Re: SELinux is preventing systemctl from read access on the file SecureBoot-8be4df61-93ca-11d2-aa0d-00e098032b8c.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 





On Sun, May 17, 2020 at 9:45 AM Joseph Wagner <joe@xxxxxxxxxxxxxxxxxx> wrote:

I've tried relabeling, and the problem still persists.  Should I report this as a bug, or this a config problem on my end?

Hi Joseph,

This bug has already been reported:
https://bugzilla.redhat.com/show_bug.cgi?id=1827972

It is a similar bug to the one pointed to by Johannes, but requires a different approach.

Joseph D. Wagner


SELinux is preventing systemctl from read access on the file SecureBoot-8be4df61-93ca-11d2-aa0d-00e098032b8c.


***** Plugin catchall (100. confidence) suggests **************************

If you believe that systemctl should be allowed read access on the SecureBoot-8be4df61-93ca-11d2-aa0d-00e098032b8c file by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# ausearch -c 'systemctl' --raw | audit2allow -M my-systemctl
# semodule -X 300 -i my-systemctl.pp

Additional Information:
Source Context system_u:system_r:logrotate_t:s0
Target Context system_u:object_r:efivarfs_t:s0
Target Objects SecureBoot-8be4df61-93ca-11d2-aa0d-00e098032b8c [
file ]
Source systemctl
Source Path systemctl
Port
Host localhost.localdomain
Source RPM Packages
Target RPM Packages
SELinux Policy RPM selinux-policy-targeted-3.14.5-38.fc32.noarch
Local Policy RPM selinux-policy-targeted-3.14.5-38.fc32.noarch
Selinux Enabled True
Policy Type targeted
Enforcing Mode Enforcing
Host Name localhost.localdomain
Platform Linux localhost.localdomain 5.6.11-300.fc32.x86_64
#1 SMP Wed May 6 19:12:19 UTC 2020 x86_64 x86_64
Alert Count 5
First Seen 2020-05-15 03:26:10 PDT
Last Seen 2020-05-17 00:01:02 PDT
Local ID e5acdc0f-f979-4bb7-9889-1fa1e1a1586b

Raw Audit Messages
type=AVC msg=audit(1589698862.374:769): avc: denied { read } for pid=112829 comm="systemctl" name="SecureBoot-8be4df61-93ca-11d2-aa0d-00e098032b8c" dev="efivarfs" ino=15503 scontext=system_u:system_r:logrotate_t:s0 tcontext=system_u:object_r:efivarfs_t:s0 tclass=file permissive=0


Hash: systemctl,logrotate_t,efivarfs_t,file,read
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx


--

Zdenek Pytela
Security controls team
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Users]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]

  Powered by Linux