View Issue Details

IDProjectCategoryView StatusLast Update
0012779CentOS-7selinux-policypublic2018-06-08 05:42
Reporterlec@easterng.ro 
PrioritynormalSeverityminorReproducibilityhave not tried
Status newResolutionopen 
PlatformOSOS Version7
Product Version 
Target VersionFixed in Version 
Summary0012779: SELinux is preventing systemd-machine from 'search' accesses on the directory 10336.
DescriptionDescription of problem:
SELinux is preventing systemd-machine from 'search' accesses on the directory 10336.

***** Plugin catchall (100. confidence) suggests **************************

If you believe that systemd-machine should be allowed search access on the 10336 directory by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# ausearch -c 'systemd-machine' --raw | audit2allow -M my-systemdmachine
# semodule -i my-systemdmachine.pp

Additional Information:
Source Context system_u:system_r:systemd_machined_t:s0
Target Context system_u:system_r:svirt_t:s0:c356,c393
Target Objects 10336 [ dir ]
Source systemd-machine
Source Path systemd-machine
Port <Unknown>
Host (removed)
Source RPM Packages
Target RPM Packages
Policy RPM selinux-policy-3.13.1-102.el7_3.13.noarch
Selinux Enabled True
Policy Type targeted
Enforcing Mode Enforcing
Host Name (removed)
Platform Linux (removed) 3.10.0-514.6.1.el7.x86_64 #1 SMP
                              Wed Jan 18 13:06:36 UTC 2017 x86_64 x86_64
Alert Count 1
First Seen 2017-02-03 19:44:21 EET
Last Seen 2017-02-03 19:44:21 EET
Local ID a9de8e72-dc26-4916-842c-9ecbd44e557c

Raw Audit Messages
type=AVC msg=audit(1486143861.795:13480): avc: denied { search } for pid=16719 comm="systemd-machine" name="10336" dev="proc" ino=1021043 scontext=system_u:system_r:systemd_machined_t:s0 tcontext=system_u:system_r:svirt_t:s0:c356,c393 tclass=dir


Hash: systemd-machine,systemd_machined_t,svirt_t,dir,search

Version-Release number of selected component:
selinux-policy-3.13.1-102.el7_3.13.noarch
Additional Informationreporter: libreport-2.1.11.1
hashmarkername: setroubleshoot
kernel: 3.10.0-514.6.1.el7.x86_64
reproducible: Not sure how to reproduce the problem
type: libreport
TagsNo tags attached.
abrt_hash261bbef5aa693083a0f4cac92449b34508a8b9cff51d7100f581570e3e98aae8
URL

Activities

link

link

2017-05-26 16:45

reporter   ~0029343

I have run into this issue on my CentOS 7 server which hosts a few VMs.


SELinux is preventing systemd-machine from search access on the directory 4394.

***** Plugin catchall (100. confidence) suggests **************************

If you believe that systemd-machine should be allowed search access on the 4394 directory by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# ausearch -c 'systemd-machine' --raw | audit2allow -M my-systemdmachine
# semodule -i my-systemdmachine.pp

Additional Information:
Source Context system_u:system_r:systemd_machined_t:s0
Target Context system_u:system_r:svirt_t:s0:c121,c203
Target Objects 4394 [ dir ]
Source systemd-machine
Source Path systemd-machine
Port <Unknown>
Host tourian.digitalbytes.net
Source RPM Packages
Target RPM Packages
Policy RPM selinux-policy-3.13.1-102.el7_3.16.noarch
Selinux Enabled True
Policy Type targeted
Enforcing Mode Enforcing
Host Name tourian.digitalbytes.net
Platform Linux tourian.digitalbytes.net
                              3.10.0-514.6.2.el7.x86_64 #1 SMP Thu Feb 23
                              03:04:39 UTC 2017 x86_64 x86_64
Alert Count 1
First Seen 2017-05-26 05:23:19 EDT
Last Seen 2017-05-26 05:23:19 EDT
Local ID 88e47dc9-ce6e-441c-9883-2103a635f1f2

Raw Audit Messages
type=AVC msg=audit(1495790599.193:3177): avc: denied { search } for pid=2564 comm="systemd-machine" name="4394" dev="proc" ino=43396 scontext=system_u:system_r:systemd_machined_t:s0 tcontext=system_u:system_r:svirt_t:s0:c121,c203 tclass=dir


Hash: systemd-machine,systemd_machined_t,svirt_t,dir,search
TuxHandwerker

TuxHandwerker

2017-06-09 10:37

reporter   ~0029425

Another user experienced a similar problem:

restart libvirtd

reporter: libreport-2.1.11.1
hashmarkername: setroubleshoot
kernel: 3.10.0-514.21.1.el7.x86_64
package: selinux-policy-3.13.1-102.el7_3.16.noarch
reason: SELinux is preventing systemd-machine from 'search' accesses on the directory 29232.
reproducible: Not sure how to reproduce the problem
type: libreport
hobbes129

hobbes129

2018-05-22 16:29

reporter   ~0031892

Another user experienced a similar problem:

System was running headless.

reporter: libreport-2.1.11.1
hashmarkername: setroubleshoot
kernel: 3.10.0-862.2.3.el7.x86_64
package: selinux-policy-3.13.1-192.el7_5.3.noarch
reason: SELinux is preventing systemd-machine from 'search' accesses on the directory 20062.
reproducible: Not sure how to reproduce the problem
type: libreport

Issue History

Date Modified Username Field Change
2017-02-04 08:51 lec@easterng.ro New Issue
2017-05-26 16:45 link Note Added: 0029343
2017-06-09 10:37 TuxHandwerker Note Added: 0029425
2018-05-22 16:29 hobbes129 Note Added: 0031892