[vbox-dev] SELinux is preventing vboxdrv.sh from write access on the directory /etc/udev/rules.d.

Samuel Rakitničan samuel.rakitnican at gmail.com
Thu Aug 25 08:11:21 GMT 2016 

Ping?

2016-07-24 17:46 GMT+02:00 Samuel Rakitničan <samuel.rakitnican at gmail.com>:

> Hi,
>
> I have VirtualBox 5.1 installed from Oracle repository. This message
> popped just now when updating Fedora 24, I suppose DKMS kicked in.
> Basically vboxdrv.sh is trying to write udev rule file but fails due
> SELinux blocking it. Not sure if that was always the case or did that
> change just recently. What should be fixed?
>
>
> Regards,
> Samuel Rakitničan
>
> --
> Full SELinux report:
>
> SELinux is preventing vboxdrv.sh from write access on the directory
> /etc/udev/rules.d.
>
> *****  Plugin catchall (100. confidence)
> suggests   **************************
>
> If you believe that vboxdrv.sh should be allowed write access on the
> rules.d directory by default.
> Then you should report this as a bug.
> You can generate a local policy module to allow this access.
> Do
> allow this access for now by executing:
> # ausearch -c 'vboxdrv.sh' --raw | audit2allow -M my-vboxdrvsh
> # semodule -X 300 -i my-vboxdrvsh.pp
>
> Additional Information:
> Source Context                system_u:system_r:init_t:s0
> Target Context                system_u:object_r:udev_rules_t:s0
> Target Objects                /etc/udev/rules.d [ dir ]
> Source                        vboxdrv.sh
> Source Path                   vboxdrv.sh
> Port                          <Unknown>
> Host                          oldiemodern
> Source RPM Packages
> Target RPM Packages           systemd-udev-229-8.fc24.x86_64
> Policy RPM                    selinux-policy-3.13.1-191.5.fc24.noarch
> Selinux Enabled               True
> Policy Type                   targeted
> Enforcing Mode                Enforcing
> Host Name                     oldiemodern
> Platform                      Linux oldiemodern 4.6.4-301.fc24.x86_64
> #1 SMP Tue
>                               Jul 12 11:50:00 UTC 2016 x86_64 x86_64
> Alert Count                   4
> First Seen                    2016-07-22 11:28:21 CEST
> Last Seen                     2016-07-24 13:33:01 CEST
> Local ID                      3ae2775f-c444-41c3-8d9c-a7a224274652
>
> Raw Audit Messages
> type=AVC msg=audit(1469359981.37:113): avc:  denied  { write }
> for  pid=747 comm="vboxdrv.sh" name="rules.d" dev="md126p2"
> ino=201327272 scontext=system_u:system_r:init_t:s0
> tcontext=system_u:object_r:udev_rules_t:s0 tclass=dir permissive=0
>
>
> Hash: vboxdrv.sh,init_t,udev_rules_t,dir,write
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.virtualbox.org/pipermail/vbox-dev/attachments/20160825/ed26f670/attachment.html>

More information about the vbox-dev mailing list