View Issue Details

IDProjectCategoryView StatusLast Update
0016169CentOS-7selinux-policypublic2019-06-10 14:56
PrioritynormalSeverityminorReproducibilityhave not tried
Status newResolutionopen 
PlatformOSOS Version7
Product Version 
Target VersionFixed in Version 
Summary0016169: SELinux is preventing /usr/sbin/xtables-multi from 'read' accesses on the archivo xtables.lock.
DescriptionDescription of problem:
SELinux is preventing /usr/sbin/xtables-multi from 'read' accesses on the archivo xtables.lock.

***** Plugin catchall (100. confidence) suggests **************************

Si cree que de manera predeterminada se debería permitir a xtables-multi el acceso read sobre xtables.lock file.
Then debería reportar esto como un error.
Puede generar un módulo de política local para permitir este acceso.
permita el acceso temporalmente ejecutando:
# ausearch -c 'iptables-restor' --raw | audit2allow -M mi-iptablesrestor
# semodule -i mi-iptablesrestor.pp

Additional Information:
Source Context system_u:system_r:iptables_t:s0
Target Context system_u:object_r:var_run_t:s0
Target Objects xtables.lock [ file ]
Source iptables-restor
Source Path /usr/sbin/xtables-multi
Port <Unknown>
Host (removed)
Source RPM Packages iptables-1.4.21-28.el7.x86_64
Target RPM Packages
Policy RPM selinux-policy-3.13.1-229.el7_6.12.noarch
Selinux Enabled True
Policy Type targeted
Enforcing Mode Enforcing
Host Name (removed)
Platform Linux (removed)
                     #1 SMP Thu
                              May 30 08:11:49 CEST 2019 x86_64 x86_64
Alert Count 486
First Seen 2019-06-10 12:02:33 CEST
Last Seen 2019-06-10 16:50:33 CEST
Local ID c4806251-d4b4-4d10-8f8b-8e472fcb60bd

Raw Audit Messages
type=AVC msg=audit(1560178233.412:2872): avc: denied { read } for pid=31604 comm="iptables" name="xtables.lock" dev="tmpfs" ino=31465 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:object_r:var_run_t:s0 tclass=file permissive=0

type=SYSCALL msg=audit(1560178233.412:2872): arch=x86_64 syscall=open success=no exit=EACCES a0=41329b a1=40 a2=180 a3=7ffe8dc1aae0 items=0 ppid=4300 pid=31604 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=iptables exe=/usr/sbin/xtables-multi subj=system_u:system_r:iptables_t:s0 key=(null)

Hash: iptables-restor,iptables_t,var_run_t,file,read

Version-Release number of selected component:
Additional Informationreporter: libreport-
hashmarkername: setroubleshoot
reproducible: Not sure how to reproduce the problem
type: libreport
TagsNo tags attached.


There are no notes attached to this issue.

Issue History

Date Modified Username Field Change
2019-06-10 14:56 Pepetolete New Issue