View Issue Details

IDProjectCategoryView StatusLast Update
0014576CentOS-7selinux-policypublic2018-03-13 16:10
Reporterhuezohuezo1990 
PrioritynormalSeverityminorReproducibilityhave not tried
Status newResolutionopen 
PlatformOSOS Version7
Product Version 
Target VersionFixed in Version 
Summary0014576: SELinux is preventing /usr/sbin/xtables-multi from 'read' accesses on the file xtables.lock.
DescriptionDescription of problem:
SELinux is preventing /usr/sbin/xtables-multi from 'read' accesses on the file xtables.lock.

***** Plugin catchall (100. confidence) suggests **************************

If cree que de manera predeterminada, xtables-multi debería permitir acceso read sobre xtables.lock file.
Then debería reportar esto como un error.
Puede generar un módulo de política local para permitir este acceso.
Do
allow this access for now by executing:
# ausearch -c 'iptables' --raw | audit2allow -M my-iptables
# semodule -i my-iptables.pp

Additional Information:
Source Context system_u:system_r:iptables_t:s0
Target Context system_u:object_r:var_run_t:s0
Target Objects xtables.lock [ file ]
Source iptables
Source Path /usr/sbin/xtables-multi
Port <Unknown>
Host (removed)
Source RPM Packages iptables-1.4.21-18.3.el7_4.x86_64
Target RPM Packages
Policy RPM selinux-policy-3.13.1-166.el7_4.9.noarch
Selinux Enabled True
Policy Type targeted
Enforcing Mode Enforcing
Host Name (removed)
Platform Linux (removed) 3.10.0-693.21.1.el7.x86_64 #1 SMP
                              Wed Mar 7 19:03:37 UTC 2018 x86_64 x86_64
Alert Count 39
First Seen 2018-03-13 10:09:26 CST
Last Seen 2018-03-13 10:09:46 CST
Local ID 4d2d8de8-82cb-474c-8338-e480f27d8274

Raw Audit Messages
type=AVC msg=audit(1520957386.521:7671): avc: denied { read } for pid=5888 comm="iptables" name="xtables.lock" dev="tmpfs" ino=32003 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:object_r:var_run_t:s0 tclass=file


type=SYSCALL msg=audit(1520957386.521:7671): arch=x86_64 syscall=open success=no exit=EACCES a0=4130fb a1=40 a2=180 a3=7ffe7af069e0 items=0 ppid=1920 pid=5888 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=iptables exe=/usr/sbin/xtables-multi subj=system_u:system_r:iptables_t:s0 key=(null)

Hash: iptables,iptables_t,var_run_t,file,read

Version-Release number of selected component:
selinux-policy-3.13.1-166.el7_4.9.noarch
Additional Informationreporter: libreport-2.1.11.1
hashmarkername: setroubleshoot
kernel: 3.10.0-693.21.1.el7.x86_64
reproducible: Not sure how to reproduce the problem
type: libreport
TagsNo tags attached.
abrt_hash155cd984ca7ac90cae8e56ce625112a154df7eacd863117d8c528e84fab17e48
URL

Activities

There are no notes attached to this issue.

Issue History

Date Modified Username Field Change
2018-03-13 16:10 huezohuezo1990 New Issue