View Issue Details

IDProjectCategoryView StatusLast Update
0014576CentOS-7selinux-policypublic2020-01-19 00:15
PrioritynormalSeverityminorReproducibilityhave not tried
Status newResolutionopen 
PlatformOSOS Version7
Product Version 
Target VersionFixed in Version 
Summary0014576: SELinux is preventing /usr/sbin/xtables-multi from 'read' accesses on the file xtables.lock.
DescriptionDescription of problem:
SELinux is preventing /usr/sbin/xtables-multi from 'read' accesses on the file xtables.lock.

***** Plugin catchall (100. confidence) suggests **************************

If cree que de manera predeterminada, xtables-multi debería permitir acceso read sobre xtables.lock file.
Then debería reportar esto como un error.
Puede generar un módulo de política local para permitir este acceso.
allow this access for now by executing:
# ausearch -c 'iptables' --raw | audit2allow -M my-iptables
# semodule -i my-iptables.pp

Additional Information:
Source Context system_u:system_r:iptables_t:s0
Target Context system_u:object_r:var_run_t:s0
Target Objects xtables.lock [ file ]
Source iptables
Source Path /usr/sbin/xtables-multi
Port <Unknown>
Host (removed)
Source RPM Packages iptables-1.4.21-18.3.el7_4.x86_64
Target RPM Packages
Policy RPM selinux-policy-3.13.1-166.el7_4.9.noarch
Selinux Enabled True
Policy Type targeted
Enforcing Mode Enforcing
Host Name (removed)
Platform Linux (removed) 3.10.0-693.21.1.el7.x86_64 #1 SMP
                              Wed Mar 7 19:03:37 UTC 2018 x86_64 x86_64
Alert Count 39
First Seen 2018-03-13 10:09:26 CST
Last Seen 2018-03-13 10:09:46 CST
Local ID 4d2d8de8-82cb-474c-8338-e480f27d8274

Raw Audit Messages
type=AVC msg=audit(1520957386.521:7671): avc: denied { read } for pid=5888 comm="iptables" name="xtables.lock" dev="tmpfs" ino=32003 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:object_r:var_run_t:s0 tclass=file

type=SYSCALL msg=audit(1520957386.521:7671): arch=x86_64 syscall=open success=no exit=EACCES a0=4130fb a1=40 a2=180 a3=7ffe7af069e0 items=0 ppid=1920 pid=5888 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=iptables exe=/usr/sbin/xtables-multi subj=system_u:system_r:iptables_t:s0 key=(null)

Hash: iptables,iptables_t,var_run_t,file,read

Version-Release number of selected component:
Additional Informationreporter: libreport-
hashmarkername: setroubleshoot
kernel: 3.10.0-693.21.1.el7.x86_64
reproducible: Not sure how to reproduce the problem
type: libreport
TagsNo tags attached.




2020-01-19 00:15

reporter   ~0036051

Another user experienced a similar problem:

SELinux message displayed post login.

reporter: libreport-
hashmarkername: setroubleshoot
kernel: 3.10.0-1062.9.1.el7.x86_64
package: selinux-policy-3.13.1-252.el7_7.6.noarch
reason: SELinux is preventing /usr/sbin/xtables-multi from 'read' accesses on the file xtables.lock.
reproducible: Not sure how to reproduce the problem
type: libreport

Issue History

Date Modified Username Field Change
2018-03-13 16:10 huezohuezo1990 New Issue
2020-01-19 00:15 ksmith02mcafee Note Added: 0036051