Ask Your Question

sealert: SELinux is preventing x86_energy_perf from open access on the chr_file /dev/cpu/1/msr

asked 2017-07-11 10:50:29 -0500

florian gravatar image

What does the following message from sealert mean? How can one better understand all the complex information that SELinux is outputting? How do I know what processes are involved?


SELinux is preventing x86_energy_perf from open access on the chr_file /dev/cpu/1/msr.

Additional Information:
Source Context                system_u:system_r:tlp_t:s0
Target Context                system_u:object_r:device_t:s0
Target Objects                /dev/cpu/1/msr [ chr_file ]
Source                        x86_energy_perf
Source Path                   x86_energy_perf
Port                          <unknown>
Host                          f25
Source RPM Packages           
Target RPM Packages           
Policy RPM                    selinux-policy-3.13.1-225.18.fc25.noarch
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Enforcing
Platform                      Linux 4.11.6-201.fc25.x86_64 #1 SMP Tue
                              Jun 20 20:21:11 UTC 2017 x86_64 x86_64
Alert Count                   2
First Seen                    2017-06-15 13:53:00 EDT
Last Seen                     2017-06-27 14:24:25 EDT
Local ID                      e201b758-5695-4cff-9396-8e1e9b99400c

Raw Audit Messages
type=AVC msg=audit(1498587865.671:424): avc:  denied  { open } for  pid=25969 comm="x86_energy_perf" path="/dev/cpu/1/msr" dev="devtmpfs" ino=1002263 scontext=system_u:system_r:tlp_t:s0 tcontext=system_u:object_r:device_t:s0 tclass=chr_file permissive=1

Hash: x86_energy_perf,tlp_t,device_t,chr_file,open

I would appreciate help to decide whether allowing or blocking that access. (Unfortunately, I have many more SELinux warnings, where I have no clue what causes them and if they are relevant or not).

edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted

answered 2017-07-12 00:46:34 -0500

villykruse gravatar image

It looks like you need to relabel all your files:

sudo touch   /.autorelabel

Then be patient when rebooting as the relabelling process will take quite a while.

The program x86_energy_perf_policy was trying to access the device file /dev/cpu/1/msr, but was denied by selinux. I suspect that the program might have been mislabelled; thus the suggestion to relabel all the files to the way it is supposed to be,

edit flag offensive delete link more


Why relabel all, and not just /dev/cpu/1/msr?

florian gravatar imageflorian ( 2017-07-12 00:54:35 -0500 )edit

because of the many other selinux warnings. And I don't beleive that /dev/cpu/1/msr is the file that is mislabeled.

villykruse gravatar imagevillykruse ( 2017-07-12 01:08:19 -0500 )edit

Question Tools

1 follower


Asked: 2017-07-11 10:50:29 -0500

Seen: 196 times

Last updated: Jul 12 '17