2018-01-22 06:17 UTC

View Issue Details Jump to Notes ]
IDProjectCategoryView StatusLast Update
0014360CentOS-7selinux-policypublic2018-01-11 07:05
Reporterdimchub 
PrioritynormalSeverityminorReproducibilityhave not tried
StatusnewResolutionopen 
Product Version7.3.1611 
Target VersionFixed in Version 
Summary0014360: Targeted policy inhibits use of tmpfiles in /run by many systemd services
DescriptionAfter turning on enforcing the default targeted policy many systemd services fail to start upon reboot. The services fail to start reporting Permission denied.

Having collected the reports with audit2allow I can see that a number of policy rules regarding the use of systemd_logind_inhibit_var_run_t are missing.

As a result many services would not start on boot. Specific services affected were:
* fail2ban
* rsyslog syslogd
* gssproxy
* rpcbind
* rpc.statd
* nginx httpd
* iscsid
* tmpfiles
Steps To Reproduce1. Turn on SELinux state to Enforcing with Targeted security policy in /etc/selinux/config.
2. Reboot
Additional InformationThis popped up after kernel upgrade and I am not familiar enough with CentOS to tell if this is a glitch caused by mistreatment of this particular host or indeed a defect in the selinux-policy.

Attached is the list of rules that I compiled using audit2allow to make the system boot without errors.
TagsNo tags attached.
abrt_hash
URL
Attached Files

-Relationships
+Relationships

-Notes
There are no notes attached to this issue.
+Notes

-Issue History
Date Modified Username Field Change
2018-01-11 07:05 dimchub New Issue
2018-01-11 07:05 dimchub File Added: systemd_var_run.te
+Issue History