View Issue Details

IDProjectCategoryView StatusLast Update
0018245CentOS-8selinux-policypublic2021-07-11 04:42
ReporterKhairi Assigned To 
PrioritynormalSeverityminorReproducibilityhave not tried
Status newResolutionopen 
Platform86_64OSCentOSOS Version8
Product Version8.4.2105 
Summary0018245: Bugs
DescriptionSELinux is preventing /usr/bin/systemctl from getattr access on the filesystem /.

***** Plugin catchall (100. confidence) suggests **************************

If you believe that systemctl should be allowed getattr access on the filesystem by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
allow this access for now by executing:
# ausearch -c 'systemctl' --raw | audit2allow -M my-systemctl
# semodule -X 300 -i my-systemctl.pp

Additional Information:
Source Context system_u:system_r:cockpit_ws_t:s0
Target Context system_u:object_r:fs_t:s0
Target Objects / [ filesystem ]
Source systemctl
Source Path /usr/bin/systemctl
Port <Unknown>
Source RPM Packages systemd-239-48.el8.x86_64
Target RPM Packages filesystem-3.8-6.el8.x86_64
SELinux Policy RPM selinux-policy-targeted-3.14.3-72.el8.noarch
Local Policy RPM selinux-policy-targeted-3.14.3-72.el8.noarch
Selinux Enabled True
Policy Type targeted
Enforcing Mode Enforcing
Host Name
Platform Linux 4.18.0-315.el8.x86_64 #1 SMP Mon
                              Jun 28 19:09:44 UTC 2021 x86_64 x86_64
Alert Count 25
First Seen 2021-07-06 10:32:24 CET
Last Seen 2021-07-11 04:56:01 CET
Local ID a2f3d2c4-dae7-48ba-96fc-acbb80fed4e1

Raw Audit Messages
type=AVC msg=audit(1625975761.656:55): avc: denied { getattr } for pid=1390 comm="systemctl" name="/" dev="dm-0" ino=128 scontext=system_u:system_r:cockpit_ws_t:s0 tcontext=system_u:object_r:fs_t:s0 tclass=filesystem permissive=0

type=SYSCALL msg=audit(1625975761.656:55): arch=x86_64 syscall=fstatfs success=no exit=EACCES a0=3 a1=7ffc2dd0ba80 a2=280100 a3=0 items=0 ppid=1389 pid=1390 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=systemctl exe=/usr/bin/systemctl subj=system_u:system_r:cockpit_ws_t:s0 key=(null)

Hash: systemctl,cockpit_ws_t,fs_t,filesystem,getattr
TagsNo tags attached.


There are no notes attached to this issue.

Issue History

Date Modified Username Field Change
2021-07-11 04:42 Khairi New Issue