VirtualBox

Opened 8 years ago

Closed 8 years ago

#15816 closed defect (fixed)

Fedora 24: SELinux is preventing vboxdrv.sh from write access on the directory /etc/udev/rules.d. -> should be fixed in releases higher than 5.1.4

Reported by: Billamay77 Owned by:
Component: installer Version: VirtualBox 5.1.4
Keywords: selinux vboxdrv.sh init_t udev_rules_t write udev Cc:
Guest type: other Host type: Linux

Description (last modified by Frank Mehnert)

Installing VirtualBox-5.1.x86_64 5.1.4_110228_fedora24-1 on Fedora 24 64 bit I get: 

SELinux is preventing vboxdrv.sh from write access on the directory /etc/udev/rules.d.

*****  Plugin catchall (100. confidence) suggests   **************************

If you believe that vboxdrv.sh should be allowed write access on the rules.d directory by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# ausearch -c 'vboxdrv.sh' --raw | audit2allow -M my-vboxdrvsh
# semodule -X 300 -i my-vboxdrvsh.pp

Additional Information:
Source Context                system_u:system_r:init_t:s0
Target Context                system_u:object_r:udev_rules_t:s0
Target Objects                /etc/udev/rules.d [ dir ]
Source                        vboxdrv.sh
Source Path                   vboxdrv.sh
Port                          <Unknown>
Host                          besasc
Source RPM Packages           
Target RPM Packages           systemd-udev-229-12.fc24.x86_64
Policy RPM                    selinux-policy-3.13.1-191.10.fc24.noarch
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Enforcing
Host Name                     besasc
Platform                      Linux besasc 4.6.6-300.fc24.x86_64 #1 SMP Wed Aug
                              10 21:07:35 UTC 2016 x86_64 x86_64
Alert Count                   67
First Seen                    2016-07-20 22:33:01 CEST
Last Seen                     2016-08-18 09:12:02 CEST
Local ID                      43eddcf0-0e4d-4ea8-a94f-f9adaa8efc7a

Raw Audit Messages
type=AVC msg=audit(1471504322.835:105): avc:  denied  { write } for  pid=912 comm="vboxdrv.sh" name="rules.d" dev="dm-0" ino=1045793 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:udev_rules_t:s0 tclass=dir permissive=0


Hash: vboxdrv.sh,init_t,udev_rules_t,dir,write

Change History (6)

comment:1 by Frank Mehnert, 8 years ago

Description: modified (diff)

comment:2 by Frank Mehnert, 8 years ago

I see this problem as well. Surprisingly the udev rule is written anyway. But I guess we need to install an SELinux rule override.

comment:3 by Michael Thayer, 8 years ago

I think that this should be fixed as of r110563 and am uploading test builds<1> now (check the revision before testing). Unfortunately we can't provide a test build for Fedora 24, so you will have to either try the RHEL7 one, or use the "Linux 64-bit" shell script installer.

<1> https://www.virtualbox.org/wiki/Testbuilds

comment:4 by Frank Mehnert, 8 years ago

Actually here is a Fedora 24 rpm containing the fix.

comment:5 by Michael Thayer, 8 years ago

Summary: Fedora 24: SELinux is preventing vboxdrv.sh from write access on the directory /etc/udev/rules.d.Fedora 24: SELinux is preventing vboxdrv.sh from write access on the directory /etc/udev/rules.d. -> should be fixed in releases higher than 5.1.4

comment:6 by Frank Mehnert, 8 years ago

Resolution: fixed
Status: newclosed

Fix is part of VBox 5.1.6.

Note: See TracTickets for help on using tickets.

© 2023 Oracle
ContactPrivacy policyTerms of Use