[vbox-dev] SELinux is preventing vboxdrv.sh from write access on the directory /etc/udev/rules.d.
Frank Mehnert
frank.mehnert at oracle.com
Thu Aug 25 08:36:07 UTC 2016
Hi Samuel,
thanks for your analysis and sorry for not yet responding. It is true that
vboxdrv.sh should have access to /etc/udev/rules.d.
At the moment some things take longer due to vacation time but I promise
that your suggestion is not lost.
Kind regards,
Frank
On Thursday, 25 August 2016 10:11:21 CEST Samuel Rakitničan wrote:
> Ping?
>
> 2016-07-24 17:46 GMT+02:00 Samuel Rakitničan <samuel.rakitnican at gmail.com>:
> > Hi,
> >
> > I have VirtualBox 5.1 installed from Oracle repository. This message
> > popped just now when updating Fedora 24, I suppose DKMS kicked in.
> > Basically vboxdrv.sh is trying to write udev rule file but fails due
> > SELinux blocking it. Not sure if that was always the case or did that
> > change just recently. What should be fixed?
> >
> >
> > Regards,
> > Samuel Rakitničan
> >
> > --
> > Full SELinux report:
> >
> > SELinux is preventing vboxdrv.sh from write access on the directory
> > /etc/udev/rules.d.
> >
> > ***** Plugin catchall (100. confidence)
> > suggests **************************
> >
> > If you believe that vboxdrv.sh should be allowed write access on the
> > rules.d directory by default.
> > Then you should report this as a bug.
> > You can generate a local policy module to allow this access.
> > Do
> > allow this access for now by executing:
> > # ausearch -c 'vboxdrv.sh' --raw | audit2allow -M my-vboxdrvsh
> > # semodule -X 300 -i my-vboxdrvsh.pp
> >
> > Additional Information:
> > Source Context system_u:system_r:init_t:s0
> > Target Context system_u:object_r:udev_rules_t:s0
> > Target Objects /etc/udev/rules.d [ dir ]
> > Source vboxdrv.sh
> > Source Path vboxdrv.sh
> > Port <Unknown>
> > Host oldiemodern
> > Source RPM Packages
> > Target RPM Packages systemd-udev-229-8.fc24.x86_64
> > Policy RPM selinux-policy-3.13.1-191.5.fc24.noarch
> > Selinux Enabled True
> > Policy Type targeted
> > Enforcing Mode Enforcing
> > Host Name oldiemodern
> > Platform Linux oldiemodern 4.6.4-301.fc24.x86_64
> > #1 SMP Tue
> >
> > Jul 12 11:50:00 UTC 2016 x86_64 x86_64
> >
> > Alert Count 4
> > First Seen 2016-07-22 11:28:21 CEST
> > Last Seen 2016-07-24 13:33:01 CEST
> > Local ID 3ae2775f-c444-41c3-8d9c-a7a224274652
> >
> > Raw Audit Messages
> > type=AVC msg=audit(1469359981.37:113): avc: denied { write }
> > for pid=747 comm="vboxdrv.sh" name="rules.d" dev="md126p2"
> > ino=201327272 scontext=system_u:system_r:init_t:s0
> > tcontext=system_u:object_r:udev_rules_t:s0 tclass=dir permissive=0
> >
> >
> > Hash: vboxdrv.sh,init_t,udev_rules_t,dir,write
--
Dr.-Ing. Frank Mehnert | Software Development Director, VirtualBox
ORACLE Deutschland B.V. & Co. KG | Werkstr. 24 | 71384 Weinstadt, Germany
ORACLE Deutschland B.V. & Co. KG
Hauptverwaltung: Riesstraße 25, D-80992 München
Registergericht: Amtsgericht München, HRA 95603
Komplementärin: ORACLE Deutschland Verwaltung B.V.
Hertogswetering 163/167, 3543 AS Utrecht, Niederlande
Handelsregister der Handelskammer Midden-Niederlande, Nr. 30143697
Geschäftsführer: Alexander van der Ven, Jan Schultheiss, Val Maher
More information about the vbox-dev
mailing list