Bug 1089484
| Summary: | SELinux is preventing /usr/libexec/fprintd from 'read' accesses on the directory . | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Seb L. <D8F55524> |
| Component: | selinux-policy | Assignee: | Lukas Vrabec <lvrabec> |
| Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 20 | CC: | dominick.grift, dwalsh, lvrabec, mgrepl |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | i686 | ||
| OS: | Unspecified | ||
| Whiteboard: | abrt_hash:9d936ca491ebb0c6725acb09b9c18162a2e30efd490cb357c5eaa680d58e1fc2 | ||
| Fixed In Version: | selinux-policy-3.12.1-158.fc20 | Doc Type: | Bug Fix |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2014-05-01 22:29:22 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
Hi, I added dontaudit rule like in bug #665749. commit 953c4d67d2b25d624b82d15f26952b46699f14ea Author: Lukas Vrabec <lvrabec> Date: Tue Apr 22 10:08:40 2014 +0200 Added fprintd dontaudit tmp dirs rule selinux-policy-3.12.1-158.fc20 has been submitted as an update for Fedora 20. https://admin.fedoraproject.org/updates/selinux-policy-3.12.1-158.fc20 Package selinux-policy-3.12.1-158.fc20: * should fix your issue, * was pushed to the Fedora 20 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing selinux-policy-3.12.1-158.fc20' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2014-5660/selinux-policy-3.12.1-158.fc20 then log in and leave karma (feedback). selinux-policy-3.12.1-158.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report. |
Description of problem: SELinux is preventing /usr/libexec/fprintd from 'read' accesses on the directory . ***** Plugin catchall (100. confidence) suggests ************************** If vous pensez que fprintd devrait être autorisé à accéder read sur directory par défaut. Then vous devriez rapporter ceci en tant qu'anomalie. Vous pouvez générer un module de stratégie local pour autoriser cet accès. Do autoriser cet accès pour le moment en exécutant : # grep fprintd /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context system_u:system_r:fprintd_t:s0 Target Context system_u:object_r:tmp_t:s0 Target Objects [ dir ] Source fprintd Source Path /usr/libexec/fprintd Port <Unknown> Host (removed) Source RPM Packages fprintd-0.5.1-1.fc20.i686 Target RPM Packages Policy RPM selinux-policy-3.12.1-149.fc20.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 3.13.10-200.fc20.i686+PAE #1 SMP Mon Apr 14 20:47:16 UTC 2014 i686 i686 Alert Count 5 First Seen 2014-04-19 17:18:32 CEST Last Seen 2014-04-19 17:19:51 CEST Local ID 12171a26-de05-4bc3-afc1-7692dba40a0d Raw Audit Messages type=AVC msg=audit(1397920791.868:382): avc: denied { read } for pid=1669 comm="fprintd" name="tmp" dev="dm-1" ino=786534 scontext=system_u:system_r:fprintd_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=dir type=SYSCALL msg=audit(1397920791.868:382): arch=i386 syscall=open success=no exit=EACCES a0=449d53e9 a1=0 a2=1b6 a3=899bc30 items=0 ppid=1 pid=1669 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 ses=4294967295 tty=(none) comm=fprintd exe=/usr/libexec/fprintd subj=system_u:system_r:fprintd_t:s0 key=(null) Hash: fprintd,fprintd_t,tmp_t,dir,read Additional info: reporter: libreport-2.2.1 hashmarkername: setroubleshoot kernel: 3.13.10-200.fc20.i686+PAE type: libreport Potential duplicate: bug 665749