VirtualBox

Ticket #15816 (closed defect: fixed)

Opened 7 months ago

Last modified 7 months ago

Fedora 24: SELinux is preventing vboxdrv.sh from write access on the directory /etc/udev/rules.d. -> should be fixed in releases higher than 5.1.4

Reported by: Billamay77 Owned by:
Priority: major Component: installer
Version: VirtualBox 5.1.4 Keywords: selinux vboxdrv.sh init_t udev_rules_t write udev
Cc: Guest type: other
Host type: Linux

Description (last modified by frank) (diff)

Installing VirtualBox-5.1.x86_64 5.1.4_110228_fedora24-1 on Fedora 24 64 bit I get:

SELinux is preventing vboxdrv.sh from write access on the directory /etc/udev/rules.d.

*****  Plugin catchall (100. confidence) suggests   **************************

If you believe that vboxdrv.sh should be allowed write access on the rules.d directory by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# ausearch -c 'vboxdrv.sh' --raw | audit2allow -M my-vboxdrvsh
# semodule -X 300 -i my-vboxdrvsh.pp

Additional Information:
Source Context                system_u:system_r:init_t:s0
Target Context                system_u:object_r:udev_rules_t:s0
Target Objects                /etc/udev/rules.d [ dir ]
Source                        vboxdrv.sh
Source Path                   vboxdrv.sh
Port                          <Unknown>
Host                          besasc
Source RPM Packages           
Target RPM Packages           systemd-udev-229-12.fc24.x86_64
Policy RPM                    selinux-policy-3.13.1-191.10.fc24.noarch
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Enforcing
Host Name                     besasc
Platform                      Linux besasc 4.6.6-300.fc24.x86_64 #1 SMP Wed Aug
                              10 21:07:35 UTC 2016 x86_64 x86_64
Alert Count                   67
First Seen                    2016-07-20 22:33:01 CEST
Last Seen                     2016-08-18 09:12:02 CEST
Local ID                      43eddcf0-0e4d-4ea8-a94f-f9adaa8efc7a

Raw Audit Messages
type=AVC msg=audit(1471504322.835:105): avc:  denied  { write } for  pid=912 comm="vboxdrv.sh" name="rules.d" dev="dm-0" ino=1045793 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:udev_rules_t:s0 tclass=dir permissive=0


Hash: vboxdrv.sh,init_t,udev_rules_t,dir,write

Change History

comment:1 Changed 7 months ago by frank

  • Description modified (diff)

comment:2 Changed 7 months ago by frank

I see this problem as well. Surprisingly the udev rule is written anyway. But I guess we need to install an SELinux rule override.

comment:3 Changed 7 months ago by michael

I think that this should be fixed as of r110563 and am uploading test builds<1> now (check the revision before testing). Unfortunately we can't provide a test build for Fedora 24, so you will have to either try the RHEL7 one, or use the "Linux 64-bit" shell script installer.

<1> https://www.virtualbox.org/wiki/Testbuilds

comment:4 Changed 7 months ago by frank

Actually here is a Fedora 24 rpm containing the fix.

comment:5 Changed 7 months ago by michael

  • Summary changed from Fedora 24: SELinux is preventing vboxdrv.sh from write access on the directory /etc/udev/rules.d. to Fedora 24: SELinux is preventing vboxdrv.sh from write access on the directory /etc/udev/rules.d. -> should be fixed in releases higher than 5.1.4

comment:6 Changed 7 months ago by frank

  • Status changed from new to closed
  • Resolution set to fixed

Fix is part of VBox 5.1.6.

Note: See TracTickets for help on using tickets.

www.oracle.com
ContactPrivacy policyTerms of Use