Bug 1040939

Summary: SELinux is preventing /usr/bin/kmod from 'execute' accesses on the file /usr/bin/kmod.
Product: [Fedora] Fedora Reporter: aferrero <aferrero>
Component: selinux-policyAssignee: Miroslav Grepl <mgrepl>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 20CC: dominick.grift, dwalsh, lvrabec, mgrepl
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Unspecified   
Whiteboard: abrt_hash:aa4a3358b56b167585bb59eb70150bf2fa08d162bfc9051437bd42b1fdfef7c2
Fixed In Version: selinux-policy-3.12.1-116.fc20 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-01-16 07:09:52 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description aferrero 2013-12-12 11:34:16 UTC 
Description of problem:
when executing bumblebee in a dell XPS15 with nvidia GeForce GT 750M/PCIe/SSE2 and with intel 4th Gen Core Processor Integrated Graphics Controller en i7 (hashwell)
SELinux is preventing /usr/bin/kmod from 'execute' accesses on the file /usr/bin/kmod.

*****  Plugin catchall (100. confidence) suggests   **************************

If cree que de manera predeterminada, kmod debería permitir acceso execute sobre  kmod file.     
Then debería reportar esto como un error.
Puede generar un módulo de política local para permitir este acceso.
Do
permita el acceso momentáneamente executando:
# grep rmmod /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp

Additional Information:
Source Context                system_u:system_r:bumblebee_t:s0
Target Context                system_u:object_r:insmod_exec_t:s0
Target Objects                /usr/bin/kmod [ file ]
Source                        rmmod
Source Path                   /usr/bin/kmod
Port                          <Unknown>
Host                          (removed)
Source RPM Packages           kmod-15-1.fc20.x86_64
Target RPM Packages           kmod-15-1.fc20.x86_64
Policy RPM                    selinux-policy-3.12.1-105.fc20.noarch
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Enforcing
Host Name                     (removed)
Platform                      Linux (removed) 3.11.10-300.fc20.x86_64 #1 SMP Fri
                              Nov 29 19:16:48 UTC 2013 x86_64 x86_64
Alert Count                   1
First Seen                    2013-12-11 18:13:06 CET
Last Seen                     2013-12-11 18:13:06 CET
Local ID                      cc3bdbff-8aae-448d-8c2e-2139c2442670

Raw Audit Messages
type=AVC msg=audit(1386781986.938:1191): avc:  denied  { execute } for  pid=13913 comm="bumblebeed" name="kmod" dev="sda4" ino=173607 scontext=system_u:system_r:bumblebee_t:s0 tcontext=system_u:object_r:insmod_exec_t:s0 tclass=file


type=AVC msg=audit(1386781986.938:1191): avc:  denied  { read open } for  pid=13913 comm="bumblebeed" path="/usr/bin/kmod" dev="sda4" ino=173607 scontext=system_u:system_r:bumblebee_t:s0 tcontext=system_u:object_r:insmod_exec_t:s0 tclass=file


type=AVC msg=audit(1386781986.938:1191): avc:  denied  { execute_no_trans } for  pid=13913 comm="bumblebeed" path="/usr/bin/kmod" dev="sda4" ino=173607 scontext=system_u:system_r:bumblebee_t:s0 tcontext=system_u:object_r:insmod_exec_t:s0 tclass=file


type=SYSCALL msg=audit(1386781986.938:1191): arch=x86_64 syscall=execve success=yes exit=0 a0=7fffa7d69ff8 a1=7fffa7d6a0f0 a2=7fffa7d6a738 a3=7fd36a449a10 items=0 ppid=502 pid=13913 auid=4294967295 uid=0 gid=1001 euid=0 suid=0 fsuid=0 egid=1001 sgid=1001 fsgid=1001 ses=4294967295 tty=(none) comm=rmmod exe=/usr/bin/kmod subj=system_u:system_r:bumblebee_t:s0 key=(null)

Hash: rmmod,bumblebee_t,insmod_exec_t,file,execute

Additional info:
reporter:       libreport-2.1.9
hashmarkername: setroubleshoot
kernel:         3.11.10-300.fc20.x86_64
type:           libreport
Comment 1 Miroslav Grepl 2014-01-07 14:53:39 UTC 
Has been fixed.
Comment 2 Fedora Update System 2014-01-13 22:55:42 UTC 
selinux-policy-3.12.1-116.fc20 has been submitted as an update for Fedora 20.
https://admin.fedoraproject.org/updates/selinux-policy-3.12.1-116.fc20
Comment 3 Fedora Update System 2014-01-15 05:57:21 UTC 
Package selinux-policy-3.12.1-116.fc20:
* should fix your issue,
* was pushed to the Fedora 20 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing selinux-policy-3.12.1-116.fc20'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2014-0806/selinux-policy-3.12.1-116.fc20
then log in and leave karma (feedback).
Comment 4 Fedora Update System 2014-01-16 07:09:52 UTC 
selinux-policy-3.12.1-116.fc20 has been pushed to the Fedora 20 stable repository.  If problems still persist, please make note of it in this bug report.