View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0014576 | CentOS-7 | selinux-policy | public | 2018-03-13 16:10 | 2018-03-13 16:10 |
| Reporter | huezohuezo1990 | ||||
| Priority | normal | Severity | minor | Reproducibility | have not tried |
| Status | new | Resolution | open | ||
| Platform | OS | OS Version | 7 | ||
| Product Version | |||||
| Target Version | Fixed in Version | ||||
| Summary | 0014576: SELinux is preventing /usr/sbin/xtables-multi from 'read' accesses on the file xtables.lock. | ||||
| Description | Description of problem: SELinux is preventing /usr/sbin/xtables-multi from 'read' accesses on the file xtables.lock. ***** Plugin catchall (100. confidence) suggests ************************** If cree que de manera predeterminada, xtables-multi debería permitir acceso read sobre xtables.lock file. Then debería reportar esto como un error. Puede generar un módulo de política local para permitir este acceso. Do allow this access for now by executing: # ausearch -c 'iptables' --raw | audit2allow -M my-iptables # semodule -i my-iptables.pp Additional Information: Source Context system_u:system_r:iptables_t:s0 Target Context system_u:object_r:var_run_t:s0 Target Objects xtables.lock [ file ] Source iptables Source Path /usr/sbin/xtables-multi Port <Unknown> Host (removed) Source RPM Packages iptables-1.4.21-18.3.el7_4.x86_64 Target RPM Packages Policy RPM selinux-policy-3.13.1-166.el7_4.9.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 3.10.0-693.21.1.el7.x86_64 #1 SMP Wed Mar 7 19:03:37 UTC 2018 x86_64 x86_64 Alert Count 39 First Seen 2018-03-13 10:09:26 CST Last Seen 2018-03-13 10:09:46 CST Local ID 4d2d8de8-82cb-474c-8338-e480f27d8274 Raw Audit Messages type=AVC msg=audit(1520957386.521:7671): avc: denied { read } for pid=5888 comm="iptables" name="xtables.lock" dev="tmpfs" ino=32003 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:object_r:var_run_t:s0 tclass=file type=SYSCALL msg=audit(1520957386.521:7671): arch=x86_64 syscall=open success=no exit=EACCES a0=4130fb a1=40 a2=180 a3=7ffe7af069e0 items=0 ppid=1920 pid=5888 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=iptables exe=/usr/sbin/xtables-multi subj=system_u:system_r:iptables_t:s0 key=(null) Hash: iptables,iptables_t,var_run_t,file,read Version-Release number of selected component: selinux-policy-3.13.1-166.el7_4.9.noarch | ||||
| Additional Information | reporter: libreport-2.1.11.1 hashmarkername: setroubleshoot kernel: 3.10.0-693.21.1.el7.x86_64 reproducible: Not sure how to reproduce the problem type: libreport | ||||
| Tags | No tags attached. | ||||
| abrt_hash | 155cd984ca7ac90cae8e56ce625112a154df7eacd863117d8c528e84fab17e48 | ||||
| URL | |||||
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2018-03-13 16:10 | huezohuezo1990 | New Issue |
