On Mon, Apr 13, 2020 at 8:23 PM Sreyan Chakravarty <sreyan32@xxxxxxxxx> wrote:
Edit:> The message from the troubleshooter suggests that you run two commands
> to get around the issue until it's fixed. Just follow them and you'll
> be OK.
Can you please explain what they are doing, I don't know anything about SELinux.
SELinux only knows about labels, type is the main part. The init_t is a type of a process. It requested an access to a resource which was denied by kernel, according to SELinux rules. In the report, we can see a request to read a file with type swapfile_t.type
If you create a file with the suggested content and insert it as a custom SELinux module, it will allow a group of common permissions required to open and read a file. This change persists boot.
Also how do I reverse the commands once the bug is fixed in upstream ?
Remove the module:
semodule -r local_init_swapfile
Any time, you can list modules, and possibly narrow the list:
semodule -lfull | grep local_
400 local_init_swapfile cil
400 local_init_swapfile cil
On Mon, Apr 13, 2020 at 11:50 PM Sreyan Chakravarty <sreyan32@xxxxxxxxx> wrote:Can you please explain what they are doing, I don't know anything about SELinux.Also how do I reverse the commands once the bug is fixed in upstream ?On Mon, Apr 13, 2020 at 11:39 PM Joe Zeff <joe@xxxxxxx> wrote:On 04/13/2020 11:57 AM, Zdenek Pytela wrote:
> I don't know a whole lot about SELinux, do I have to add a label or
> something?
The message from the troubleshooter suggests that you run two commands
to get around the issue until it's fixed. Just follow them and you'll
be OK.
_______________________________________________
users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx
--Regards,Sreyan Chakravarty--_______________________________________________Regards,Sreyan Chakravarty
users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx
--
Zdenek Pytela
Security controls team, sst_platform_security
_______________________________________________ users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx
