View Issue Details

IDProjectCategoryView StatusLast Update
0015176CentOS-7selinux-policypublic2018-08-15 00:44
Reporterwrthissell 
PrioritynormalSeverityminorReproducibilityhave not tried
Status newResolutionopen 
PlatformOSOS Version7
Product Version 
Target VersionFixed in Version 
Summary0015176: SELinux is preventing /usr/sbin/bumblebeed from 'getattr' accesses on the file /usr/lib/modules/3.10.0-862.9.1.el7.x86_64/ker...
DescriptionDescription of problem:
Install:
bumblebee-3.3.0-1.el7.x86_64.rpm

from:

https://linux.itecs.ncsu.edu/redhat/public/bumblebee/experimental2/develop/

Full documentation of the bumblebee bug I am trying to resolve is at:

https://github.com/Bumblebee-Project/Bumblebee/issues/974
SELinux is preventing /usr/sbin/bumblebeed from 'getattr' accesses on the file /usr/lib/modules/3.10.0-862.9.1.el7.x86_64/kernel/drivers/char/ipmi/ipmi_msghandler.ko.xz.

***** Plugin catchall (100. confidence) suggests **************************

If you believe that bumblebeed should be allowed getattr access on the ipmi_msghandler.ko.xz file by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# ausearch -c 'bumblebeed' --raw | audit2allow -M my-bumblebeed
# semodule -i my-bumblebeed.pp

Additional Information:
Source Context system_u:system_r:bumblebee_t:s0
Target Context system_u:object_r:modules_object_t:s0
Target Objects /usr/lib/modules/3.10.0-862.9.1.el7.x86_64/kernel/
                              drivers/char/ipmi/ipmi_msghandler.ko.xz [ file ]
Source bumblebeed
Source Path /usr/sbin/bumblebeed
Port <Unknown>
Host (removed)
Source RPM Packages bumblebee-3.3.0-1.el7.x86_64
Target RPM Packages kernel-3.10.0-862.9.1.el7.x86_64
Policy RPM selinux-policy-3.13.1-192.el7_5.4.noarch
Selinux Enabled True
Policy Type targeted
Enforcing Mode Permissive
Host Name (removed)
Platform Linux (removed) 3.10.0-862.9.1.el7.x86_64 #1 SMP
                              Mon Jul 16 16:29:36 UTC 2018 x86_64 x86_64
Alert Count 16
First Seen 2018-08-03 21:03:46 EDT
Last Seen 2018-08-14 18:14:12 EDT
Local ID 1e07268f-48b6-4752-8d46-2b8db108f9b2

Raw Audit Messages
type=AVC msg=audit(1534284852.668:2057): avc: denied { getattr } for pid=1170 comm="bumblebeed" path="/usr/lib/modules/3.10.0-862.9.1.el7.x86_64/kernel/drivers/char/ipmi/ipmi_msghandler.ko.xz" dev="dm-0" ino=1014207 scontext=system_u:system_r:bumblebee_t:s0 tcontext=system_u:object_r:modules_object_t:s0 tclass=file


type=SYSCALL msg=audit(1534284852.668:2057): arch=x86_64 syscall=stat success=yes exit=0 a0=8d0c00 a1=7ffdafcf7e00 a2=7ffdafcf7e00 a3=2f696d70692f7261 items=1 ppid=1 pid=1170 auid=4294967295 uid=0 gid=1001 euid=0 suid=0 fsuid=0 egid=1001 sgid=1001 fsgid=1001 tty=(none) ses=4294967295 comm=bumblebeed exe=/usr/sbin/bumblebeed subj=system_u:system_r:bumblebee_t:s0 key=(null)

type=CWD msg=audit(1534284852.668:2057): cwd=/

type=PATH msg=audit(1534284852.668:2057): item=0 name=/lib/modules/3.10.0-862.9.1.el7.x86_64/kernel/drivers/char/ipmi/ipmi_msghandler.ko.xz inode=1014207 dev=fd:00 mode=0100644 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:modules_object_t:s0 objtype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0

Hash: bumblebeed,bumblebee_t,modules_object_t,file,getattr

Version-Release number of selected component:
selinux-policy-3.13.1-192.el7_5.4.noarch
Additional Informationreporter: libreport-2.1.11.1
hashmarkername: setroubleshoot
kernel: 3.10.0-862.9.1.el7.x86_64
reproducible: Not sure how to reproduce the problem
type: libreport
TagsNo tags attached.
abrt_hashbfe2e7a234467f7b510241d6be38b964355261b9f5f5680efaac0d0cae5f060c
URL

Activities

There are no notes attached to this issue.

Issue History

Date Modified Username Field Change
2018-08-15 00:44 wrthissell New Issue