Re: SELinux is blocking hibernate

Mon, 13 Apr 2020 10:02:05 -0700 

Look like is an existing bug:
https://bugzilla.redhat.com/show_bug.cgi?id=1797543

In SELinux are there any ways of adding domains ?

On Mon, Apr 13, 2020 at 10:21 PM Sreyan Chakravarty <sreya...@gmail.com>
wrote:

> I have just configured a 8GB swap file on my Fedora 31 laptop. But it
> seems that SELinux is blocking access to the swap file.
>
> SELinux is preventing systemd-sleep from read access on the file
> fedora.swap.
>
> *****  Plugin catchall (100. confidence) suggests
> **************************
>
> If you believe that systemd-sleep should be allowed read access on the
> fedora.swap file by default.
> Then you should report this as a bug.
> You can generate a local policy module to allow this access.
> Do
> allow this access for now by executing:
> # ausearch -c 'systemd-sleep' --raw | audit2allow -M my-systemdsleep
> # semodule -X 300 -i my-systemdsleep.pp
>
> Additional Information:
> Source Context                system_u:system_r:init_t:s0
> Target Context                unconfined_u:object_r:swapfile_t:s0
> Target Objects                fedora.swap [ file ]
> Source                        systemd-sleep
> Source Path                   systemd-sleep
> Port                          <Unknown>
> Host                          localhost.HPNotebook
> Source RPM Packages
> Target RPM Packages
> SELinux Policy RPM            selinux-policy-3.14.4-50.fc31.noarch
> Local Policy RPM              selinux-policy-targeted-3.14.4-50.fc31.noarch
> Selinux Enabled               True
> Policy Type                   targeted
> Enforcing Mode                Enforcing
> Host Name                     localhost.HPNotebook
> Platform                      Linux localhost.HPNotebook
> 5.5.15-200.fc31.x86_64
>                               #1 SMP Thu Apr 2 19:16:17 UTC 2020 x86_64
> x86_64
> Alert Count                   1
> First Seen                    2020-04-13 21:12:22 IST
> Last Seen                     2020-04-13 21:12:22 IST
> Local ID                      39955636-b570-49ae-9286-ae92b49dc1c7
>
> Raw Audit Messages
> type=AVC msg=audit(1586792542.56:418): avc:  denied  { read } for
>  pid=5603 comm="systemd-sleep" name="fedora.swap" dev="dm-1" ino=13
> scontext=system_u:system_r:init_t:s0
> tcontext=unconfined_u:object_r:swapfile_t:s0 tclass=file permissive=0
>
>
> Hash: systemd-sleep,init_t,swapfile_t,file,read
>
> --
>
> The above is the message I got from the SELinux trouble shooter.
>
> This is the screenshot of the problem: https://imgur.com/a/1x55clI
>
> What can I do ?
>
> I don't know a whole lot about SELinux, do I have to add a label or
> something?
>
> Please help.
>
> Thanks.
> Regards,
> Sreyan Chakravarty
>


-- 
Regards,
Sreyan Chakravarty

_______________________________________________
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org

Reply via email to