| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0017637 | CentOS-7 | selinux-policy | public | 2020-07-31 14:54 | 2020-07-31 15:11 |
| Reporter | hndrcksn | Assigned To | |||
| Priority | normal | Severity | minor | Reproducibility | have not tried |
| Status | new | Resolution | open | ||
| OS Version | 7 | ||||
| Summary | 0017637: SELinux is preventing /usr/bin/perl from 'read' accesses on the file /etc/munin/munin.conf. | ||||
| Description | Description of problem: Happens when system boots up and continues. I assume munin needs perl to read this file so the problem should be addressed SELinux is preventing /usr/bin/perl from 'read' accesses on the file /etc/munin/munin.conf. ***** Plugin restorecon (99.5 confidence) suggests ************************ If you want to fix the label. /etc/munin/munin.conf default label should be munin_etc_t. Then you can run restorecon. The access attempt may have been stopped due to insufficient permissions to access a parent directory in which case try to change the following command accordingly. Do # /sbin/restorecon -v /etc/munin/munin.conf ***** Plugin catchall (1.49 confidence) suggests ************************** If you believe that perl should be allowed read access on the munin.conf file by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # ausearch -c 'munin-update' --raw | audit2allow -M my-muninupdate # semodule -i my-muninupdate.pp Additional Information: Source Context system_u:system_r:munin_t:s0 Target Context unconfined_u:object_r:user_home_t:s0 Target Objects /etc/munin/munin.conf [ file ] Source munin-update Source Path /usr/bin/perl Port <Unknown> Host (removed) Source RPM Packages perl-5.16.3-295.el7.x86_64 Target RPM Packages munin-2.0.63-1.el7.noarch Policy RPM selinux-policy-3.13.1-266.el7_8.1.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 3.10.0-1127.13.1.el7.x86_64 #1 SMP Tue Jun 23 15:46:38 UTC 2020 x86_64 x86_64 Alert Count 874 First Seen 2020-07-28 09:50:02 EDT Last Seen 2020-07-31 10:50:01 EDT Local ID b744dbe5-c0bd-49cd-9e60-4d669d7639d4 Raw Audit Messages type=AVC msg=audit(1596207001.934:241): avc: denied { read } for pid=4660 comm="munin-update" name="munin.conf" dev="dm-0" ino=101089297 scontext=system_u:system_r:munin_t:s0 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=0 type=SYSCALL msg=audit(1596207001.934:241): arch=x86_64 syscall=open success=no exit=EACCES a0=ac3bb0 a1=0 a2=1b6 a3=0 items=0 ppid=4657 pid=4660 auid=4294967295 uid=983 gid=978 euid=983 suid=983 fsuid=983 egid=978 sgid=978 fsgid=978 tty=(none) ses=4294967295 comm=munin-update exe=/usr/bin/perl subj=system_u:system_r:munin_t:s0 key=(null) Hash: munin-update,munin_t,user_home_t,file,read Version-Release number of selected component: selinux-policy-3.13.1-266.el7_8.1.noarch | ||||
| Additional Information | reporter: libreport-2.1.11.1 hashmarkername: setroubleshoot kernel: 3.10.0-1127.13.1.el7.x86_64 reproducible: Not sure how to reproduce the problem type: libreport | ||||
| Tags | No tags attached. | ||||
| abrt_hash | a1b2796c76997b82150a203b429422b419fbf5a0773d8b3fe759d424fd23e36d | ||||
| URL | |||||
 |
I have a very very strong feeling that your system is mislabeled, resp at least munin's config file is not labeled as it should be. Can you please follow the first advice given by setroubleshoot and relabel your system ? You could run any of the following two commands ( I suggest the first one since maybe more than just a file is mislabeled ) - touch /.autorelabel && reboot ( to relabel the whole system ) - restorecon -Rv /etc/munin ( to relabel just munin's config directory ) |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2020-07-31 14:54 | hndrcksn | New Issue | |
| 2020-07-31 15:11 | ManuelWolfshant | Note Added: 0037462 |
