https://bugzilla.suse.com/show_bug.cgi?id=1223260 Bug ID: 1223260 Summary: SELinux denies pcp Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: security-team@suse.de Reporter: felix.niederwanger@suse.com QA Contact: qa-bugs@suse.de Target Milestone: --- Found By: --- Blocker: --- Created attachment 874416 --> https://bugzilla.suse.com/attachment.cgi?id=874416&action=edit ausearch -ts boot -m avc On MicroOS starting pmlogger with SELinux in enforcing mode fails with several SELinux related denials
Apr 22 13:14:01 microos systemd[1]: Starting Performance Metrics Archive Logger... Apr 22 13:14:01 microos rc[2682]: /etc/pcp/pmlogger/rc: line 153: /var/lib/pcp/tmp/pmlogger_rc.d9N3i7aLW/tmp: Permission denied Apr 22 13:14:01 microos rc[2750]: /etc/pcp/pmlogger/rc: line 92: /var/lib/pcp/tmp/pmlogger_rc_start.7vdZJLmGN/pmcheck.out: Permission denied Apr 22 13:14:01 microos systemd[1]: pmlogger.service: Main process exited, code=exited, status=1/FAILURE Apr 22 13:14:01 microos systemd[1]: pmlogger.service: Failed with result 'exit-code'. Apr 22 13:14:01 microos systemd[1]: Failed to start Performance Metrics Archive Logger. Apr 22 13:14:01 microos systemd[1]: pmlogger.service: Scheduled restart job, restart counter is at 1. Apr 22 13:14:01 microos systemd[1]: Stopped Performance Metrics Archive Logger. Apr 22 13:14:01 microos systemd[1]: Starting Performance Metrics Archive Logger... Apr 22 13:14:01 microos rc[2958]: /etc/pcp/pmlogger/rc: line 153: /var/lib/pcp/tmp/pmlogger_rc.yWYJd9JBe/tmp: Permission denied Apr 22 13:14:01 microos rc[2991]: /etc/pcp/pmlogger/rc: line 92: /var/lib/pcp/tmp/pmlogger_rc_start.OcmNVcLdA/pmcheck.out: Permission denied Apr 22 13:14:01 microos systemd[1]: pmlogger.service: Main process exited, code=exited, status=1/FAILURE Apr 22 13:14:01 microos systemd[1]: pmlogger.service: Failed with result 'exit-code'. Apr 22 13:14:01 microos systemd[1]: Failed to start Performance Metrics Archive Logger. ...
I'm attaching the output of ausearch -ts boot -m avc, failures are coming from the rc program and related to tmp and pmcheck.out. -- You are receiving this mail because: You are on the CC list for the bug.