I saw a pull request in the comments of the bug, did that solve the problem?
On Mon, Apr 13, 2020 at 11:29 PM Zdenek Pytela <zpyt...@redhat.com> wrote:
>
>
> On Mon, Apr 13, 2020 at 6:56 PM Sreyan Chakravarty <sreya...@gmail.com>
> wrote:
>
>> I have just configured a 8GB swap file on my Fedora 31 laptop. But it
>> seems that SELinux is blocking access to the swap file.
>>
>> SELinux is preventing systemd-sleep from read access on the file
>> fedora.swap.
>>
>> ***** Plugin catchall (100. confidence) suggests
>> **************************
>>
>> If you believe that systemd-sleep should be allowed read access on the
>> fedora.swap file by default.
>> Then you should report this as a bug.
>> You can generate a local policy module to allow this access.
>> Do
>> allow this access for now by executing:
>> # ausearch -c 'systemd-sleep' --raw | audit2allow -M my-systemdsleep
>> # semodule -X 300 -i my-systemdsleep.pp
>>
>> Additional Information:
>> Source Context system_u:system_r:init_t:s0
>> Target Context unconfined_u:object_r:swapfile_t:s0
>> Target Objects fedora.swap [ file ]
>> Source systemd-sleep
>> Source Path systemd-sleep
>> Port <Unknown>
>> Host localhost.HPNotebook
>> Source RPM Packages
>> Target RPM Packages
>> SELinux Policy RPM selinux-policy-3.14.4-50.fc31.noarch
>> Local Policy RPM
>> selinux-policy-targeted-3.14.4-50.fc31.noarch
>> Selinux Enabled True
>> Policy Type targeted
>> Enforcing Mode Enforcing
>> Host Name localhost.HPNotebook
>> Platform Linux localhost.HPNotebook
>> 5.5.15-200.fc31.x86_64
>> #1 SMP Thu Apr 2 19:16:17 UTC 2020 x86_64
>> x86_64
>> Alert Count 1
>> First Seen 2020-04-13 21:12:22 IST
>> Last Seen 2020-04-13 21:12:22 IST
>> Local ID 39955636-b570-49ae-9286-ae92b49dc1c7
>>
>> Raw Audit Messages
>> type=AVC msg=audit(1586792542.56:418): avc: denied { read } for
>> pid=5603 comm="systemd-sleep" name="fedora.swap" dev="dm-1" ino=13
>> scontext=system_u:system_r:init_t:s0
>> tcontext=unconfined_u:object_r:swapfile_t:s0 tclass=file permissive=0
>>
>>
>> Hash: systemd-sleep,init_t,swapfile_t,file,read
>>
>> --
>>
>> The above is the message I got from the SELinux trouble shooter.
>>
>> This is the screenshot of the problem: https://imgur.com/a/1x55clI
>>
>> What can I do ?
>>
>> I don't know a whole lot about SELinux, do I have to add a label or
>> something?
>>
> Hi,
>
> There has already been reported a bugzilla:
>
> https://bugzilla.redhat.com/show_bug.cgi?id=1797543
>
> A new domain is needed to confine systemd-sleep. As a temporary
> workaround, you can create a file with the following content:
>
> (allow init_t swapfile_t (file (getattr open read ioctl lock)))
>
> insert as a custom policy module:
>
> semodule -i local_init_swapfile.cil
>
> and then remove it once the policy is updated.
>
>
>> Please help.
>>
>> Thanks.
>> Regards,
>> Sreyan Chakravarty
>> _______________________________________________
>> users mailing list -- users@lists.fedoraproject.org
>> To unsubscribe send an email to users-le...@lists.fedoraproject.org
>> Fedora Code of Conduct:
>> https://docs.fedoraproject.org/en-US/project/code-of-conduct/
>> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
>> List Archives:
>> https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
>>
>
>
> --
>
> Zdenek Pytela
> Security controls team, sst_platform_security
> _______________________________________________
> users mailing list -- users@lists.fedoraproject.org
> To unsubscribe send an email to users-le...@lists.fedoraproject.org
> Fedora Code of Conduct:
> https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
> https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
>
--
Regards,
Sreyan Chakravarty
_______________________________________________
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
