[vbox-dev] SELinux is preventing vboxdrv.sh from write access on the directory /etc/udev/rules.d.

Samuel Rakitničan samuel.rakitnican at gmail.com
Sun Jul 24 16:03:19 UTC 2016


I have VirtualBox 5.1 installed from Oracle repository. This message
popped just now when updating Fedora 24, I suppose DKMS kicked in.
Basically vboxdrv.sh is trying to write udev rule file but fails due
SELinux blocking it. Not sure if that was always the case or did that
change just recently. What should be fixed?

Samuel Rakitničan

Full SELinux report:

SELinux is preventing vboxdrv.sh from write access on the directory

*****  Plugin catchall (100. confidence)
suggests   **************************

If you believe that vboxdrv.sh should be allowed write access on the
rules.d directory by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
allow this access for now by executing:
# ausearch -c 'vboxdrv.sh' --raw | audit2allow -M my-vboxdrvsh
# semodule -X 300 -i my-vboxdrvsh.pp

Additional Information:
Source Context                system_u:system_r:init_t:s0
Target Context                system_u:object_r:udev_rules_t:s0
Target Objects                /etc/udev/rules.d [ dir ]
Source                        vboxdrv.sh
Source Path                   vboxdrv.sh
Port                          <Unknown>
Host                          oldiemodern
Source RPM Packages
Target RPM Packages           systemd-udev-229-8.fc24.x86_64
Policy RPM                    selinux-policy-3.13.1-191.5.fc24.noarch
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Enforcing
Host Name                     oldiemodern
Platform                      Linux oldiemodern 4.6.4-301.fc24.x86_64
#1 SMP Tue
                              Jul 12 11:50:00 UTC 2016 x86_64 x86_64
Alert Count                   4
First Seen                    2016-07-22 11:28:21 CEST
Last Seen                     2016-07-24 13:33:01 CEST
Local ID                      3ae2775f-c444-41c3-8d9c-a7a224274652

Raw Audit Messages
type=AVC msg=audit(1469359981.37:113): avc:  denied  { write }
for  pid=747 comm="vboxdrv.sh" name="rules.d" dev="md126p2"
ino=201327272 scontext=system_u:system_r:init_t:s0
tcontext=system_u:object_r:udev_rules_t:s0 tclass=dir permissive=0

Hash: vboxdrv.sh,init_t,udev_rules_t,dir,write
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.virtualbox.org/pipermail/vbox-dev/attachments/20160724/5c545b3d/attachment.html>

More information about the vbox-dev mailing list