I saw a pull request in the comments of the bug, did that solve the problem?
On Mon, Apr 13, 2020 at 11:29 PM Zdenek Pytela <zpyt...@redhat.com> wrote: > > > On Mon, Apr 13, 2020 at 6:56 PM Sreyan Chakravarty <sreya...@gmail.com> > wrote: > >> I have just configured a 8GB swap file on my Fedora 31 laptop. But it >> seems that SELinux is blocking access to the swap file. >> >> SELinux is preventing systemd-sleep from read access on the file >> fedora.swap. >> >> ***** Plugin catchall (100. confidence) suggests >> ************************** >> >> If you believe that systemd-sleep should be allowed read access on the >> fedora.swap file by default. >> Then you should report this as a bug. >> You can generate a local policy module to allow this access. >> Do >> allow this access for now by executing: >> # ausearch -c 'systemd-sleep' --raw | audit2allow -M my-systemdsleep >> # semodule -X 300 -i my-systemdsleep.pp >> >> Additional Information: >> Source Context system_u:system_r:init_t:s0 >> Target Context unconfined_u:object_r:swapfile_t:s0 >> Target Objects fedora.swap [ file ] >> Source systemd-sleep >> Source Path systemd-sleep >> Port <Unknown> >> Host localhost.HPNotebook >> Source RPM Packages >> Target RPM Packages >> SELinux Policy RPM selinux-policy-3.14.4-50.fc31.noarch >> Local Policy RPM >> selinux-policy-targeted-3.14.4-50.fc31.noarch >> Selinux Enabled True >> Policy Type targeted >> Enforcing Mode Enforcing >> Host Name localhost.HPNotebook >> Platform Linux localhost.HPNotebook >> 5.5.15-200.fc31.x86_64 >> #1 SMP Thu Apr 2 19:16:17 UTC 2020 x86_64 >> x86_64 >> Alert Count 1 >> First Seen 2020-04-13 21:12:22 IST >> Last Seen 2020-04-13 21:12:22 IST >> Local ID 39955636-b570-49ae-9286-ae92b49dc1c7 >> >> Raw Audit Messages >> type=AVC msg=audit(1586792542.56:418): avc: denied { read } for >> pid=5603 comm="systemd-sleep" name="fedora.swap" dev="dm-1" ino=13 >> scontext=system_u:system_r:init_t:s0 >> tcontext=unconfined_u:object_r:swapfile_t:s0 tclass=file permissive=0 >> >> >> Hash: systemd-sleep,init_t,swapfile_t,file,read >> >> -- >> >> The above is the message I got from the SELinux trouble shooter. >> >> This is the screenshot of the problem: https://imgur.com/a/1x55clI >> >> What can I do ? >> >> I don't know a whole lot about SELinux, do I have to add a label or >> something? >> > Hi, > > There has already been reported a bugzilla: > > https://bugzilla.redhat.com/show_bug.cgi?id=1797543 > > A new domain is needed to confine systemd-sleep. As a temporary > workaround, you can create a file with the following content: > > (allow init_t swapfile_t (file (getattr open read ioctl lock))) > > insert as a custom policy module: > > semodule -i local_init_swapfile.cil > > and then remove it once the policy is updated. > > >> Please help. >> >> Thanks. >> Regards, >> Sreyan Chakravarty >> _______________________________________________ >> users mailing list -- users@lists.fedoraproject.org >> To unsubscribe send an email to users-le...@lists.fedoraproject.org >> Fedora Code of Conduct: >> https://docs.fedoraproject.org/en-US/project/code-of-conduct/ >> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines >> List Archives: >> https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org >> > > > -- > > Zdenek Pytela > Security controls team, sst_platform_security > _______________________________________________ > users mailing list -- users@lists.fedoraproject.org > To unsubscribe send an email to users-le...@lists.fedoraproject.org > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org > -- Regards, Sreyan Chakravarty
_______________________________________________ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org