View Issue Details

IDProjectCategoryView StatusLast Update
0016169CentOS-7selinux-policypublic2019-06-10 14:56
ReporterPepetolete 
PrioritynormalSeverityminorReproducibilityhave not tried
Status newResolutionopen 
PlatformOSOS Version7
Product Version 
Target VersionFixed in Version 
Summary0016169: SELinux is preventing /usr/sbin/xtables-multi from 'read' accesses on the archivo xtables.lock.
DescriptionDescription of problem:
SELinux is preventing /usr/sbin/xtables-multi from 'read' accesses on the archivo xtables.lock.

***** Plugin catchall (100. confidence) suggests **************************

Si cree que de manera predeterminada se debería permitir a xtables-multi el acceso read sobre xtables.lock file.
Then debería reportar esto como un error.
Puede generar un módulo de política local para permitir este acceso.
Do
permita el acceso temporalmente ejecutando:
# ausearch -c 'iptables-restor' --raw | audit2allow -M mi-iptablesrestor
# semodule -i mi-iptablesrestor.pp

Additional Information:
Source Context system_u:system_r:iptables_t:s0
Target Context system_u:object_r:var_run_t:s0
Target Objects xtables.lock [ file ]
Source iptables-restor
Source Path /usr/sbin/xtables-multi
Port <Unknown>
Host (removed)
Source RPM Packages iptables-1.4.21-28.el7.x86_64
Target RPM Packages
Policy RPM selinux-policy-3.13.1-229.el7_6.12.noarch
Selinux Enabled True
Policy Type targeted
Enforcing Mode Enforcing
Host Name (removed)
Platform Linux (removed)
                              3.10.0-957.12.2.el7.centos.plus.x86_64 #1 SMP Thu
                              May 30 08:11:49 CEST 2019 x86_64 x86_64
Alert Count 486
First Seen 2019-06-10 12:02:33 CEST
Last Seen 2019-06-10 16:50:33 CEST
Local ID c4806251-d4b4-4d10-8f8b-8e472fcb60bd

Raw Audit Messages
type=AVC msg=audit(1560178233.412:2872): avc: denied { read } for pid=31604 comm="iptables" name="xtables.lock" dev="tmpfs" ino=31465 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:object_r:var_run_t:s0 tclass=file permissive=0


type=SYSCALL msg=audit(1560178233.412:2872): arch=x86_64 syscall=open success=no exit=EACCES a0=41329b a1=40 a2=180 a3=7ffe8dc1aae0 items=0 ppid=4300 pid=31604 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=iptables exe=/usr/sbin/xtables-multi subj=system_u:system_r:iptables_t:s0 key=(null)

Hash: iptables-restor,iptables_t,var_run_t,file,read

Version-Release number of selected component:
selinux-policy-3.13.1-229.el7_6.12.noarch
Additional Informationreporter: libreport-2.1.11.1
hashmarkername: setroubleshoot
kernel: 3.10.0-957.12.2.el7.centos.plus.x86_64
reproducible: Not sure how to reproduce the problem
type: libreport
TagsNo tags attached.
abrt_hashfe9a2ee82b15694eab672539f33021bf8b60617aa9ae0e937f632f0460d5d3ef
URL

Activities

There are no notes attached to this issue.

Issue History

Date Modified Username Field Change
2019-06-10 14:56 Pepetolete New Issue