View Issue Details

IDProjectCategoryView StatusLast Update
0015675CentOS-7selinux-policypublic2019-01-07 19:22
Reportercarpi031 
PrioritynormalSeverityminorReproducibilityhave not tried
Status newResolutionopen 
PlatformOSOS Version7
Product Version 
Target VersionFixed in Version 
Summary0015675: SELinux is preventing /usr/sbin/ovs-vswitchd from using the 'net_broadcast' capabilities.
DescriptionDescription of problem:
SELinux is preventing /usr/sbin/ovs-vswitchd from using the 'net_broadcast' capabilities.

***** Plugin catchall (100. confidence) suggests **************************

Si vous pensez que ovs-vswitchd devrait avoir des capacités net_broadcast par défaut.
Then vous devriez rapporter ceci en tant qu'anomalie.
Vous pouvez générer un module de stratégie local pour autoriser cet accès.
Do
autoriser cet accès pour le moment en exécutant :
# ausearch -c "ovs-vswitchd" --raw | audit2allow -M my-ovsvswitchd
# semodule -X 300 -i my-ovsvswitchd.pp

Additional Information:
Source Context system_u:system_r:openvswitch_t:s0
Target Context system_u:system_r:openvswitch_t:s0
Target Objects Unknown [ capability ]
Source ovs-vswitchd
Source Path /usr/sbin/ovs-vswitchd
Port <Unknown>
Host (removed)
Source RPM Packages openvswitch-2.10.1-1.el7.x86_64
Target RPM Packages
Policy RPM selinux-policy-3.13.1-229.el7_6.6.noarch
Selinux Enabled True
Policy Type targeted
Enforcing Mode Enforcing
Host Name (removed)
Platform Linux (removed) 3.10.0-957.1.3.el7.x86_64 #1 SMP
                              Thu Nov 29 14:49:43 UTC 2018 x86_64 x86_64
Alert Count 3
First Seen 2019-01-07 18:22:53 CET
Last Seen 2019-01-07 20:19:48 CET
Local ID bb9a9798-eac6-4265-b2ac-3e32517da2b6

Raw Audit Messages
type=AVC msg=audit(1546888788.497:45): avc: denied { net_broadcast } for pid=9141 comm="ovs-vswitchd" capability=11 scontext=system_u:system_r:openvswitch_t:s0 tcontext=system_u:system_r:openvswitch_t:s0 tclass=capability permissive=0


type=SYSCALL msg=audit(1546888788.497:45): arch=x86_64 syscall=setsockopt success=no exit=EPERM a0=10 a1=10e a2=8 a3=7ffcfc85ea04 items=0 ppid=9140 pid=9141 auid=4294967295 uid=987 gid=1001 euid=987 suid=987 fsuid=987 egid=1001 sgid=1001 fsgid=1001 tty=(none) ses=4294967295 comm=ovs-vswitchd exe=/usr/sbin/ovs-vswitchd subj=system_u:system_r:openvswitch_t:s0 key=(null)

Hash: ovs-vswitchd,openvswitch_t,openvswitch_t,capability,net_broadcast

Version-Release number of selected component:
selinux-policy-3.13.1-229.el7_6.6.noarch
Additional Informationreporter: libreport-2.1.11.1
hashmarkername: setroubleshoot
kernel: 3.10.0-957.1.3.el7.x86_64
reproducible: Not sure how to reproduce the problem
type: libreport
TagsNo tags attached.
abrt_hash1c7eeedd11cf5db04e28b6dcddf43f3f6d2e1bec9746e1a4b5beeb580daae66a
URL

Activities

There are no notes attached to this issue.

Issue History

Date Modified Username Field Change
2019-01-07 19:22 carpi031 New Issue