https://bugzilla.redhat.com/show_bug.cgi?id=1221911 On Sun, May 17, 2015 at 1:59 AM, Antonio Insuasti Recalde <antonio@xxxxxxxxxxx> wrote: > Hi folks, > > I don't know if this is a bug, but when i start a container or execute > some command inside of container SELinux show this error: > > May 16 13:01:44 f22TC4.insuasti.ec setroubleshoot[29992]: SELinux is > preventing bash from 'read, write' accesses on the chr_file > /dev/pts/1. For complete SELinux messages. run sealert -l > 12910614-818d-4051-a03b-85f2851fd055 > May 16 13:01:44 f22TC4.insuasti.ec python[29992]: SELinux is > preventing bash from 'read, write' accesses on the chr_file > /dev/pts/1. > > ***** Plugin > catchall (100. confidence) suggests ************************** > > If you believe that > bash should be allowed read write access on the 1 chr_file by default. > Then you should > report this as a bug. > You can generate a > local policy module to allow this access. > Do > allow this access > for now by executing: > # grep bash > /var/log/audit/audit.log | audit2allow -M mypol > # semodule -i mypol.pp > > > > this is the out of Sealert > > [root@f22TC4 ~]# sealert -l 12910614-818d-4051-a03b-85f2851fd055 > SELinux is preventing bash from 'read, write' accesses on the chr_file > /dev/pts/1. > > ***** Plugin catchall (100. confidence) suggests ************************** > > If you believe that bash should be allowed read write access on the 1 > chr_file by default. > Then you should report this as a bug. > You can generate a local policy module to allow this access. > Do > allow this access for now by executing: > # grep bash /var/log/audit/audit.log | audit2allow -M mypol > # semodule -i mypol.pp > > > Additional Information: > Source Context system_u:system_r:svirt_lxc_net_t:s0:c661,c803 > Target Context system_u:object_r:docker_devpts_t:s0 > Target Objects /dev/pts/1 [ chr_file ] > Source bash > Source Path bash > Port <Unknown> > Host f22TC4.insuasti.ec > Source RPM Packages > Target RPM Packages > Policy RPM selinux-policy-3.13.1-126.fc22.noarch > Selinux Enabled True > Policy Type targeted > Enforcing Mode Enforcing > Host Name f22TC4.insuasti.ec > Platform Linux f22TC4.insuasti.ec 4.0.2-300.fc22.x86_64 #1 > SMP Thu May 7 16:05:02 UTC 2015 x86_64 x86_64 > Alert Count 6 > First Seen 2015-05-16 12:53:19 ECT > Last Seen 2015-05-16 13:01:43 ECT > Local ID 12910614-818d-4051-a03b-85f2851fd055 > > Raw Audit Messages > type=AVC msg=audit(1431799303.910:1222): avc: denied { read write } > for pid=29986 comm="bash" path="/dev/pts/1" dev="devpts" ino=4 > scontext=system_u:system_r:svirt_lxc_net_t:s0:c661,c803 > tcontext=system_u:object_r:docker_devpts_t:s0 tclass=chr_file > permissive=0 > > > Hash: bash,svirt_lxc_net_t,docker_devpts_t,chr_file,read,write > > this is the command i did run > # docker exec -t -i deamon_dave /bin/bash > > I'm using Fedora 22 TC 4 with docker docker-1.6.0-3.git9d26a07.fc22.x86_64 > > Thank's for help > > > -- > Antonio Insuasti R. > -- > test mailing list > test@xxxxxxxxxxxxxxxxxxxxxxx > To unsubscribe: > https://admin.fedoraproject.org/mailman/listinfo/test -- -Igor Gnatenko -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test
