| Summary: | SELinux is preventing /usr/bin/Xorg from 'getattr' accesses on the chr_file /dev/dri/card1. | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | cyrushmh <cyrusyzgtt> |
| Component: | selinux-policy | Assignee: | Miroslav Grepl <mgrepl> |
| Status: | CLOSED DUPLICATE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 20 | CC: | cyrusyzgtt, dominick.grift, dwalsh, edosurina, lvrabec, mgrepl |
| Target Milestone: | --- | Flags: | mgrepl:
needinfo?
(cyrusyzgtt) |
| Target Release: | --- | ||
| Hardware: | x86_64 | ||
| OS: | Unspecified | ||
| Whiteboard: | abrt_hash:e5fe68e46f0aa73cf29c690a923e80cf3b104bbefe57905deac35a000206fb96 | ||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2014-01-06 13:54:50 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
Should bumblebee be running Xorg as bumblebee_t? (In reply to Daniel Walsh from comment #1) > Should bumblebee be running Xorg as bumblebee_t? No. and I don't know bumblebee not when update or other. bumblebee not work now when update kernel 3.12.5-302.fc20.x86_64 and update sudo yum history info 932 已加载插件:fastestmirror, langpacks 事务 ID: 932 起始时间 : Tue Dec 24 16:28:27 2013 启动 RPM 数据库 : 2526:33d1b51c69cd24b1326a896533178afb7ef50d61 结束时间 : 16:31:09 2013 (162 秒) 结束 RPM 数据库 : 2527:e6855d7cfffb7a5b890203c926ca1c41820c7f19 用户 : remove <remove> 返回码 : 成功 命令行 : update 事务完成属主: 已安装 rpm-4.11.1-7.fc20.x86_64 installed 更新完毕 yum-3.4.3-122.fc20.noarch @updates 已安装 yum-metadata-parser-1.1.4-9.fc20.x86_64 installed 已安装 yum-plugin-fastestmirror-1.1.31-19.fc20.noarch @updates 已变更的包: 更新完毕 autocorr-en-1:4.1.4.2-1.fc20.noarch @updates 更新 1:4.1.4.2-2.fc20.noarch @updates Loading mirror speeds from cached hostfile * fedora: mirrors.yun-idc.com * rpmfusion-free: mirror.bjtu.edu.cn * rpmfusion-free-updates: mirror.bjtu.edu.cn * rpmfusion-nonfree: mirror.bjtu.edu.cn * rpmfusion-nonfree-updates: mirror.bjtu.edu.cn * updates: mirrors.ustc.edu.cn 更新完毕 crontabs-1.11-6.20121102git.fc20.noarch @?fedora 更新 1.11-7.20130830git.fc20.noarch @updates 更新完毕 device-mapper-1.02.82-3.fc20.x86_64 @?fedora 更新 1.02.82-5.fc20.x86_64 @updates 更新完毕 device-mapper-event-1.02.82-3.fc20.x86_64 @?fedora 更新 1.02.82-5.fc20.x86_64 @updates 更新完毕 device-mapper-event-libs-1.02.82-3.fc20.x86_64 @?fedora 更新 1.02.82-5.fc20.x86_64 @updates 更新完毕 device-mapper-libs-1.02.82-3.fc20.i686 @fedora 更新完毕 device-mapper-libs-1.02.82-3.fc20.x86_64 @?fedora 更新 1.02.82-5.fc20.i686 @updates 更新 1.02.82-5.fc20.x86_64 @updates 更新完毕 libdvdnav-4.2.0-5.fc20.i686 @fedora 更新完毕 libdvdnav-4.2.0-5.fc20.x86_64 @?fedora 更新 4.2.1-1.fc20.i686 @updates 更新 4.2.1-1.fc20.x86_64 @updates 更新完毕 libdvdread-4.2.0-5.fc20.i686 @fedora 更新完毕 libdvdread-4.2.0-5.fc20.x86_64 @?fedora 更新 4.2.1-1.fc20.i686 @updates 更新 4.2.1-1.fc20.x86_64 @updates 更新完毕 libjpeg-turbo-1.3.0-1.fc20.i686 @fedora 更新完毕 libjpeg-turbo-1.3.0-1.fc20.x86_64 @?fedora 更新 1.3.0-2.fc20.i686 @updates 更新 1.3.0-2.fc20.x86_64 @updates 更新完毕 libjpeg-turbo-devel-1.3.0-1.fc20.x86_64 @?fedora 更新 1.3.0-2.fc20.x86_64 @updates 更新完毕 libreoffice-calc-1:4.1.4.2-1.fc20.x86_64 @updates 更新 1:4.1.4.2-2.fc20.x86_64 @updates 更新完毕 libreoffice-core-1:4.1.4.2-1.fc20.x86_64 @updates 更新 1:4.1.4.2-2.fc20.x86_64 @updates 更新完毕 libreoffice-draw-1:4.1.4.2-1.fc20.x86_64 @updates 更新 1:4.1.4.2-2.fc20.x86_64 @updates 更新完毕 libreoffice-graphicfilter-1:4.1.4.2-1.fc20.x86_64 @updates 更新 1:4.1.4.2-2.fc20.x86_64 @updates 更新完毕 libreoffice-impress-1:4.1.4.2-1.fc20.x86_64 @updates 更新 1:4.1.4.2-2.fc20.x86_64 @updates 更新完毕 libreoffice-math-1:4.1.4.2-1.fc20.x86_64 @updates 更新 1:4.1.4.2-2.fc20.x86_64 @updates 更新完毕 libreoffice-ogltrans-1:4.1.4.2-1.fc20.x86_64 @updates 更新 1:4.1.4.2-2.fc20.x86_64 @updates 更新完毕 libreoffice-opensymbol-fonts-1:4.1.4.2-1.fc20.noarch @updates 更新 1:4.1.4.2-2.fc20.noarch @updates 更新完毕 libreoffice-pdfimport-1:4.1.4.2-1.fc20.x86_64 @updates 更新 1:4.1.4.2-2.fc20.x86_64 @updates 更新完毕 libreoffice-ure-1:4.1.4.2-1.fc20.x86_64 @updates 更新 1:4.1.4.2-2.fc20.x86_64 @updates 更新完毕 libreoffice-writer-1:4.1.4.2-1.fc20.x86_64 @updates 更新 1:4.1.4.2-2.fc20.x86_64 @updates 更新完毕 libreoffice-xsltfilter-1:4.1.4.2-1.fc20.x86_64 @updates 更新 1:4.1.4.2-2.fc20.x86_64 @updates 更新完毕 libselinux-2.1.13-19.fc20.i686 @fedora 更新完毕 libselinux-2.1.13-19.fc20.x86_64 @?fedora 更新 2.2.1-4.fc20.i686 @updates 更新 2.2.1-4.fc20.x86_64 @updates 更新完毕 libselinux-devel-2.1.13-19.fc20.x86_64 @?fedora 更新 2.2.1-4.fc20.x86_64 @updates 更新完毕 libselinux-python-2.1.13-19.fc20.x86_64 @?fedora 更新 2.2.1-4.fc20.x86_64 @updates 更新完毕 libselinux-utils-2.1.13-19.fc20.x86_64 @?fedora 更新 2.2.1-4.fc20.x86_64 @updates 更新完毕 libsmbclient-2:4.1.2-1.fc20.x86_64 @updates 更新 2:4.1.3-2.fc20.x86_64 @updates 更新完毕 libtiff-4.0.3-12.fc20.i686 @fedora 更新完毕 libtiff-4.0.3-12.fc20.x86_64 @?fedora 更新 4.0.3-14.fc20.i686 @updates 更新 4.0.3-14.fc20.x86_64 @updates 更新完毕 libtiff-devel-4.0.3-12.fc20.x86_64 @?fedora 更新 4.0.3-14.fc20.x86_64 @updates 更新完毕 libwbclient-2:4.1.2-1.fc20.x86_64 @updates 更新 2:4.1.3-2.fc20.x86_64 @updates 更新完毕 lvm2-2.02.103-3.fc20.x86_64 @?fedora 更新 2.02.103-5.fc20.x86_64 @updates 更新完毕 lvm2-libs-2.02.103-3.fc20.x86_64 @?fedora 更新 2.02.103-5.fc20.x86_64 @updates 更新完毕 mesa-dri-drivers-9.2.4-1.20131128.fc20.x86_64 @updates 更新 9.2.5-1.20131220.fc20.x86_64 @updates 更新完毕 mesa-filesystem-9.2.4-1.20131128.fc20.x86_64 @updates 更新 9.2.5-1.20131220.fc20.x86_64 @updates 更新完毕 mesa-libEGL-9.2.4-1.20131128.fc20.i686 @updates 更新完毕 mesa-libEGL-9.2.4-1.20131128.fc20.x86_64 @updates 更新 9.2.5-1.20131220.fc20.i686 @updates 更新 9.2.5-1.20131220.fc20.x86_64 @updates 更新完毕 mesa-libEGL-devel-9.2.4-1.20131128.fc20.x86_64 @updates 更新 9.2.5-1.20131220.fc20.x86_64 @updates 更新完毕 mesa-libGL-9.2.4-1.20131128.fc20.i686 @updates 更新完毕 mesa-libGL-9.2.4-1.20131128.fc20.x86_64 @updates 更新 9.2.5-1.20131220.fc20.i686 @updates 更新 9.2.5-1.20131220.fc20.x86_64 @updates 更新完毕 mesa-libGL-devel-9.2.4-1.20131128.fc20.x86_64 @updates 更新 9.2.5-1.20131220.fc20.x86_64 @updates 更新完毕 mesa-libGLES-9.2.4-1.20131128.fc20.x86_64 @updates 更新 9.2.5-1.20131220.fc20.x86_64 @updates 更新完毕 mesa-libGLES-devel-9.2.4-1.20131128.fc20.x86_64 @updates 更新 9.2.5-1.20131220.fc20.x86_64 @updates 更新完毕 mesa-libOSMesa-9.2.4-1.20131128.fc20.x86_64 @updates 更新 9.2.5-1.20131220.fc20.x86_64 @updates 更新完毕 mesa-libOSMesa-devel-9.2.4-1.20131128.fc20.x86_64 @updates 更新 9.2.5-1.20131220.fc20.x86_64 @updates 更新完毕 mesa-libgbm-9.2.4-1.20131128.fc20.i686 @updates 更新完毕 mesa-libgbm-9.2.4-1.20131128.fc20.x86_64 @updates 更新 9.2.5-1.20131220.fc20.i686 @updates 更新 9.2.5-1.20131220.fc20.x86_64 @updates 更新完毕 mesa-libgbm-devel-9.2.4-1.20131128.fc20.x86_64 @updates 更新 9.2.5-1.20131220.fc20.x86_64 @updates 更新完毕 mesa-libglapi-9.2.4-1.20131128.fc20.i686 @updates 更新完毕 mesa-libglapi-9.2.4-1.20131128.fc20.x86_64 @updates 更新 9.2.5-1.20131220.fc20.i686 @updates 更新 9.2.5-1.20131220.fc20.x86_64 @updates 更新完毕 mesa-libwayland-egl-9.2.4-1.20131128.fc20.x86_64 @updates 更新 9.2.5-1.20131220.fc20.x86_64 @updates 更新完毕 mesa-libwayland-egl-devel-9.2.4-1.20131128.fc20.x86_64 @updates 更新 9.2.5-1.20131220.fc20.x86_64 @updates 更新完毕 mesa-libxatracker-9.2.4-1.20131128.fc20.x86_64 @updates 更新完毕 mesa-vdpau-drivers-9.2.4-1.20131128.fc20.x86_64 @updates
更新 9.2.5-1.20131220.fc20.x86_64 @updates
依赖安装 pcre-devel-8.33-2.fc20.1.x86_64 @fedora
更新完毕 python-fedora-0.3.32.3-3.fc20.noarch @?fedora
更新 0.3.33-1.fc20.noarch @updates
更新完毕 samba-client-2:4.1.2-1.fc20.x86_64 @updates
更新 2:4.1.3-2.fc20.x86_64 @updates
更新完毕 samba-common-2:4.1.2-1.fc20.x86_64 @updates
更新 2:4.1.3-2.fc20.x86_64 @updates
更新完毕 samba-libs-2:4.1.2-1.fc20.x86_64 @updates
更新 2:4.1.3-2.fc20.x86_64 @updates
更新完毕 samba-winbind-2:4.1.2-1.fc20.x86_64 @updates
更新 2:4.1.3-2.fc20.x86_64 @updates
更新完毕 samba-winbind-clients-2:4.1.2-1.fc20.x86_64 @updates
更新 2:4.1.3-2.fc20.x86_64 @updates
更新完毕 samba-winbind-modules-2:4.1.2-1.fc20.x86_64 @updates
更新 2:4.1.3-2.fc20.x86_64 @updates
更新完毕 turbojpeg-1.3.0-1.fc20.i686 @fedora
更新完毕 turbojpeg-1.3.0-1.fc20.x86_64 @fedora
更新 1.3.0-2.fc20.i686 @updates
更新 1.3.0-2.fc20.x86_64 @updates
history info
Do you know how you did it? Do you have a local policy? *** This bug has been marked as a duplicate of bug 1045801 *** |
Description of problem: SELinux is preventing /usr/bin/Xorg from 'getattr' accesses on the chr_file /dev/dri/card1. ***** Plugin catchall (100. confidence) suggests ************************** If 您确定应默认允许 Xorg getattr 访问 card1 chr_file。 Then 您应该将这个情况作为 bug 报告。 您可以生成本地策略模块允许这个访问。 Do 请执行以下命令此时允许这个访问: # grep Xorg /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context system_u:system_r:bumblebee_t:s0 Target Context system_u:object_r:dri_device_t:s0 Target Objects /dev/dri/card1 [ chr_file ] Source Xorg Source Path /usr/bin/Xorg Port <Unknown> Host (removed) Source RPM Packages xorg-x11-server-Xorg-1.14.4-5.fc20.x86_64 Target RPM Packages Policy RPM selinux-policy-3.12.1-106.fc20.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 3.12.5-302.fc20.x86_64 #1 SMP Tue Dec 17 20:42:32 UTC 2013 x86_64 x86_64 Alert Count 1 First Seen 2013-12-22 17:51:19 CST Last Seen 2013-12-22 17:51:19 CST Local ID 492a918c-61b5-4762-b740-7f77384db8e5 Raw Audit Messages type=AVC msg=audit(1387705879.890:1179): avc: denied { getattr } for pid=5456 comm="Xorg" path="/dev/dri/card1" dev="devtmpfs" ino=25454 scontext=system_u:system_r:bumblebee_t:s0 tcontext=system_u:object_r:dri_device_t:s0 tclass=chr_file type=SYSCALL msg=audit(1387705879.890:1179): arch=x86_64 syscall=fstat success=yes exit=0 a0=11 a1=7fff645c1f10 a2=7fff645c1f10 a3=0 items=0 ppid=4731 pid=5456 auid=4294967295 uid=0 gid=1001 euid=0 suid=0 fsuid=0 egid=1001 sgid=1001 fsgid=1001 ses=4294967295 tty=(none) comm=Xorg exe=/usr/bin/Xorg subj=system_u:system_r:bumblebee_t:s0 key=(null) Hash: Xorg,bumblebee_t,dri_device_t,chr_file,getattr Additional info: reporter: libreport-2.1.10 hashmarkername: setroubleshoot kernel: 3.12.5-302.fc20.x86_64 type: libreport