RHEL Server 7.3 final version - SELinux Alert

Latest response

After successfully upgrading to RHEL Server 7.3 today, I received this warning message from the SELinux Alert Browser tool :
SELinux has detected a problem - SELinux is preventing /usr/libexec/colord from read access on the file /etc/udev/hwdb.bin.
As suggested I generated a local policy module to allow this access and deleted the message from the Alert Troubleshoot list .
But after rebooting the server the warning message appeared again - though running semodule -l shows the my-colord entry.
To be sure that it didn't happen accidentally, I repeated the procedure, but after another restart the message appeared again.
Does anybody have an idea what the root cause is and what I have to do to make this warning disappear ... or is it a just bug ?

Responses

Christian,

Interested to know the label that is on /etc/udev/hwdb.bin?

May be related to this: https://github.com/systemd/systemd/issues/3458

Bugzilla for above: https://bugzilla.redhat.com/show_bug.cgi?id=1343648

Although the Bugzilla suggests this is fixed in 7.3.

Thank you very much for your response. :) Below you find the required information.

ls -Z /etc/udev/hwdb.bin
-r--r--r--. root root system_u:object_r:systemd_hwdb_etc_t:s0 /etc/udev/hwdb.bin

There was a SELinux version update available today : selinux-policy-3.13.1-102.el7_3.4.noarch
I removed the module I had created to check whether the updated packages changed the situation.
After a restart the message appeared and I re-created the module ... after another restart it was gone.
So it looks like that indeed it was the bug you mentioned even though the label was already correct, right ?

Thanks for being interested ... sorry, I accidentally didn't use the reply option. :)

Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.