View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0018245 | CentOS-8 | selinux-policy | public | 2021-07-11 04:42 | 2021-07-11 04:42 |
Reporter | Khairi | Assigned To | |||
Priority | normal | Severity | minor | Reproducibility | have not tried |
Status | new | Resolution | open | ||
Platform | 86_64 | OS | CentOS | OS Version | 8 |
Product Version | 8.4.2105 | ||||
Summary | 0018245: Bugs | ||||
Description | SELinux is preventing /usr/bin/systemctl from getattr access on the filesystem /. ***** Plugin catchall (100. confidence) suggests ************************** If you believe that systemctl should be allowed getattr access on the filesystem by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # ausearch -c 'systemctl' --raw | audit2allow -M my-systemctl # semodule -X 300 -i my-systemctl.pp Additional Information: Source Context system_u:system_r:cockpit_ws_t:s0 Target Context system_u:object_r:fs_t:s0 Target Objects / [ filesystem ] Source systemctl Source Path /usr/bin/systemctl Port <Unknown> Host tbees.tn Source RPM Packages systemd-239-48.el8.x86_64 Target RPM Packages filesystem-3.8-6.el8.x86_64 SELinux Policy RPM selinux-policy-targeted-3.14.3-72.el8.noarch Local Policy RPM selinux-policy-targeted-3.14.3-72.el8.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name tbees.tn Platform Linux tbees.tn 4.18.0-315.el8.x86_64 #1 SMP Mon Jun 28 19:09:44 UTC 2021 x86_64 x86_64 Alert Count 25 First Seen 2021-07-06 10:32:24 CET Last Seen 2021-07-11 04:56:01 CET Local ID a2f3d2c4-dae7-48ba-96fc-acbb80fed4e1 Raw Audit Messages type=AVC msg=audit(1625975761.656:55): avc: denied { getattr } for pid=1390 comm="systemctl" name="/" dev="dm-0" ino=128 scontext=system_u:system_r:cockpit_ws_t:s0 tcontext=system_u:object_r:fs_t:s0 tclass=filesystem permissive=0 type=SYSCALL msg=audit(1625975761.656:55): arch=x86_64 syscall=fstatfs success=no exit=EACCES a0=3 a1=7ffc2dd0ba80 a2=280100 a3=0 items=0 ppid=1389 pid=1390 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=systemctl exe=/usr/bin/systemctl subj=system_u:system_r:cockpit_ws_t:s0 key=(null) Hash: systemctl,cockpit_ws_t,fs_t,filesystem,getattr | ||||
Tags | No tags attached. | ||||
Date Modified | Username | Field | Change |
---|---|---|---|
2021-07-11 04:42 | Khairi | New Issue |