https://bugzilla.redhat.com/show_bug.cgi?id=1268716 Jared Smith <jsmith.fedora@xxxxxxxxx> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |ASSIGNED --- Comment #34 from Jared Smith <jsmith.fedora@xxxxxxxxx> --- Please also note that I was doing additional testing on cjdns last night, I got severa SELinux alerts, specifically around cjdroute trying to access things it didn't have permissions to. I'll paste the details below, and hopefully you can get those worked out as well: SELinux is preventing cjdroute from search access on the directory machines. ***** Plugin catchall (100. confidence) suggests ************************** If you believe that cjdroute should be allowed search access on the machines directory by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # grep cjdroute /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context system_u:system_r:cjdns_t:s0 Target Context system_u:object_r:systemd_machined_var_run_t:s0 Target Objects machines [ dir ] Source cjdroute Source Path cjdroute Port <Unknown> Host slapshot-jaredsmith-net Source RPM Packages Target RPM Packages Policy RPM selinux-policy-3.13.1-171.fc24.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name slapshot-jaredsmith-net Platform Linux slapshot-jaredsmith-net 4.5.0-0.rc5.git0.1.fc24.x86_64 #1 SMP Sun Feb 21 22:39:46 UTC 2016 x86_64 x86_64 Alert Count 1 First Seen 2016-02-23 18:41:56 EST Last Seen 2016-02-23 18:41:56 EST Local ID fc532d84-17d9-4fc3-b7ac-bc726da00e50 Raw Audit Messages type=AVC msg=audit(1456270916.93:1055): avc: denied { search } for pid=26366 comm="cjdroute" name="machines" dev="tmpfs" ino=20797 scontext=system_u:system_r:cjdns_t:s0 tcontext=system_u:object_r:systemd_machined_var_run_t:s0 tclass=dir permissive=0 Hash: cjdroute,cjdns_t,systemd_machined_var_run_t,dir,search --- SELinux is preventing cjdroute from open access on the file /etc/hosts. ***** Plugin catchall (100. confidence) suggests ************************** If you believe that cjdroute should be allowed open access on the hosts file by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # grep cjdroute /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context system_u:system_r:cjdns_t:s0 Target Context system_u:object_r:net_conf_t:s0 Target Objects /etc/hosts [ file ] Source cjdroute Source Path cjdroute Port <Unknown> Host slapshot-jaredsmith-net Source RPM Packages Target RPM Packages setup-2.10.1-1.fc24.noarch Policy RPM selinux-policy-3.13.1-171.fc24.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name slapshot-jaredsmith-net Platform Linux slapshot-jaredsmith-net 4.5.0-0.rc5.git0.1.fc24.x86_64 #1 SMP Sun Feb 21 22:39:46 UTC 2016 x86_64 x86_64 Alert Count 1 First Seen 2016-02-23 18:41:56 EST Last Seen 2016-02-23 18:41:56 EST Local ID 09b781ff-9a3a-4985-8717-fbb153cd7780 Raw Audit Messages type=AVC msg=audit(1456270916.90:1054): avc: denied { open } for pid=26366 comm="cjdroute" path="/etc/hosts" dev="dm-2" ino=3182078 scontext=system_u:system_r:cjdns_t:s0 tcontext=system_u:object_r:net_conf_t:s0 tclass=file permissive=0 Hash: cjdroute,cjdns_t,net_conf_t,file,open -- You are receiving this mail because: You are on the CC list for the bug. You are always notified about changes to this product and component _______________________________________________ package-review mailing list package-review@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/package-review