View Issue Details

IDProjectCategoryView StatusLast Update
0014360CentOS-7selinux-policypublic2018-01-11 07:05
Reporterdimchub 
PrioritynormalSeverityminorReproducibilityhave not tried
Status newResolutionopen 
Product Version7.3.1611 
Target VersionFixed in Version 
Summary0014360: Targeted policy inhibits use of tmpfiles in /run by many systemd services
DescriptionAfter turning on enforcing the default targeted policy many systemd services fail to start upon reboot. The services fail to start reporting Permission denied.

Having collected the reports with audit2allow I can see that a number of policy rules regarding the use of systemd_logind_inhibit_var_run_t are missing.

As a result many services would not start on boot. Specific services affected were:
* fail2ban
* rsyslog syslogd
* gssproxy
* rpcbind
* rpc.statd
* nginx httpd
* iscsid
* tmpfiles
Steps To Reproduce1. Turn on SELinux state to Enforcing with Targeted security policy in /etc/selinux/config.
2. Reboot
Additional InformationThis popped up after kernel upgrade and I am not familiar enough with CentOS to tell if this is a glitch caused by mistreatment of this particular host or indeed a defect in the selinux-policy.

Attached is the list of rules that I compiled using audit2allow to make the system boot without errors.
TagsNo tags attached.
abrt_hash
URL

Activities

dimchub

dimchub

2018-01-11 07:05

reporter  

systemd_var_run.te (1,585 bytes)

Issue History

Date Modified Username Field Change
2018-01-11 07:05 dimchub New Issue
2018-01-11 07:05 dimchub File Added: systemd_var_run.te