Bug 1161169
| Summary: | SELinux is preventing /usr/libexec/bluetooth/bluetoothd from read, write access on the chr_file uhid. | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Guillaume Poirier-Morency <guillaumepoiriermorency> |
| Component: | selinux-policy | Assignee: | Miroslav Grepl <mgrepl> |
| Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 21 | CC: | dominick.grift, dwalsh, lvrabec, mgrepl, peeter, plautrba |
| Target Milestone: | --- | Keywords: | Reopened |
| Target Release: | --- | ||
| Hardware: | x86_64 | ||
| OS: | Unspecified | ||
| Whiteboard: | abrt_hash:352f460b60ef218d4ed3ec75dfb7010d66ba36da5ad7e69af87d0a040981912f | ||
| Fixed In Version: | selinux-policy-3.13.1-99.fc21 | Doc Type: | Bug Fix |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2014-12-03 17:15:27 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
Hi, Please use: # restorecon -v /etc/shadow to fix our issue. Soryy bad bug. *** Bug 1105423 has been marked as a duplicate of this bug. *** commit a15918e01b5084e43b21ccebaa9f9b1908d59c86
Author: Lukas Vrabec <lvrabec>
Date: Fri Nov 7 13:23:21 2014 +0100
Allow bluetooth read/write uhid devices. BZ (1161169)
Fixed in rawhide,f21,f20
selinux-policy-3.13.1-99.fc21 has been submitted as an update for Fedora 21. https://admin.fedoraproject.org/updates/selinux-policy-3.13.1-99.fc21 selinux-policy-3.13.1-99.fc21 has been pushed to the Fedora 21 stable repository. If problems still persist, please make note of it in this bug report. |
Description of problem: SELinux is preventing /usr/libexec/bluetooth/bluetoothd from read, write access on the chr_file uhid. ***** Plugin catchall (100. confidence) suggests ************************** If vous pensez que bluetoothd devrait être autorisé à accéder read write sur uhid chr_file par défaut. Then vous devriez rapporter ceci en tant qu'anomalie. Vous pouvez générer un module de stratégie local pour autoriser cet accès. Do autoriser cet accès pour le moment en exécutant : # grep bluetoothd /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context system_u:system_r:bluetooth_t:s0 Target Context system_u:object_r:uhid_device_t:s0 Target Objects uhid [ chr_file ] Source bluetoothd Source Path /usr/libexec/bluetooth/bluetoothd Port <Unknown> Host (removed) Source RPM Packages bluez-5.23-1.fc21.x86_64 Target RPM Packages Policy RPM selinux-policy-3.13.1-92.fc21.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 3.17.2-300.fc21.x86_64 #1 SMP Thu Oct 30 19:23:48 UTC 2014 x86_64 x86_64 Alert Count 98 First Seen 2014-10-19 17:06:52 EDT Last Seen 2014-11-06 09:51:15 EST Local ID 29812fb1-c711-46b0-892a-328cef63c35a Raw Audit Messages type=AVC msg=audit(1415285475.339:28): avc: denied { read write } for pid=749 comm="bluetoothd" name="uhid" dev="devtmpfs" ino=13015 scontext=system_u:system_r:bluetooth_t:s0 tcontext=system_u:object_r:uhid_device_t:s0 tclass=chr_file permissive=0 type=SYSCALL msg=audit(1415285475.339:28): arch=x86_64 syscall=open success=no exit=EACCES a0=7fdcae983025 a1=80002 a2=7fdcb07b0d00 a3=50 items=0 ppid=1 pid=749 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=bluetoothd exe=/usr/libexec/bluetooth/bluetoothd subj=system_u:system_r:bluetooth_t:s0 key=(null) Hash: bluetoothd,bluetooth_t,uhid_device_t,chr_file,read,write Version-Release number of selected component: selinux-policy-3.13.1-92.fc21.noarch Additional info: reporter: libreport-2.3.0 hashmarkername: setroubleshoot kernel: 3.17.2-300.fc21.x86_64 type: libreport Potential duplicate: bug 1105423