Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 1510478 - SELinux is preventing vboxdrv.sh from 'create' accesses on the plik vbox-install.log.
Summary: SELinux is preventing vboxdrv.sh from 'create' accesses on the plik vbox-inst...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy
Version: 28
Hardware: x86_64
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Lukas Vrabec
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard: abrt_hash:d6b53ff203fa077bd9359a25599...
: 1575220 (view as bug list)
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2017-11-07 14:11 UTC by Marcin
Modified: 2018-11-04 12:18 UTC (History)
51 users (show)

Fixed In Version: selinux-policy-3.14.1-44.fc28
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2018-10-09 03:09:37 UTC


Attachments (Terms of Use)

Description Marcin 2017-11-07 14:11:55 UTC
Description of problem:
Automatic vbox creation of modules during startup with new kernel. Happened after upgrade to current Fedora 27.
SELinux is preventing vboxdrv.sh from 'create' accesses on the file vbox-install.log.

*****  Plugin catchall (100. confidence) suggests   **************************

If aby vboxdrv.sh powinno mieć domyślnie create dostęp do vbox-install.log file.
Then proszę to zgłosić jako błąd.
Można utworzyć lokalny moduł polityki, aby umożliwić ten dostęp.
Do
allow this access for now by executing:
# ausearch -c 'vboxdrv.sh' --raw | audit2allow -M my-vboxdrvsh
# semodule -X 300 -i my-vboxdrvsh.pp

Additional Information:
Source Context                system_u:system_r:init_t:s0
Target Context                system_u:object_r:var_log_t:s0
Target Objects                vbox-install.log [ file ]
Source                        vboxdrv.sh
Source Path                   vboxdrv.sh
Port                          <Nieznane>
Host                          (removed)
Source RPM Packages           
Target RPM Packages           
Policy RPM                    <Nieznane>
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Enforcing
Host Name                     (removed)
Platform                      Linux (removed) 4.11.9-200.fc25.x86_64 #1 SMP Wed
                              Jul 5 18:19:05 UTC 2017 x86_64 x86_64
Alert Count                   16
First Seen                    2017-03-24 19:39:25 CET
Last Seen                     2017-07-15 21:57:09 CEST
Local ID                      51b6b8d7-a220-4ca2-a474-072282e29a70

Raw Audit Messages
type=AVC msg=audit(1500148629.125:95): avc:  denied  { create } for  pid=1584 comm="vboxdrv.sh" name="vbox-install.log" scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:var_log_t:s0 tclass=file permissive=0


Hash: vboxdrv.sh,init_t,var_log_t,file,create


Additional info:
component:      selinux-policy
reporter:       libreport-2.9.2
hashmarkername: setroubleshoot
kernel:         4.13.9-300.fc27.x86_64
type:           libreport

Potential duplicate: bug 1381179

Comment 1 a0c42f44 2017-11-15 15:50:12 UTC
*** Bug 1513571 has been marked as a duplicate of this bug. ***

Comment 2 Wojciech Sciesinski 2017-12-02 11:07:24 UTC
Description of problem:
I've installed VirtualBox using a package downloaded from the project web page.


Additional info:
reporter:       libreport-2.9.3
hashmarkername: setroubleshoot
kernel:         4.13.15-300.fc27.x86_64
type:           libreport

Comment 3 FlyDove 2018-01-24 10:46:22 UTC
*** Bug 1538038 has been marked as a duplicate of this bug. ***

Comment 4 Hariharasudhan 2018-01-31 16:19:13 UTC
*** Bug 1540655 has been marked as a duplicate of this bug. ***

Comment 5 Maksim Radevski 2018-02-06 10:50:38 UTC
Description of problem:
I was configuring a virtual machine in Oracle VirtualBox that would run ReactOS with 256MiB RAM and 4GiB Storage. On startup it errored out that I should start
"/vboxconfig" file in "/sbin/" folder as root. Even that errored out. What should I do?

Here are my system specifications:
(It's a laptop)
CPU: Intel Pentium N3540 2.16GHz 4-Core
RAM: 4GiB DDR3
GPU: Integrated Intel HD Graphics Mobile 1536MiB vRAM
HDD: 500GiB HDD (40GiB allocated to Fedora) (GPT Partition Table)
Display: Internal TN 1366x768 15,6" + External 1080p IPS Display (Connected through VGA)
OS: Fedora 27 64-bit + Windows 8.1 Pro 64-bit

Version-Release number of selected component:
selinux-policy-3.13.1-283.21.fc27.noarch

Additional info:
reporter:       libreport-2.9.3
hashmarkername: setroubleshoot
kernel:         4.14.16-300.fc27.x86_64
type:           libreport

Comment 6 Nicolas KAROLAK 2018-02-08 07:48:52 UTC
Description of problem:
I start manually vboxdrv when i want to use VirtualBox: sudo systemctl start vboxdrv.service
I use VirtualBox 5.2 from Oracle repository.

Version-Release number of selected component:
selinux-policy-3.13.1-283.24.fc27.noarch

Additional info:
reporter:       libreport-2.9.3
hashmarkername: setroubleshoot
kernel:         4.14.16-300.fc27.x86_64
type:           libreport

Comment 7 A. Lloyd Flanagan 2018-02-28 01:27:26 UTC
Description of problem:
Unfortunately am not aware that I did anything to activate vboxdrv.sh. Perhaps it was related to SELinux problems on rpm upgrades?


Additional info:
reporter:       libreport-2.9.3
hashmarkername: setroubleshoot
kernel:         4.15.3-300.fc27.x86_64
type:           libreport

Comment 8 Brian Exelbierd 2018-03-10 17:54:58 UTC
Description of problem:
Updated VirtualBox

Version-Release number of selected component:
selinux-policy-3.13.1-283.26.fc27.noarch

Additional info:
reporter:       libreport-2.9.3
hashmarkername: setroubleshoot
kernel:         4.15.6-300.fc27.x86_64
type:           libreport

Comment 9 qosmo96 2018-03-11 09:55:37 UTC
Description of problem:
Upgrading from Fedora 25 to 27 I was no longer able to launch Virtualbox.

Version-Release number of selected component:
selinux-policy-3.13.1-283.26.fc27.noarch

Additional info:
reporter:       libreport-2.9.3
hashmarkername: setroubleshoot
kernel:         4.15.6-300.fc27.x86_64
type:           libreport

Comment 10 Ned 2018-03-29 08:57:58 UTC
Description of problem:
don't have details, noticed this just after upgrading from F26 to F27
HTH

Version-Release number of selected component:
selinux-policy-3.13.1-283.29.fc27.noarch

Additional info:
reporter:       libreport-2.9.3
hashmarkername: setroubleshoot
kernel:         4.15.12-301.fc27.x86_64
type:           libreport

Comment 11 J. Alexander Jacocks 2018-04-03 13:56:10 UTC
Description of problem:
During the upgrade process, after package installation, VirtualBox was attempting to rebuild its modules.  The attempt to log the creation of the modules failed, due to SELinux restrictions.

Version-Release number of selected component:
selinux-policy-3.13.1-283.30.fc27.noarch

Additional info:
reporter:       libreport-2.9.3
hashmarkername: setroubleshoot
kernel:         4.15.13-300.fc27.x86_64
type:           libreport

Comment 12 Brian Exelbierd 2018-04-05 07:03:32 UTC
Reopening as original reporter closed it but this keeps getting marked as the master for new reports.

Comment 13 Andres 2018-04-29 03:11:38 UTC
Description of problem:
When turn on pc, after login password it stuck frezed, I manually reboot and then I receive the SELINUX error report

Version-Release number of selected component:
selinux-policy-3.13.1-283.32.fc27.noarch

Additional info:
reporter:       libreport-2.9.3
hashmarkername: setroubleshoot
kernel:         4.16.3-200.fc27.x86_64
type:           libreport

Comment 14 Rafael Ruiz 2018-06-25 17:59:01 UTC
Description of problem:
I updated Fedora (dnf update) and it started to report some selinux problems like this

Version-Release number of selected component:
selinux-policy-3.13.1-283.35.fc27.noarch

Additional info:
reporter:       libreport-2.9.3
hashmarkername: setroubleshoot
kernel:         4.16.17-200.fc27.x86_64
type:           libreport

Comment 15 kaig55 2018-07-05 17:21:27 UTC
Description of problem:
1. Downloaded and installed VirtualBox with rpm file and rpm fusion then used dnf install to install the kernel.
2. Kept installing older version of VirtualBox so installed direct from their repository
3. New to linux so didn't keep track of the files and couldn't tell if I deleted or cleaned up all the unecessary files
4. Left then kept getting notifications about tainted modules "vboxdrv" 
5. Thought I deleted the modules but obviously not 

Version-Release number of selected component:
selinux-policy-3.13.1-283.34.fc27.noarch

Additional info:
reporter:       libreport-2.9.3
hashmarkername: setroubleshoot
kernel:         4.17.3-100.fc27.x86_64
type:           libreport

Comment 16 Alex. H. F. 2018-07-16 20:08:13 UTC
Description of problem:
After upgrading system Kernel and some other packages, rebooted system and this message poped up.


Additional info:
reporter:       libreport-2.9.3
hashmarkername: setroubleshoot
kernel:         4.17.5-100.fc27.x86_64
type:           libreport

Comment 17 Lukas Vrabec 2018-07-23 21:39:14 UTC
*** Bug 1575220 has been marked as a duplicate of this bug. ***

Comment 18 Chad Farmer 2018-07-27 16:26:50 UTC
Description of problem:
On July 26 I did a "dnf --refresh upgrade".  On subsequent login was presented with this SELinux error.
On desktop login I was presented with the SELinux altert.  I assume a script should be able to create 
a log file in /var/log, so I'm submitting a bug report. 

Version-Release number of selected component:
selinux-policy-3.13.1-283.35.fc27.noarch

Additional info:
reporter:       libreport-2.9.3
hashmarkername: setroubleshoot
kernel:         4.17.7-100.fc27.x86_64
type:           libreport

Comment 19 Leo Knoll 2018-08-05 09:59:31 UTC
Description of problem:
Having installed oracle VM I received the SELinux secruity alert straight away

Version-Release number of selected component:
selinux-policy-3.13.1-283.35.fc27.noarch

Additional info:
reporter:       libreport-2.9.3
hashmarkername: setroubleshoot
kernel:         4.17.11-100.fc27.x86_64
type:           libreport

Comment 20 FlyDove 2018-08-12 10:35:46 UTC
Description of problem:
Oracle VirtualBox VM On 4.13.16.302 FC 27

Version-Release number of selected component:
selinux-policy-3.14.1-37.fc28.noarch

Additional info:
reporter:       libreport-2.9.5
hashmarkername: setroubleshoot
kernel:         4.13.16-302.fc27.x86_64
type:           libreport

Comment 21 r_mun 2018-08-14 07:55:05 UTC
Description of problem:
Occurs after dnf update and reboot

Version-Release number of selected component:
selinux-policy-3.14.1-37.fc28.noarch

Additional info:
reporter:       libreport-2.9.5
hashmarkername: setroubleshoot
kernel:         4.17.12-200.fc28.x86_64
type:           libreport

Comment 22 Brian (bex) Exelbierd 2018-08-15 16:35:10 UTC
bumping to F28 as it is still present.

Comment 23 Joe Spencer 2018-08-17 04:01:44 UTC
Description of problem:
Installed virtual box via rpm.  rebooted.

Version-Release number of selected component:
selinux-policy-3.14.1-40.fc28.noarch

Additional info:
reporter:       libreport-2.9.5
hashmarkername: setroubleshoot
kernel:         4.17.14-202.fc28.x86_64
type:           libreport

Comment 24 pokho 2018-08-18 11:55:10 UTC
Description of problem:
After doing 'sudo dnf update' I rebooted my machine and when I logged in again, the first notification I got was from SELinux giving me this warning message about vboxdrv.
But other than that I dont know what caused it, I suspect that it has always been this way but now it is just being detected.

Note
THIS IS REALLY COOL THAT THIS VERSION OF FEDORA INTEGRATES SELINUX AND BUG REPORTING ON THE OS-LEVEL! I LOVE IT!!!

Version-Release number of selected component:
selinux-policy-3.14.1-40.fc28.noarch

Additional info:
reporter:       libreport-2.9.5
hashmarkername: setroubleshoot
kernel:         4.17.14-202.fc28.x86_64
type:           libreport

Comment 25 Ian Wallace 2018-08-20 21:32:15 UTC
Description of problem:
Recent upgrade with 'dnf upgrade' and then reboot caused SELinux to start complaining on startup that doesn't have access to log file.

Version-Release number of selected component:
selinux-policy-3.14.1-40.fc28.noarch

Additional info:
reporter:       libreport-2.9.5
hashmarkername: setroubleshoot
kernel:         4.17.14-202.fc28.x86_64
type:           libreport

Comment 26 r_mun 2018-08-29 08:42:55 UTC
Description of problem:
kernel update

Version-Release number of selected component:
selinux-policy-3.14.1-40.fc28.noarch

Additional info:
reporter:       libreport-2.9.5
hashmarkername: setroubleshoot
kernel:         4.17.18-200.fc28.x86_64
type:           libreport

Comment 27 r_mun 2018-08-30 09:41:44 UTC
Description of problem:
happened on system re-start-up after kernel update

Version-Release number of selected component:
selinux-policy-3.14.1-40.fc28.noarch

Additional info:
reporter:       libreport-2.9.5
hashmarkername: setroubleshoot
kernel:         4.17.19-200.fc28.x86_64
type:           libreport

Comment 28 Yvan Roy 2018-08-31 10:44:19 UTC
Description of problem:
On booting after updating new kernel. 

I can allow this access for now by executing (local policy):

# ausearch -c 'vboxdrv.sh' --raw | audit2allow -M my-vboxdrvsh
# semodule -X 300 -i my-vboxdrvsh.pp

but on the next kernel update the problem comes back.

Version-Release number of selected component:
selinux-policy-3.14.1-40.fc28.noarch

Additional info:
reporter:       libreport-2.9.5
hashmarkername: setroubleshoot
kernel:         4.17.19-200.fc28.x86_64
type:           libreport

Comment 29 Lukas Vrabec 2018-09-01 22:01:47 UTC
Hi, 

No if you add SELinux module as you mentioned in your comment:

I can allow this access for now by executing (local policy):

# ausearch -c 'vboxdrv.sh' --raw | audit2allow -M my-vboxdrvsh
# semodule -X 300 -i my-vboxdrvsh.pp

The change will be permanent.

Comment 30 cutnioff 2018-09-07 03:55:21 UTC
Description of problem:
Booted system

Version-Release number of selected component:
selinux-policy-3.14.1-40.fc28.noarch

Additional info:
reporter:       libreport-2.9.5
hashmarkername: setroubleshoot
kernel:         4.17.19-200.fc28.x86_64
type:           libreport

Comment 31 neoxant 2018-09-14 10:41:11 UTC
Description of problem:
SEApplet show me this alert after logging in. No other tasks been performed prior this.

Version-Release number of selected component:
selinux-policy-3.14.1-42.fc28.noarch

Additional info:
reporter:       libreport-2.9.5
hashmarkername: setroubleshoot
kernel:         4.18.5-200.fc28.x86_64
type:           libreport

Comment 32 Thomas Wright 2018-09-19 12:28:12 UTC
Description of problem:
SELinux message occuring after update.

Version-Release number of selected component:
selinux-policy-3.14.1-42.fc28.noarch

Additional info:
reporter:       libreport-2.9.5
hashmarkername: setroubleshoot
kernel:         4.18.7-200.fc28.x86_64
type:           libreport

Comment 33 Fedora Update System 2018-10-05 08:51:36 UTC
selinux-policy-3.14.1-44.fc28 has been submitted as an update to Fedora 28. https://bodhi.fedoraproject.org/updates/FEDORA-2018-5e18426088

Comment 34 Fedora Update System 2018-10-05 19:32:26 UTC
selinux-policy-3.14.1-44.fc28 has been pushed to the Fedora 28 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-5e18426088

Comment 35 Fedora Update System 2018-10-09 03:09:37 UTC
selinux-policy-3.14.1-44.fc28 has been pushed to the Fedora 28 stable repository. If problems still persist, please make note of it in this bug report.

Comment 36 Robert Garcia 2018-10-14 15:49:57 UTC
*** Bug 1639033 has been marked as a duplicate of this bug. ***


Note You need to log in before you can comment on or make changes to this bug.