Login
[x]
Log in using an account from:
Fedora Account System
Red Hat Associate
Red Hat Customer
Or login using a Red Hat Bugzilla account
Forgot Password
Login:
Hide Forgot
Create an Account
Red Hat Bugzilla – Attachment 847030 Details for
Bug 1049801
Running cuda on optimus laptops triggers selinux warnings
[?]
New
Simple Search
Advanced Search
My Links
Browse
Requests
Reports
Current State
Search
Tabular reports
Graphical reports
Duplicates
Other Reports
User Changes
Plotly Reports
Bug Status
Bug Severity
Non-Defaults
|
Product Dashboard
Help
Page Help!
Bug Writing Guidelines
What's new
Browser Support Policy
5.0.4.rh83 Release notes
FAQ
Guides index
User guide
Web Services
Contact
Legal
This site requires JavaScript to be enabled to function correctly, please enable it.
List of all SELinux allerts
selinux_alerts.txt (text/plain), 51.40 KB, created by
Arno Mayrhofer
on 2014-01-08 09:12:16 UTC
(
hide
)
Description:
List of all SELinux allerts
Filename:
MIME Type:
Creator:
Arno Mayrhofer
Created:
2014-01-08 09:12:16 UTC
Size:
51.40 KB
patch
obsolete
>**************************************************************** >1/21 >**************************************************************** >SELinux is preventing /usr/bin/kmod from getattr access on the directory /etc/modprobe.d. > >***** Plugin catchall (100. confidence) suggests ************************** > >If you believe that kmod should be allowed getattr access on the modprobe.d directory by default. >Then you should report this as a bug. >You can generate a local policy module to allow this access. >Do >allow this access for now by executing: ># grep modprobe /var/log/audit/audit.log | audit2allow -M mypol ># semodule -i mypol.pp > >Additional Information: >Source Context system_u:system_r:bumblebee_t:s0 >Target Context system_u:object_r:modules_conf_t:s0 >Target Objects /etc/modprobe.d [ dir ] >Source modprobe >Source Path /usr/bin/kmod >Port <Unknown> >Host goedel >Source RPM Packages kmod-15-1.fc20.x86_64 >Target RPM Packages kmod-15-1.fc20.x86_64 >Policy RPM selinux-policy-3.12.1-106.fc20.noarch >Selinux Enabled True >Policy Type targeted >Enforcing Mode Enforcing >Host Name goedel >Platform Linux goedel 3.12.6-300.fc20.x86_64 #1 SMP Mon Dec > 23 16:44:31 UTC 2013 x86_64 x86_64 >Alert Count 1 >First Seen 2014-01-08 09:04:19 CET >Last Seen 2014-01-08 09:04:19 CET >Local ID 14e73114-8ebc-4013-930e-8d86c1ccc89c > >Raw Audit Messages >type=AVC msg=audit(1389168259.111:697): avc: denied { getattr } for pid=6285 comm="modprobe" path="/etc/modprobe.d" dev="dm-2" ino=393298 scontext=system_u:system_r:bumblebee_t:s0 tcontext=system_u:object_r:modules_conf_t:s0 tclass=dir > > >type=SYSCALL msg=audit(1389168259.111:697): arch=x86_64 syscall=stat success=yes exit=0 a0=41d4fe a1=7fff2c38ffd0 a2=7fff2c38ffd0 a3=3638782e30326366 items=0 ppid=857 pid=6285 auid=4294967295 uid=0 gid=1001 euid=0 suid=0 fsuid=0 egid=1001 sgid=1001 fsgid=1001 ses=4294967295 tty=(none) comm=modprobe exe=/usr/bin/kmod subj=system_u:system_r:bumblebee_t:s0 key=(null) > >Hash: modprobe,bumblebee_t,modules_conf_t,dir,getattr > > >**************************************************************** >2/21 >**************************************************************** >SELinux is preventing /usr/bin/kmod from read access on the directory /etc/modprobe.d. > >***** Plugin catchall (100. confidence) suggests ************************** > >If you believe that kmod should be allowed read access on the modprobe.d directory by default. >Then you should report this as a bug. >You can generate a local policy module to allow this access. >Do >allow this access for now by executing: ># grep modprobe /var/log/audit/audit.log | audit2allow -M mypol ># semodule -i mypol.pp > >Additional Information: >Source Context system_u:system_r:bumblebee_t:s0 >Target Context system_u:object_r:modules_conf_t:s0 >Target Objects /etc/modprobe.d [ dir ] >Source modprobe >Source Path /usr/bin/kmod >Port <Unknown> >Host goedel >Source RPM Packages kmod-15-1.fc20.x86_64 >Target RPM Packages kmod-15-1.fc20.x86_64 >Policy RPM selinux-policy-3.12.1-106.fc20.noarch >Selinux Enabled True >Policy Type targeted >Enforcing Mode Enforcing >Host Name goedel >Platform Linux goedel 3.12.6-300.fc20.x86_64 #1 SMP Mon Dec > 23 16:44:31 UTC 2013 x86_64 x86_64 >Alert Count 1 >First Seen 2014-01-08 09:04:19 CET >Last Seen 2014-01-08 09:04:19 CET >Local ID 318873f3-1b81-4f50-a83d-db7e81885307 > >Raw Audit Messages >type=AVC msg=audit(1389168259.111:698): avc: denied { read } for pid=6285 comm="modprobe" name="modprobe.d" dev="dm-2" ino=393298 scontext=system_u:system_r:bumblebee_t:s0 tcontext=system_u:object_r:modules_conf_t:s0 tclass=dir > > >type=AVC msg=audit(1389168259.111:698): avc: denied { open } for pid=6285 comm="modprobe" path="/etc/modprobe.d" dev="dm-2" ino=393298 scontext=system_u:system_r:bumblebee_t:s0 tcontext=system_u:object_r:modules_conf_t:s0 tclass=dir > > >type=SYSCALL msg=audit(1389168259.111:698): arch=x86_64 syscall=openat success=yes exit=EINTR a0=ffffffffffffff9c a1=41d4fe a2=90800 a3=0 items=0 ppid=857 pid=6285 auid=4294967295 uid=0 gid=1001 euid=0 suid=0 fsuid=0 egid=1001 sgid=1001 fsgid=1001 ses=4294967295 tty=(none) comm=modprobe exe=/usr/bin/kmod subj=system_u:system_r:bumblebee_t:s0 key=(null) > >Hash: modprobe,bumblebee_t,modules_conf_t,dir,read > > >**************************************************************** >3/21 >**************************************************************** >SELinux is preventing /usr/bin/kmod from getattr access on the file /etc/modprobe.d/thinkfan.conf. > >***** Plugin catchall (100. confidence) suggests ************************** > >If you believe that kmod should be allowed getattr access on the thinkfan.conf file by default. >Then you should report this as a bug. >You can generate a local policy module to allow this access. >Do >allow this access for now by executing: ># grep modprobe /var/log/audit/audit.log | audit2allow -M mypol ># semodule -i mypol.pp > >Additional Information: >Source Context system_u:system_r:bumblebee_t:s0 >Target Context system_u:object_r:modules_conf_t:s0 >Target Objects /etc/modprobe.d/thinkfan.conf [ file ] >Source modprobe >Source Path /usr/bin/kmod >Port <Unknown> >Host goedel >Source RPM Packages kmod-15-1.fc20.x86_64 >Target RPM Packages thinkfan-0.8.1-5.fc20.x86_64 >Policy RPM selinux-policy-3.12.1-106.fc20.noarch >Selinux Enabled True >Policy Type targeted >Enforcing Mode Enforcing >Host Name goedel >Platform Linux goedel 3.12.6-300.fc20.x86_64 #1 SMP Mon Dec > 23 16:44:31 UTC 2013 x86_64 x86_64 >Alert Count 1 >First Seen 2014-01-08 09:04:19 CET >Last Seen 2014-01-08 09:04:19 CET >Local ID 4d23e89e-ee8f-4920-99e2-7e9436487cb7 > >Raw Audit Messages >type=AVC msg=audit(1389168259.111:699): avc: denied { getattr } for pid=6285 comm="modprobe" path="/etc/modprobe.d/thinkfan.conf" dev="dm-2" ino=394389 scontext=system_u:system_r:bumblebee_t:s0 tcontext=system_u:object_r:modules_conf_t:s0 tclass=file > > >type=SYSCALL msg=audit(1389168259.111:699): arch=x86_64 syscall=newfstatat success=yes exit=0 a0=4 a1=7fff2c390103 a2=7fff2c390060 a3=0 items=0 ppid=857 pid=6285 auid=4294967295 uid=0 gid=1001 euid=0 suid=0 fsuid=0 egid=1001 sgid=1001 fsgid=1001 ses=4294967295 tty=(none) comm=modprobe exe=/usr/bin/kmod subj=system_u:system_r:bumblebee_t:s0 key=(null) > >Hash: modprobe,bumblebee_t,modules_conf_t,file,getattr > > >**************************************************************** >4/21 >**************************************************************** >SELinux is preventing /usr/bin/kmod from getattr access on the file /etc/modprobe.d/blacklist.conf. > >***** Plugin catchall (100. confidence) suggests ************************** > >If you believe that kmod should be allowed getattr access on the blacklist.conf file by default. >Then you should report this as a bug. >You can generate a local policy module to allow this access. >Do >allow this access for now by executing: ># grep modprobe /var/log/audit/audit.log | audit2allow -M mypol ># semodule -i mypol.pp > >Additional Information: >Source Context system_u:system_r:bumblebee_t:s0 >Target Context unconfined_u:object_r:modules_conf_t:s0 >Target Objects /etc/modprobe.d/blacklist.conf [ file ] >Source modprobe >Source Path /usr/bin/kmod >Port <Unknown> >Host goedel >Source RPM Packages kmod-15-1.fc20.x86_64 >Target RPM Packages >Policy RPM selinux-policy-3.12.1-106.fc20.noarch >Selinux Enabled True >Policy Type targeted >Enforcing Mode Enforcing >Host Name goedel >Platform Linux goedel 3.12.6-300.fc20.x86_64 #1 SMP Mon Dec > 23 16:44:31 UTC 2013 x86_64 x86_64 >Alert Count 1 >First Seen 2014-01-08 09:04:19 CET >Last Seen 2014-01-08 09:04:19 CET >Local ID b5429096-e2e4-45d6-9515-42c8cb5f2d52 > >Raw Audit Messages >type=AVC msg=audit(1389168259.111:700): avc: denied { getattr } for pid=6285 comm="modprobe" path="/etc/modprobe.d/blacklist.conf" dev="dm-2" ino=394697 scontext=system_u:system_r:bumblebee_t:s0 tcontext=unconfined_u:object_r:modules_conf_t:s0 tclass=file > > >type=SYSCALL msg=audit(1389168259.111:700): arch=x86_64 syscall=newfstatat success=yes exit=0 a0=4 a1=7fff2c390103 a2=7fff2c390060 a3=0 items=0 ppid=857 pid=6285 auid=4294967295 uid=0 gid=1001 euid=0 suid=0 fsuid=0 egid=1001 sgid=1001 fsgid=1001 ses=4294967295 tty=(none) comm=modprobe exe=/usr/bin/kmod subj=system_u:system_r:bumblebee_t:s0 key=(null) > >Hash: modprobe,bumblebee_t,modules_conf_t,file,getattr > > >**************************************************************** >5/21 >**************************************************************** >SELinux is preventing /usr/bin/kmod from read access on the file /etc/modprobe.d/blacklist-nvidia.conf. > >***** Plugin catchall (100. confidence) suggests ************************** > >If you believe that kmod should be allowed read access on the blacklist-nvidia.conf file by default. >Then you should report this as a bug. >You can generate a local policy module to allow this access. >Do >allow this access for now by executing: ># grep modprobe /var/log/audit/audit.log | audit2allow -M mypol ># semodule -i mypol.pp > >Additional Information: >Source Context system_u:system_r:bumblebee_t:s0 >Target Context system_u:object_r:modules_conf_t:s0 >Target Objects /etc/modprobe.d/blacklist-nvidia.conf [ file ] >Source modprobe >Source Path /usr/bin/kmod >Port <Unknown> >Host goedel >Source RPM Packages kmod-15-1.fc20.x86_64 >Target RPM Packages bumblebee-nvidia-331.20-1.fc20.x86_64 >Policy RPM selinux-policy-3.12.1-106.fc20.noarch >Selinux Enabled True >Policy Type targeted >Enforcing Mode Enforcing >Host Name goedel >Platform Linux goedel 3.12.6-300.fc20.x86_64 #1 SMP Mon Dec > 23 16:44:31 UTC 2013 x86_64 x86_64 >Alert Count 1 >First Seen 2014-01-08 09:04:19 CET >Last Seen 2014-01-08 09:04:19 CET >Local ID 0e1cad70-e6c4-4d9c-a7b6-dd615b88b9f3 > >Raw Audit Messages >type=AVC msg=audit(1389168259.111:701): avc: denied { read } for pid=6285 comm="modprobe" name="blacklist-nvidia.conf" dev="dm-2" ino=393590 scontext=system_u:system_r:bumblebee_t:s0 tcontext=system_u:object_r:modules_conf_t:s0 tclass=file > > >type=AVC msg=audit(1389168259.111:701): avc: denied { open } for pid=6285 comm="modprobe" path="/etc/modprobe.d/blacklist-nvidia.conf" dev="dm-2" ino=393590 scontext=system_u:system_r:bumblebee_t:s0 tcontext=system_u:object_r:modules_conf_t:s0 tclass=file > > >type=SYSCALL msg=audit(1389168259.111:701): arch=x86_64 syscall=open success=yes exit=EINTR a0=7fff2c390210 a1=80000 a2=7fff2c390235 a3=15 items=0 ppid=857 pid=6285 auid=4294967295 uid=0 gid=1001 euid=0 suid=0 fsuid=0 egid=1001 sgid=1001 fsgid=1001 ses=4294967295 tty=(none) comm=modprobe exe=/usr/bin/kmod subj=system_u:system_r:bumblebee_t:s0 key=(null) > >Hash: modprobe,bumblebee_t,modules_conf_t,file,read > > >**************************************************************** >6/21 >**************************************************************** >SELinux is preventing /usr/bin/kmod from read access on the file /etc/modprobe.d/blacklist.conf. > >***** Plugin catchall (100. confidence) suggests ************************** > >If you believe that kmod should be allowed read access on the blacklist.conf file by default. >Then you should report this as a bug. >You can generate a local policy module to allow this access. >Do >allow this access for now by executing: ># grep modprobe /var/log/audit/audit.log | audit2allow -M mypol ># semodule -i mypol.pp > >Additional Information: >Source Context system_u:system_r:bumblebee_t:s0 >Target Context unconfined_u:object_r:modules_conf_t:s0 >Target Objects /etc/modprobe.d/blacklist.conf [ file ] >Source modprobe >Source Path /usr/bin/kmod >Port <Unknown> >Host goedel >Source RPM Packages kmod-15-1.fc20.x86_64 >Target RPM Packages >Policy RPM selinux-policy-3.12.1-106.fc20.noarch >Selinux Enabled True >Policy Type targeted >Enforcing Mode Enforcing >Host Name goedel >Platform Linux goedel 3.12.6-300.fc20.x86_64 #1 SMP Mon Dec > 23 16:44:31 UTC 2013 x86_64 x86_64 >Alert Count 1 >First Seen 2014-01-08 09:04:19 CET >Last Seen 2014-01-08 09:04:19 CET >Local ID 85ae3382-a460-4599-9ba7-9e299ef170e0 > >Raw Audit Messages >type=AVC msg=audit(1389168259.111:702): avc: denied { read } for pid=6285 comm="modprobe" name="blacklist.conf" dev="dm-2" ino=394697 scontext=system_u:system_r:bumblebee_t:s0 tcontext=unconfined_u:object_r:modules_conf_t:s0 tclass=file > > >type=AVC msg=audit(1389168259.111:702): avc: denied { open } for pid=6285 comm="modprobe" path="/etc/modprobe.d/blacklist.conf" dev="dm-2" ino=394697 scontext=system_u:system_r:bumblebee_t:s0 tcontext=unconfined_u:object_r:modules_conf_t:s0 tclass=file > > >type=SYSCALL msg=audit(1389168259.111:702): arch=x86_64 syscall=open success=yes exit=EINTR a0=7fff2c390210 a1=80000 a2=7fff2c39022e a3=e items=0 ppid=857 pid=6285 auid=4294967295 uid=0 gid=1001 euid=0 suid=0 fsuid=0 egid=1001 sgid=1001 fsgid=1001 ses=4294967295 tty=(none) comm=modprobe exe=/usr/bin/kmod subj=system_u:system_r:bumblebee_t:s0 key=(null) > >Hash: modprobe,bumblebee_t,modules_conf_t,file,read > > >**************************************************************** >7/21 >**************************************************************** >SELinux is preventing /usr/bin/kmod from search access on the directory /usr/lib/modules. > >***** Plugin catchall (100. confidence) suggests ************************** > >If you believe that kmod should be allowed search access on the modules directory by default. >Then you should report this as a bug. >You can generate a local policy module to allow this access. >Do >allow this access for now by executing: ># grep modprobe /var/log/audit/audit.log | audit2allow -M mypol ># semodule -i mypol.pp > >Additional Information: >Source Context system_u:system_r:bumblebee_t:s0 >Target Context system_u:object_r:modules_object_t:s0 >Target Objects /usr/lib/modules [ dir ] >Source modprobe >Source Path /usr/bin/kmod >Port <Unknown> >Host goedel >Source RPM Packages kmod-15-1.fc20.x86_64 >Target RPM Packages >Policy RPM selinux-policy-3.12.1-106.fc20.noarch >Selinux Enabled True >Policy Type targeted >Enforcing Mode Enforcing >Host Name goedel >Platform Linux goedel 3.12.6-300.fc20.x86_64 #1 SMP Mon Dec > 23 16:44:31 UTC 2013 x86_64 x86_64 >Alert Count 1 >First Seen 2014-01-08 09:04:19 CET >Last Seen 2014-01-08 09:04:19 CET >Local ID 2b63d09d-804e-4102-acb9-3abb8e421b9a > >Raw Audit Messages >type=AVC msg=audit(1389168259.112:703): avc: denied { search } for pid=6285 comm="modprobe" name="modules" dev="dm-2" ino=2884824 scontext=system_u:system_r:bumblebee_t:s0 tcontext=system_u:object_r:modules_object_t:s0 tclass=dir > > >type=AVC msg=audit(1389168259.112:703): avc: denied { read } for pid=6285 comm="modprobe" name="modules.dep.bin" dev="dm-2" ino=3146612 scontext=system_u:system_r:bumblebee_t:s0 tcontext=system_u:object_r:modules_object_t:s0 tclass=file > > >type=AVC msg=audit(1389168259.112:703): avc: denied { open } for pid=6285 comm="modprobe" path="/usr/lib/modules/3.12.6-300.fc20.x86_64/modules.dep.bin" dev="dm-2" ino=3146612 scontext=system_u:system_r:bumblebee_t:s0 tcontext=system_u:object_r:modules_object_t:s0 tclass=file > > >type=SYSCALL msg=audit(1389168259.112:703): arch=x86_64 syscall=open success=yes exit=EINTR a0=7fff2c390270 a1=80000 a2=1dae4f0 a3=3 items=0 ppid=857 pid=6285 auid=4294967295 uid=0 gid=1001 euid=0 suid=0 fsuid=0 egid=1001 sgid=1001 fsgid=1001 ses=4294967295 tty=(none) comm=modprobe exe=/usr/bin/kmod subj=system_u:system_r:bumblebee_t:s0 key=(null) > >Hash: modprobe,bumblebee_t,modules_object_t,dir,search > > >**************************************************************** >8/21 >**************************************************************** >SELinux is preventing /usr/bin/kmod from getattr access on the file /usr/lib/modules/3.12.6-300.fc20.x86_64/modules.dep.bin. > >***** Plugin catchall (100. confidence) suggests ************************** > >If you believe that kmod should be allowed getattr access on the modules.dep.bin file by default. >Then you should report this as a bug. >You can generate a local policy module to allow this access. >Do >allow this access for now by executing: ># grep modprobe /var/log/audit/audit.log | audit2allow -M mypol ># semodule -i mypol.pp > >Additional Information: >Source Context system_u:system_r:bumblebee_t:s0 >Target Context system_u:object_r:modules_object_t:s0 >Target Objects /usr/lib/modules/3.12.6-300.fc20.x86_64/modules.de > p.bin [ file ] >Source modprobe >Source Path /usr/bin/kmod >Port <Unknown> >Host goedel >Source RPM Packages kmod-15-1.fc20.x86_64 >Target RPM Packages >Policy RPM selinux-policy-3.12.1-106.fc20.noarch >Selinux Enabled True >Policy Type targeted >Enforcing Mode Enforcing >Host Name goedel >Platform Linux goedel 3.12.6-300.fc20.x86_64 #1 SMP Mon Dec > 23 16:44:31 UTC 2013 x86_64 x86_64 >Alert Count 1 >First Seen 2014-01-08 09:04:19 CET >Last Seen 2014-01-08 09:04:19 CET >Local ID a3eff429-7f00-40d4-84ab-876672481975 > >Raw Audit Messages >type=AVC msg=audit(1389168259.112:704): avc: denied { getattr } for pid=6285 comm="modprobe" path="/usr/lib/modules/3.12.6-300.fc20.x86_64/modules.dep.bin" dev="dm-2" ino=3146612 scontext=system_u:system_r:bumblebee_t:s0 tcontext=system_u:object_r:modules_object_t:s0 tclass=file > > >type=SYSCALL msg=audit(1389168259.112:704): arch=x86_64 syscall=fstat success=yes exit=0 a0=4 a1=7fff2c390180 a2=7fff2c390180 a3=3 items=0 ppid=857 pid=6285 auid=4294967295 uid=0 gid=1001 euid=0 suid=0 fsuid=0 egid=1001 sgid=1001 fsgid=1001 ses=4294967295 tty=(none) comm=modprobe exe=/usr/bin/kmod subj=system_u:system_r:bumblebee_t:s0 key=(null) > >Hash: modprobe,bumblebee_t,modules_object_t,file,getattr > > >**************************************************************** >9/21 >**************************************************************** >SELinux is preventing /usr/sbin/bumblebeed from read access on the file /etc/hosts. > >***** Plugin catchall (100. confidence) suggests ************************** > >If you believe that bumblebeed should be allowed read access on the hosts file by default. >Then you should report this as a bug. >You can generate a local policy module to allow this access. >Do >allow this access for now by executing: ># grep bumblebeed /var/log/audit/audit.log | audit2allow -M mypol ># semodule -i mypol.pp > >Additional Information: >Source Context system_u:system_r:bumblebee_t:s0 >Target Context system_u:object_r:net_conf_t:s0 >Target Objects /etc/hosts [ file ] >Source bumblebeed >Source Path /usr/sbin/bumblebeed >Port <Unknown> >Host goedel >Source RPM Packages bumblebee-3.2.1-4.fc20.x86_64 >Target RPM Packages setup-2.8.71-2.fc20.noarch >Policy RPM selinux-policy-3.12.1-106.fc20.noarch >Selinux Enabled True >Policy Type targeted >Enforcing Mode Enforcing >Host Name goedel >Platform Linux goedel 3.12.6-300.fc20.x86_64 #1 SMP Mon Dec > 23 16:44:31 UTC 2013 x86_64 x86_64 >Alert Count 1 >First Seen 2014-01-08 09:04:19 CET >Last Seen 2014-01-08 09:04:19 CET >Local ID 1a000533-f15e-4010-8d28-d64fb8112b5d > >Raw Audit Messages >type=AVC msg=audit(1389168259.134:705): avc: denied { read } for pid=857 comm="bumblebeed" name="hosts" dev="dm-2" ino=393564 scontext=system_u:system_r:bumblebee_t:s0 tcontext=system_u:object_r:net_conf_t:s0 tclass=file > > >type=AVC msg=audit(1389168259.134:705): avc: denied { open } for pid=857 comm="bumblebeed" path="/etc/hosts" dev="dm-2" ino=393564 scontext=system_u:system_r:bumblebee_t:s0 tcontext=system_u:object_r:net_conf_t:s0 tclass=file > > >type=SYSCALL msg=audit(1389168259.134:705): arch=x86_64 syscall=open success=yes exit=E2BIG a0=7f586f9554ce a1=80000 a2=1b6 a3=0 items=0 ppid=1 pid=857 auid=4294967295 uid=0 gid=1001 euid=0 suid=0 fsuid=0 egid=1001 sgid=1001 fsgid=1001 ses=4294967295 tty=(none) comm=bumblebeed exe=/usr/sbin/bumblebeed subj=system_u:system_r:bumblebee_t:s0 key=(null) > >Hash: bumblebeed,bumblebee_t,net_conf_t,file,read > > >**************************************************************** >10/21 >**************************************************************** >SELinux is preventing /usr/sbin/bumblebeed from getattr access on the file /etc/hosts. > >***** Plugin catchall (100. confidence) suggests ************************** > >If you believe that bumblebeed should be allowed getattr access on the hosts file by default. >Then you should report this as a bug. >You can generate a local policy module to allow this access. >Do >allow this access for now by executing: ># grep bumblebeed /var/log/audit/audit.log | audit2allow -M mypol ># semodule -i mypol.pp > >Additional Information: >Source Context system_u:system_r:bumblebee_t:s0 >Target Context system_u:object_r:net_conf_t:s0 >Target Objects /etc/hosts [ file ] >Source bumblebeed >Source Path /usr/sbin/bumblebeed >Port <Unknown> >Host goedel >Source RPM Packages bumblebee-3.2.1-4.fc20.x86_64 >Target RPM Packages setup-2.8.71-2.fc20.noarch >Policy RPM selinux-policy-3.12.1-106.fc20.noarch >Selinux Enabled True >Policy Type targeted >Enforcing Mode Enforcing >Host Name goedel >Platform Linux goedel 3.12.6-300.fc20.x86_64 #1 SMP Mon Dec > 23 16:44:31 UTC 2013 x86_64 x86_64 >Alert Count 1 >First Seen 2014-01-08 09:04:19 CET >Last Seen 2014-01-08 09:04:19 CET >Local ID 82d53041-b7fe-4bc9-8573-9f2d9d980aad > >Raw Audit Messages >type=AVC msg=audit(1389168259.134:706): avc: denied { getattr } for pid=857 comm="bumblebeed" path="/etc/hosts" dev="dm-2" ino=393564 scontext=system_u:system_r:bumblebee_t:s0 tcontext=system_u:object_r:net_conf_t:s0 tclass=file > > >type=SYSCALL msg=audit(1389168259.134:706): arch=x86_64 syscall=fstat success=yes exit=0 a0=7 a1=7fff178717a0 a2=7fff178717a0 a3=0 items=0 ppid=1 pid=857 auid=4294967295 uid=0 gid=1001 euid=0 suid=0 fsuid=0 egid=1001 sgid=1001 fsgid=1001 ses=4294967295 tty=(none) comm=bumblebeed exe=/usr/sbin/bumblebeed subj=system_u:system_r:bumblebee_t:s0 key=(null) > >Hash: bumblebeed,bumblebee_t,net_conf_t,file,getattr > > >**************************************************************** >11/21 >**************************************************************** >SELinux is preventing /usr/sbin/bumblebeed from create access on the tcp_socket . > >***** Plugin catchall (100. confidence) suggests ************************** > >If you believe that bumblebeed should be allowed create access on the tcp_socket by default. >Then you should report this as a bug. >You can generate a local policy module to allow this access. >Do >allow this access for now by executing: ># grep bumblebeed /var/log/audit/audit.log | audit2allow -M mypol ># semodule -i mypol.pp > >Additional Information: >Source Context system_u:system_r:bumblebee_t:s0 >Target Context system_u:system_r:bumblebee_t:s0 >Target Objects [ tcp_socket ] >Source bumblebeed >Source Path /usr/sbin/bumblebeed >Port <Unknown> >Host goedel >Source RPM Packages bumblebee-3.2.1-4.fc20.x86_64 >Target RPM Packages >Policy RPM selinux-policy-3.12.1-106.fc20.noarch >Selinux Enabled True >Policy Type targeted >Enforcing Mode Enforcing >Host Name goedel >Platform Linux goedel 3.12.6-300.fc20.x86_64 #1 SMP Mon Dec > 23 16:44:31 UTC 2013 x86_64 x86_64 >Alert Count 1 >First Seen 2014-01-08 09:04:19 CET >Last Seen 2014-01-08 09:04:19 CET >Local ID cb79c76e-1348-406c-a5e5-85513515dcf3 > >Raw Audit Messages >type=AVC msg=audit(1389168259.134:707): avc: denied { create } for pid=857 comm="bumblebeed" scontext=system_u:system_r:bumblebee_t:s0 tcontext=system_u:system_r:bumblebee_t:s0 tclass=tcp_socket > > >type=SYSCALL msg=audit(1389168259.134:707): arch=x86_64 syscall=socket success=yes exit=E2BIG a0=2 a1=80001 a2=6 a3=3 items=0 ppid=1 pid=857 auid=4294967295 uid=0 gid=1001 euid=0 suid=0 fsuid=0 egid=1001 sgid=1001 fsgid=1001 ses=4294967295 tty=(none) comm=bumblebeed exe=/usr/sbin/bumblebeed subj=system_u:system_r:bumblebee_t:s0 key=(null) > >Hash: bumblebeed,bumblebee_t,bumblebee_t,tcp_socket,create > > >**************************************************************** >12/21 >**************************************************************** >SELinux is preventing /usr/sbin/bumblebeed from setopt access on the tcp_socket . > >***** Plugin catchall (100. confidence) suggests ************************** > >If you believe that bumblebeed should be allowed setopt access on the tcp_socket by default. >Then you should report this as a bug. >You can generate a local policy module to allow this access. >Do >allow this access for now by executing: ># grep bumblebeed /var/log/audit/audit.log | audit2allow -M mypol ># semodule -i mypol.pp > >Additional Information: >Source Context system_u:system_r:bumblebee_t:s0 >Target Context system_u:system_r:bumblebee_t:s0 >Target Objects [ tcp_socket ] >Source bumblebeed >Source Path /usr/sbin/bumblebeed >Port <Unknown> >Host goedel >Source RPM Packages bumblebee-3.2.1-4.fc20.x86_64 >Target RPM Packages >Policy RPM selinux-policy-3.12.1-106.fc20.noarch >Selinux Enabled True >Policy Type targeted >Enforcing Mode Enforcing >Host Name goedel >Platform Linux goedel 3.12.6-300.fc20.x86_64 #1 SMP Mon Dec > 23 16:44:31 UTC 2013 x86_64 x86_64 >Alert Count 1 >First Seen 2014-01-08 09:04:19 CET >Last Seen 2014-01-08 09:04:19 CET >Local ID 9891fba3-674f-4390-924f-10d58e5522a0 > >Raw Audit Messages >type=AVC msg=audit(1389168259.134:708): avc: denied { setopt } for pid=857 comm="bumblebeed" scontext=system_u:system_r:bumblebee_t:s0 tcontext=system_u:system_r:bumblebee_t:s0 tclass=tcp_socket > > >type=SYSCALL msg=audit(1389168259.134:708): arch=x86_64 syscall=setsockopt success=yes exit=0 a0=7 a1=6 a2=1 a3=7fff17872284 items=0 ppid=1 pid=857 auid=4294967295 uid=0 gid=1001 euid=0 suid=0 fsuid=0 egid=1001 sgid=1001 fsgid=1001 ses=4294967295 tty=(none) comm=bumblebeed exe=/usr/sbin/bumblebeed subj=system_u:system_r:bumblebee_t:s0 key=(null) > >Hash: bumblebeed,bumblebee_t,bumblebee_t,tcp_socket,setopt > > >**************************************************************** >13/21 >**************************************************************** >SELinux is preventing /usr/sbin/bumblebeed from connect access on the tcp_socket . > >***** Plugin catchall (100. confidence) suggests ************************** > >If you believe that bumblebeed should be allowed connect access on the tcp_socket by default. >Then you should report this as a bug. >You can generate a local policy module to allow this access. >Do >allow this access for now by executing: ># grep bumblebeed /var/log/audit/audit.log | audit2allow -M mypol ># semodule -i mypol.pp > >Additional Information: >Source Context system_u:system_r:bumblebee_t:s0 >Target Context system_u:system_r:bumblebee_t:s0 >Target Objects [ tcp_socket ] >Source bumblebeed >Source Path /usr/sbin/bumblebeed >Port <Unknown> >Host goedel >Source RPM Packages bumblebee-3.2.1-4.fc20.x86_64 >Target RPM Packages >Policy RPM selinux-policy-3.12.1-106.fc20.noarch >Selinux Enabled True >Policy Type targeted >Enforcing Mode Enforcing >Host Name goedel >Platform Linux goedel 3.12.6-300.fc20.x86_64 #1 SMP Mon Dec > 23 16:44:31 UTC 2013 x86_64 x86_64 >Alert Count 1 >First Seen 2014-01-08 09:04:19 CET >Last Seen 2014-01-08 09:04:19 CET >Local ID b351f836-6853-4c40-aa2e-086a78d056ef > >Raw Audit Messages >type=AVC msg=audit(1389168259.134:709): avc: denied { connect } for pid=857 comm="bumblebeed" scontext=system_u:system_r:bumblebee_t:s0 tcontext=system_u:system_r:bumblebee_t:s0 tclass=tcp_socket > > >type=AVC msg=audit(1389168259.134:709): avc: denied { name_connect } for pid=857 comm="bumblebeed" dest=6008 scontext=system_u:system_r:bumblebee_t:s0 tcontext=system_u:object_r:xserver_port_t:s0 tclass=tcp_socket > > >type=SYSCALL msg=audit(1389168259.134:709): arch=x86_64 syscall=connect success=no exit=ECONNREFUSED a0=7 a1=70b640 a2=10 a3=7fff17872284 items=0 ppid=1 pid=857 auid=4294967295 uid=0 gid=1001 euid=0 suid=0 fsuid=0 egid=1001 sgid=1001 fsgid=1001 ses=4294967295 tty=(none) comm=bumblebeed exe=/usr/sbin/bumblebeed subj=system_u:system_r:bumblebee_t:s0 key=(null) > >Hash: bumblebeed,bumblebee_t,bumblebee_t,tcp_socket,connect > > >**************************************************************** >14/21 >**************************************************************** >SELinux is preventing /usr/sbin/bumblebeed from connectto access on the unix_stream_socket @/tmp/.X11-unix/X8. > >***** Plugin catchall_boolean (89.3 confidence) suggests ****************** > >If you want to enable cluster mode for daemons. >Then you must tell SELinux about this by enabling the 'daemons_enable_cluster_mode' boolean. >You can read 'bumblebee_selinux' man page for more details. >Do >setsebool -P daemons_enable_cluster_mode 1 > >***** Plugin catchall (11.6 confidence) suggests ************************** > >If you believe that bumblebeed should be allowed connectto access on the X8 unix_stream_socket by default. >Then you should report this as a bug. >You can generate a local policy module to allow this access. >Do >allow this access for now by executing: ># grep bumblebeed /var/log/audit/audit.log | audit2allow -M mypol ># semodule -i mypol.pp > >Additional Information: >Source Context system_u:system_r:bumblebee_t:s0 >Target Context system_u:system_r:bumblebee_t:s0 >Target Objects @/tmp/.X11-unix/X8 [ unix_stream_socket ] >Source bumblebeed >Source Path /usr/sbin/bumblebeed >Port <Unknown> >Host goedel >Source RPM Packages bumblebee-3.2.1-4.fc20.x86_64 >Target RPM Packages >Policy RPM selinux-policy-3.12.1-106.fc20.noarch >Selinux Enabled True >Policy Type targeted >Enforcing Mode Enforcing >Host Name goedel >Platform Linux goedel 3.12.6-300.fc20.x86_64 #1 SMP Mon Dec > 23 16:44:31 UTC 2013 x86_64 x86_64 >Alert Count 1 >First Seen 2014-01-08 09:04:19 CET >Last Seen 2014-01-08 09:04:19 CET >Local ID 61685b22-ccd8-45d8-aea0-17a9824f676d > >Raw Audit Messages >type=AVC msg=audit(1389168259.235:710): avc: denied { connectto } for pid=857 comm="bumblebeed" path=002F746D702F2E5831312D756E69782F5838 scontext=system_u:system_r:bumblebee_t:s0 tcontext=system_u:system_r:bumblebee_t:s0 tclass=unix_stream_socket > > >type=SYSCALL msg=audit(1389168259.235:710): arch=x86_64 syscall=connect success=yes exit=0 a0=7 a1=7fff17872360 a2=14 a3=7fff17872363 items=0 ppid=1 pid=857 auid=4294967295 uid=0 gid=1001 euid=0 suid=0 fsuid=0 egid=1001 sgid=1001 fsgid=1001 ses=4294967295 tty=(none) comm=bumblebeed exe=/usr/sbin/bumblebeed subj=system_u:system_r:bumblebee_t:s0 key=(null) > >Hash: bumblebeed,bumblebee_t,bumblebee_t,unix_stream_socket,connectto > > >**************************************************************** >15/21 >**************************************************************** >SELinux is preventing /usr/bin/bash from read access on the file /etc/passwd. > >***** Plugin catchall (100. confidence) suggests ************************** > >If you believe that bash should be allowed read access on the passwd file by default. >Then you should report this as a bug. >You can generate a local policy module to allow this access. >Do >allow this access for now by executing: ># grep sh /var/log/audit/audit.log | audit2allow -M mypol ># semodule -i mypol.pp > >Additional Information: >Source Context system_u:system_r:bumblebee_t:s0 >Target Context system_u:object_r:passwd_file_t:s0 >Target Objects /etc/passwd [ file ] >Source sh >Source Path /usr/bin/bash >Port <Unknown> >Host goedel >Source RPM Packages bash-4.2.45-4.fc20.x86_64 >Target RPM Packages setup-2.8.71-2.fc20.noarch >Policy RPM selinux-policy-3.12.1-106.fc20.noarch >Selinux Enabled True >Policy Type targeted >Enforcing Mode Enforcing >Host Name goedel >Platform Linux goedel 3.12.6-300.fc20.x86_64 #1 SMP Mon Dec > 23 16:44:31 UTC 2013 x86_64 x86_64 >Alert Count 1 >First Seen 2014-01-08 09:04:20 CET >Last Seen 2014-01-08 09:04:20 CET >Local ID b6718bdb-fc99-45b7-b21e-74b3221db518 > >Raw Audit Messages >type=AVC msg=audit(1389168260.384:711): avc: denied { read } for pid=6298 comm="sh" name="passwd" dev="dm-2" ino=419908 scontext=system_u:system_r:bumblebee_t:s0 tcontext=system_u:object_r:passwd_file_t:s0 tclass=file > > >type=AVC msg=audit(1389168260.384:711): avc: denied { open } for pid=6298 comm="sh" path="/etc/passwd" dev="dm-2" ino=419908 scontext=system_u:system_r:bumblebee_t:s0 tcontext=system_u:object_r:passwd_file_t:s0 tclass=file > > >type=SYSCALL msg=audit(1389168260.384:711): arch=x86_64 syscall=open success=yes exit=E2BIG a0=7f604c8f14f2 a1=80000 a2=1b6 a3=0 items=0 ppid=6293 pid=6298 auid=4294967295 uid=0 gid=1001 euid=0 suid=0 fsuid=0 egid=1001 sgid=1001 fsgid=1001 ses=4294967295 tty=(none) comm=sh exe=/usr/bin/bash subj=system_u:system_r:bumblebee_t:s0 key=(null) > >Hash: sh,bumblebee_t,passwd_file_t,file,read > > >**************************************************************** >16/21 >**************************************************************** >SELinux is preventing /usr/bin/bash from getattr access on the file /etc/passwd. > >***** Plugin catchall (100. confidence) suggests ************************** > >If you believe that bash should be allowed getattr access on the passwd file by default. >Then you should report this as a bug. >You can generate a local policy module to allow this access. >Do >allow this access for now by executing: ># grep sh /var/log/audit/audit.log | audit2allow -M mypol ># semodule -i mypol.pp > >Additional Information: >Source Context system_u:system_r:bumblebee_t:s0 >Target Context system_u:object_r:passwd_file_t:s0 >Target Objects /etc/passwd [ file ] >Source sh >Source Path /usr/bin/bash >Port <Unknown> >Host goedel >Source RPM Packages bash-4.2.45-4.fc20.x86_64 >Target RPM Packages setup-2.8.71-2.fc20.noarch >Policy RPM selinux-policy-3.12.1-106.fc20.noarch >Selinux Enabled True >Policy Type targeted >Enforcing Mode Enforcing >Host Name goedel >Platform Linux goedel 3.12.6-300.fc20.x86_64 #1 SMP Mon Dec > 23 16:44:31 UTC 2013 x86_64 x86_64 >Alert Count 1 >First Seen 2014-01-08 09:04:20 CET >Last Seen 2014-01-08 09:04:20 CET >Local ID 6cf8c6de-fdae-4f40-a843-2c78ff95eed6 > >Raw Audit Messages >type=AVC msg=audit(1389168260.385:712): avc: denied { getattr } for pid=6298 comm="sh" path="/etc/passwd" dev="dm-2" ino=419908 scontext=system_u:system_r:bumblebee_t:s0 tcontext=system_u:object_r:passwd_file_t:s0 tclass=file > > >type=SYSCALL msg=audit(1389168260.385:712): arch=x86_64 syscall=fstat success=yes exit=0 a0=7 a1=7fff86cd0a30 a2=7fff86cd0a30 a3=0 items=0 ppid=6293 pid=6298 auid=4294967295 uid=0 gid=1001 euid=0 suid=0 fsuid=0 egid=1001 sgid=1001 fsgid=1001 ses=4294967295 tty=(none) comm=sh exe=/usr/bin/bash subj=system_u:system_r:bumblebee_t:s0 key=(null) > >Hash: sh,bumblebee_t,passwd_file_t,file,getattr > > >**************************************************************** >17/21 >**************************************************************** >SELinux is preventing /usr/bin/xkbcomp from execute access on the file /usr/bin/xkbcomp. > >***** Plugin catchall (100. confidence) suggests ************************** > >If you believe that xkbcomp should be allowed execute access on the xkbcomp file by default. >Then you should report this as a bug. >You can generate a local policy module to allow this access. >Do >allow this access for now by executing: ># grep xkbcomp /var/log/audit/audit.log | audit2allow -M mypol ># semodule -i mypol.pp > >Additional Information: >Source Context system_u:system_r:bumblebee_t:s0 >Target Context system_u:object_r:bin_t:s0 >Target Objects /usr/bin/xkbcomp [ file ] >Source xkbcomp >Source Path /usr/bin/xkbcomp >Port <Unknown> >Host goedel >Source RPM Packages xorg-x11-xkb-utils-7.7-8.fc20.x86_64 >Target RPM Packages xorg-x11-xkb-utils-7.7-8.fc20.x86_64 >Policy RPM selinux-policy-3.12.1-106.fc20.noarch >Selinux Enabled True >Policy Type targeted >Enforcing Mode Enforcing >Host Name goedel >Platform Linux goedel 3.12.6-300.fc20.x86_64 #1 SMP Mon Dec > 23 16:44:31 UTC 2013 x86_64 x86_64 >Alert Count 1 >First Seen 2014-01-08 09:04:20 CET >Last Seen 2014-01-08 09:04:20 CET >Local ID 0fab6d9a-ce3b-4d66-8469-0656834652d9 > >Raw Audit Messages >type=AVC msg=audit(1389168260.385:713): avc: denied { execute } for pid=6298 comm="sh" name="xkbcomp" dev="dm-2" ino=2889436 scontext=system_u:system_r:bumblebee_t:s0 tcontext=system_u:object_r:bin_t:s0 tclass=file > > >type=AVC msg=audit(1389168260.385:713): avc: denied { execute_no_trans } for pid=6298 comm="sh" path="/usr/bin/xkbcomp" dev="dm-2" ino=2889436 scontext=system_u:system_r:bumblebee_t:s0 tcontext=system_u:object_r:bin_t:s0 tclass=file > > >type=SYSCALL msg=audit(1389168260.385:713): arch=x86_64 syscall=execve success=yes exit=0 a0=ed7c70 a1=ed7650 a2=ed5d00 a3=8 items=0 ppid=6293 pid=6298 auid=4294967295 uid=0 gid=1001 euid=0 suid=0 fsuid=0 egid=1001 sgid=1001 fsgid=1001 ses=4294967295 tty=(none) comm=xkbcomp exe=/usr/bin/xkbcomp subj=system_u:system_r:bumblebee_t:s0 key=(null) > >Hash: xkbcomp,bumblebee_t,bin_t,file,execute > > >**************************************************************** >18/21 >**************************************************************** >SELinux is preventing /usr/bin/xkbcomp from add_name access on the directory server-8.xkm. > >***** Plugin catchall (100. confidence) suggests ************************** > >If you believe that xkbcomp should be allowed add_name access on the server-8.xkm directory by default. >Then you should report this as a bug. >You can generate a local policy module to allow this access. >Do >allow this access for now by executing: ># grep xkbcomp /var/log/audit/audit.log | audit2allow -M mypol ># semodule -i mypol.pp > >Additional Information: >Source Context system_u:system_r:bumblebee_t:s0 >Target Context system_u:object_r:xkb_var_lib_t:s0 >Target Objects server-8.xkm [ dir ] >Source xkbcomp >Source Path /usr/bin/xkbcomp >Port <Unknown> >Host goedel >Source RPM Packages xorg-x11-xkb-utils-7.7-8.fc20.x86_64 >Target RPM Packages >Policy RPM selinux-policy-3.12.1-106.fc20.noarch >Selinux Enabled True >Policy Type targeted >Enforcing Mode Enforcing >Host Name goedel >Platform Linux goedel 3.12.6-300.fc20.x86_64 #1 SMP Mon Dec > 23 16:44:31 UTC 2013 x86_64 x86_64 >Alert Count 1 >First Seen 2014-01-08 09:04:20 CET >Last Seen 2014-01-08 09:04:20 CET >Local ID 7afe940d-420a-4e65-bfab-9ef97afe3f33 > >Raw Audit Messages >type=AVC msg=audit(1389168260.397:714): avc: denied { add_name } for pid=6298 comm="xkbcomp" name="server-8.xkm" scontext=system_u:system_r:bumblebee_t:s0 tcontext=system_u:object_r:xkb_var_lib_t:s0 tclass=dir > > >type=AVC msg=audit(1389168260.397:714): avc: denied { create } for pid=6298 comm="xkbcomp" name="server-8.xkm" scontext=system_u:system_r:bumblebee_t:s0 tcontext=system_u:object_r:xkb_var_lib_t:s0 tclass=file > > >type=AVC msg=audit(1389168260.397:714): avc: denied { write open } for pid=6298 comm="xkbcomp" path="/var/lib/xkb/server-8.xkm" dev="dm-2" ino=2097360 scontext=system_u:system_r:bumblebee_t:s0 tcontext=system_u:object_r:xkb_var_lib_t:s0 tclass=file > > >type=SYSCALL msg=audit(1389168260.397:714): arch=x86_64 syscall=open success=yes exit=0 a0=7fff7256ef0a a1=c1 a2=1b6 a3=ff items=0 ppid=6293 pid=6298 auid=4294967295 uid=0 gid=1001 euid=0 suid=0 fsuid=0 egid=1001 sgid=1001 fsgid=1001 ses=4294967295 tty=(none) comm=xkbcomp exe=/usr/bin/xkbcomp subj=system_u:system_r:bumblebee_t:s0 key=(null) > >Hash: xkbcomp,bumblebee_t,xkb_var_lib_t,dir,add_name > > >**************************************************************** >19/21 >**************************************************************** >SELinux is preventing /usr/bin/xkbcomp from getattr access on the file /var/lib/xkb/server-8.xkm. > >***** Plugin catchall (100. confidence) suggests ************************** > >If you believe that xkbcomp should be allowed getattr access on the server-8.xkm file by default. >Then you should report this as a bug. >You can generate a local policy module to allow this access. >Do >allow this access for now by executing: ># grep xkbcomp /var/log/audit/audit.log | audit2allow -M mypol ># semodule -i mypol.pp > >Additional Information: >Source Context system_u:system_r:bumblebee_t:s0 >Target Context system_u:object_r:xkb_var_lib_t:s0 >Target Objects /var/lib/xkb/server-8.xkm [ file ] >Source xkbcomp >Source Path /usr/bin/xkbcomp >Port <Unknown> >Host goedel >Source RPM Packages xorg-x11-xkb-utils-7.7-8.fc20.x86_64 >Target RPM Packages >Policy RPM selinux-policy-3.12.1-106.fc20.noarch >Selinux Enabled True >Policy Type targeted >Enforcing Mode Enforcing >Host Name goedel >Platform Linux goedel 3.12.6-300.fc20.x86_64 #1 SMP Mon Dec > 23 16:44:31 UTC 2013 x86_64 x86_64 >Alert Count 1 >First Seen 2014-01-08 09:04:20 CET >Last Seen 2014-01-08 09:04:20 CET >Local ID a0205b01-10eb-4081-87e0-bbb0ab334e11 > >Raw Audit Messages >type=AVC msg=audit(1389168260.397:715): avc: denied { getattr } for pid=6298 comm="xkbcomp" path="/var/lib/xkb/server-8.xkm" dev="dm-2" ino=2097360 scontext=system_u:system_r:bumblebee_t:s0 tcontext=system_u:object_r:xkb_var_lib_t:s0 tclass=file > > >type=SYSCALL msg=audit(1389168260.397:715): arch=x86_64 syscall=fstat success=yes exit=0 a0=0 a1=7fff7256e420 a2=7fff7256e420 a3=ff items=0 ppid=6293 pid=6298 auid=4294967295 uid=0 gid=1001 euid=0 suid=0 fsuid=0 egid=1001 sgid=1001 fsgid=1001 ses=4294967295 tty=(none) comm=xkbcomp exe=/usr/bin/xkbcomp subj=system_u:system_r:bumblebee_t:s0 key=(null) > >Hash: xkbcomp,bumblebee_t,xkb_var_lib_t,file,getattr > > >**************************************************************** >20/21 >**************************************************************** >SELinux is preventing /usr/bin/Xorg from write access on the file hotkey. > >***** Plugin catchall (100. confidence) suggests ************************** > >If you believe that Xorg should be allowed write access on the hotkey file by default. >Then you should report this as a bug. >You can generate a local policy module to allow this access. >Do >allow this access for now by executing: ># grep Xorg /var/log/audit/audit.log | audit2allow -M mypol ># semodule -i mypol.pp > >Additional Information: >Source Context system_u:system_r:bumblebee_t:s0 >Target Context system_u:object_r:proc_t:s0 >Target Objects hotkey [ file ] >Source Xorg >Source Path /usr/bin/Xorg >Port <Unknown> >Host goedel >Source RPM Packages xorg-x11-server-Xorg-1.14.4-5.fc20.x86_64 >Target RPM Packages >Policy RPM selinux-policy-3.12.1-106.fc20.noarch >Selinux Enabled True >Policy Type targeted >Enforcing Mode Enforcing >Host Name goedel >Platform Linux goedel 3.12.6-300.fc20.x86_64 #1 SMP Mon Dec > 23 16:44:31 UTC 2013 x86_64 x86_64 >Alert Count 1 >First Seen 2014-01-08 09:06:18 CET >Last Seen 2014-01-08 09:06:18 CET >Local ID 8798b886-955f-4135-a3da-3ed0bfd86d3f > >Raw Audit Messages >type=AVC msg=audit(1389168378.288:717): avc: denied { write } for pid=6293 comm="Xorg" name="hotkey" dev="proc" ino=4026532166 scontext=system_u:system_r:bumblebee_t:s0 tcontext=system_u:object_r:proc_t:s0 tclass=file > > >type=SYSCALL msg=audit(1389168378.288:717): arch=x86_64 syscall=open success=yes exit=EISDIR a0=7fffc86eb330 a1=2 a2=1b6 a3=3 items=0 ppid=857 pid=6293 auid=4294967295 uid=0 gid=1001 euid=0 suid=0 fsuid=0 egid=1001 sgid=1001 fsgid=1001 ses=4294967295 tty=(none) comm=Xorg exe=/usr/bin/Xorg subj=system_u:system_r:bumblebee_t:s0 key=(null) > >Hash: Xorg,bumblebee_t,proc_t,file,write > > >**************************************************************** >21/21 >**************************************************************** >SELinux is preventing /usr/bin/kmod from execute access on the file /usr/bin/kmod. > >***** Plugin catchall (100. confidence) suggests ************************** > >If you believe that kmod should be allowed execute access on the kmod file by default. >Then you should report this as a bug. >You can generate a local policy module to allow this access. >Do >allow this access for now by executing: ># grep rmmod /var/log/audit/audit.log | audit2allow -M mypol ># semodule -i mypol.pp > >Additional Information: >Source Context system_u:system_r:bumblebee_t:s0 >Target Context system_u:object_r:insmod_exec_t:s0 >Target Objects /usr/bin/kmod [ file ] >Source rmmod >Source Path /usr/bin/kmod >Port <Unknown> >Host goedel >Source RPM Packages kmod-15-1.fc20.x86_64 >Target RPM Packages kmod-15-1.fc20.x86_64 >Policy RPM selinux-policy-3.12.1-106.fc20.noarch >Selinux Enabled True >Policy Type targeted >Enforcing Mode Enforcing >Host Name goedel >Platform Linux goedel 3.12.6-300.fc20.x86_64 #1 SMP Mon Dec > 23 16:44:31 UTC 2013 x86_64 x86_64 >Alert Count 1 >First Seen 2014-01-08 09:06:18 CET >Last Seen 2014-01-08 09:06:18 CET >Local ID a23bc3d7-941a-42c6-bc1c-d80a9f4efbdc > >Raw Audit Messages >type=AVC msg=audit(1389168378.308:718): avc: denied { execute } for pid=6594 comm="bumblebeed" name="kmod" dev="dm-2" ino=2897372 scontext=system_u:system_r:bumblebee_t:s0 tcontext=system_u:object_r:insmod_exec_t:s0 tclass=file > > >type=AVC msg=audit(1389168378.308:718): avc: denied { read open } for pid=6594 comm="bumblebeed" path="/usr/bin/kmod" dev="dm-2" ino=2897372 scontext=system_u:system_r:bumblebee_t:s0 tcontext=system_u:object_r:insmod_exec_t:s0 tclass=file > > >type=AVC msg=audit(1389168378.308:718): avc: denied { execute_no_trans } for pid=6594 comm="bumblebeed" path="/usr/bin/kmod" dev="dm-2" ino=2897372 scontext=system_u:system_r:bumblebee_t:s0 tcontext=system_u:object_r:insmod_exec_t:s0 tclass=file > > >type=SYSCALL msg=audit(1389168378.308:718): arch=x86_64 syscall=execve success=yes exit=0 a0=7fff17872508 a1=7fff17872600 a2=7fff17872c48 a3=7f586fb59a10 items=0 ppid=857 pid=6594 auid=4294967295 uid=0 gid=1001 euid=0 suid=0 fsuid=0 egid=1001 sgid=1001 fsgid=1001 ses=4294967295 tty=(none) comm=rmmod exe=/usr/bin/kmod subj=system_u:system_r:bumblebee_t:s0 key=(null) > >Hash: rmmod,bumblebee_t,insmod_exec_t,file,execute >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=847030">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 1049801
:
847030
|
847031
|
849810