https://bugzilla.redhat.com/show_bug.cgi?id=1337968
Bug ID: 1337968
Summary: PCP SELinux issues
Product: Fedora
Version: 23
Component: pcp
Assignee: nathans@xxxxxxxxxx
Reporter: myllynen@xxxxxxxxxx
QA Contact: extras-qa@xxxxxxxxxxxxxxxxx
CC: brolley@xxxxxxxxxx, fche@xxxxxxxxxx, lberk@xxxxxxxxxx,
mgoodwin@xxxxxxxxxx, nathans@xxxxxxxxxx,
pcp@xxxxxxxxxxx, scox@xxxxxxxxxx
Description of problem:
Latest Fedora 23 / SELinux / PCP is generating few AVCs:
# systemctl stop pmcd pmlogger pmie pmwebd
# restorecon -R / > /dev/null 2>&1
# systemctl start pmcd
type=AVC msg=audit(1463754714.313:316): avc: denied { net_admin } for
pid=2335 comm="pmcd" capability=12 scontext=system_u:system_r:pcp_pmcd_t:s0
tcontext=system_u:system_r:pcp_pmcd_t:s0 tclass=capability permissive=1
type=AVC msg=audit(1463754714.313:317): avc: denied { module_request } for
pid=2335 comm="pmcd" kmod="netdev-enp0s20u1"
scontext=system_u:system_r:pcp_pmcd_t:s0 tcontext=system_u:system_r:kernel_t:s0
tclass=system permissive=1
# systemctl start pmlogger
type=AVC msg=audit(1463754792.335:321): avc: denied { net_admin } for
pid=2353 comm="pmdalinux" capability=12
scontext=system_u:system_r:pcp_pmcd_t:s0
tcontext=system_u:system_r:pcp_pmcd_t:s0 tclass=capability permissive=1
# systemctl start pmie
# systemctl start pmwebd
# pminfo -f
type=AVC msg=audit(1463754891.663:349): avc: denied { search } for pid=2345
comm="pmdaroot" name="docker" dev="sda9" ino=273270
scontext=system_u:system_r:pcp_pmcd_t:s0
tcontext=system_u:object_r:docker_var_lib_t:s0 tclass=dir permissive=1
(Omitted the getattr AVCs reported earlier at bug 1336211).
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug
https://bugzilla.redhat.com/token.cgi?t=Ti12JqSe5B&a=cc_unsubscribe
|