View Issue Details

IDProjectCategoryView StatusLast Update
0015144CentOS-7selinux-policypublic2018-08-06 02:24
PrioritynormalSeverityminorReproducibilityhave not tried
Status newResolutionopen 
PlatformOSOS Version7
Product Version 
Target VersionFixed in Version 
Summary0015144: SELinux is preventing /usr/bin/systemctl from 'read' accesses on the cartella journal.
DescriptionDescription of problem:
SELinux is preventing /usr/bin/systemctl from 'read' accesses on the cartella journal.

***** Plugin catchall (100. confidence) suggests **************************

If you believe that systemctl should be allowed read access on the journal directory by default.
Then si dovrebbe riportare il problema come bug.
E' possibile generare un modulo di politica locale per consentire questo accesso.
allow this access for now by executing:
# ausearch -c 'systemctl' --raw | audit2allow -M my-systemctl
# semodule -i my-systemctl.pp

Additional Information:
Source Context system_u:system_r:ipsec_mgmt_t:s0
Target Context system_u:object_r:syslogd_var_run_t:s0
Target Objects journal [ dir ]
Source systemctl
Source Path /usr/bin/systemctl
Port <Unknown>
Host (removed)
Source RPM Packages systemd-219-57.el7.x86_64
Target RPM Packages
Policy RPM selinux-policy-3.13.1-192.el7_5.4.noarch
Selinux Enabled True
Policy Type targeted
Enforcing Mode Enforcing
Host Name (removed)
Platform Linux (removed) 3.10.0-862.3.3.el7.x86_64 #1 SMP
                              Fri Jun 15 04:15:27 UTC 2018 x86_64 x86_64
Alert Count 2
First Seen 2018-07-23 10:26:16 CEST
Last Seen 2018-07-23 10:28:34 CEST
Local ID 62958811-1231-4e91-8f79-ac0f99a75f05

Raw Audit Messages
type=AVC msg=audit(1532334514.462:877): avc: denied { read } for pid=8690 comm="systemctl" name="journal" dev="tmpfs" ino=1182 scontext=system_u:system_r:ipsec_mgmt_t:s0 tcontext=system_u:object_r:syslogd_var_run_t:s0 tclass=dir

type=SYSCALL msg=audit(1532334514.462:877): arch=x86_64 syscall=openat success=no exit=EACCES a0=ffffffffffffff9c a1=55e02d6fc6c0 a2=90800 a3=0 items=0 ppid=8390 pid=8690 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=systemctl exe=/usr/bin/systemctl subj=system_u:system_r:ipsec_mgmt_t:s0 key=(null)

Hash: systemctl,ipsec_mgmt_t,syslogd_var_run_t,dir,read

Version-Release number of selected component:
Additional Informationreporter: libreport-
hashmarkername: setroubleshoot
kernel: 3.10.0-862.9.1.el7.x86_64
reproducible: Not sure how to reproduce the problem
type: libreport
TagsNo tags attached.


There are no notes attached to this issue.

Issue History

Date Modified Username Field Change
2018-08-06 02:24 t3kK4m New Issue