22:29 UTC

The needinfo request[s] on this closed bug have been removed as they have been unresolved for 1000 days

Note You need to log in before you can comment on or make changes to this bug.