SELinux blocks LVM access to `rhsmd`
I'm not sure if this is the intended behavior. I had a trial to RHEVM for 60 days. I never even used it, but that's beside the point. After the trial subscription expired, running
subscription-manager clean
subscription-manager register
and removing all other systems via redhat.com customer portal, the following SELinux notifications started showing:
```
setroubleshoot[14817]: SELinux is preventing /usr/bin/python2.7 from read access on the file /etc/selinux/targeted/contexts/files/file_contexts.subs. For complete SELinux messages. run sealert -l 4f17ac6c-8357-412c-84ec-e40243512ebe
python[14817]: SELinux is preventing /usr/bin/python2.7 from read access on the file /etc/selinux/targeted/contexts/files/file_contexts.subs.
***** Plugin catchall (100. confidence) suggests **************************
If you believe that python2.7 should be allowed read access on the file_contexts.subs file by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# grep rhsmd /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp
setroubleshoot[14817]: SELinux is preventing /usr/bin/python2.7 from read access on the file /etc/selinux/targeted/contexts/files/file_contexts.subs. For complete SELinux messages. run sealert -l 4f17ac6c-8357-412c-84ec-e40243512ebe
python[14817]: SELinux is preventing /usr/bin/python2.7 from read access on the file /etc/selinux/targeted/contexts/files/file_contexts.subs.
***** Plugin catchall (100. confidence) suggests **************************
If you believe that python2.7 should be allowed read access on the file_contexts.subs file by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# grep rhsmd /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp
setroubleshoot[14817]: SELinux is preventing /usr/bin/python2.7 from getattr access on the file /etc/selinux/targeted/contexts/files/file_contexts.subs. For complete SELinux messages. run sealert -l f1dc7129-6d63-479f-8058-39ab5a3ad0ca
python[14817]: SELinux is preventing /usr/bin/python2.7 from getattr access on the file /etc/selinux/targeted/contexts/files/file_contexts.subs.
***** Plugin catchall (100. confidence) suggests **************************
If you believe that python2.7 should be allowed getattr access on the file_contexts.subs file by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# grep rhsmd /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp
setroubleshoot[14817]: SELinux is preventing /usr/bin/python2.7 from using the setfscreate access on a process. For complete SELinux messages. run sealert -l be7995ab-75cf-4cc7-9708-7928b851043c
python[14817]: SELinux is preventing /usr/bin/python2.7 from using the setfscreate access on a process.
***** Plugin catchall (100. confidence) suggests **************************
If you believe that python2.7 should be allowed setfscreate access on processes labeled rhsmcertd_t by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# grep rhsmd /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp
setroubleshoot[14817]: SELinux is preventing /usr/bin/python2.7 from 'read, write' accesses on the directory /run/lock/lvm. For complete SELinux messages. run sealert -l 6ac47b06-75ae-438b-bbbb-70081f5bf98d
python[14817]: SELinux is preventing /usr/bin/python2.7 from 'read, write' accesses on the directory /run/lock/lvm.
***** Plugin catchall (100. confidence) suggests **************************
If you believe that python2.7 should be allowed read write access on the lvm directory by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# grep rhsmd /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp
```
Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.
