Bug 1221291

This bug appears to have been reported against 'rawhide' during the Fedora 23 development cycle.
Changing version to '23'.

(As we did not run this process for some time, it could affect also pre-Fedora 23 development
cycle bugs. We are very sorry. It will help us with cleanup during Fedora 23 End Of Life. Thank you.)

More information and reason for this action is here:
https://fedoraproject.org/wiki/BugZappers/HouseKeeping/Fedora23

This bug appears to have been reported against 'rawhide' during the Fedora 24 development cycle.
Changing version to '24'.

More information and reason for this action is here:
https://fedoraproject.org/wiki/Fedora_Program_Management/HouseKeeping/Fedora24#Rawhide_Rebase

This package has changed ownership in the Fedora Package Database.  Reassigning to the new owner of this component.

Any update?

Hi All, 

Is this still actual? 

Thanks,
Lukas.

> Is this still actual? 

What do you mean by actual? If you mean if it's still a requirement, yes.

Why did you remove tracking?

Peter,

This is how Tracking is described in bugzilla:

This bug is a tracking bug. That means that this bug is only used as a placeholder for a particular set of changes which are split over a number of different bugs. All those bugs can be set to block this Tracking bug, so we have an easy way to query the status of a larger project based on the dependency tree of the Tracking bug. Tracking bugs do not require a release flag or acks.

Did you really mean it this way?

(In reply to Zdenek Pytela from comment #8)
> Peter,
> 
> This is how Tracking is described in bugzilla:
> 
> This bug is a tracking bug. That means that this bug is only used as a
> placeholder for a particular set of changes which are split over a number of
> different bugs. All those bugs can be set to block this Tracking bug, so we
> have an easy way to query the status of a larger project based on the
> dependency tree of the Tracking bug. Tracking bugs do not require a release
> flag or acks.
> 
> Did you really mean it this way?

It also means it's not closed or moved to a specific release when it's not been fixed and it's an RFE so yes, I meant to have it on tracking so it doens't get closed and i don't have to keep moving it until it's implemented.

This package has changed maintainer in the Fedora.
Reassigning to the new maintainer of this component.

Hi Peter,

Can you please reproduce it again and attach AVC messages?


Also before reproducing it is useful to have enabled full auditing:

Open /etc/audit/rules.d/audit.rules file in an editor.

 1. Remove following line if it exists:

-a task,never

 2. Add following line at the end of the file:

-w /etc/shadow -p w

 3. Restart the audit daemon:

 # service auditd restart

Thank you

Nikola

# rpm -qa selinux\* mosquitto\* | sort
mosquitto-2.0.15-1.fc36.x86_64
selinux-policy-36.14-1.fc36.noarch
selinux-policy-devel-36.14-1.fc36.noarch
selinux-policy-targeted-36.14-1.fc36.noarch
# rpm -V mosquitto
# sestatus 
SELinux status:                 enabled
SELinuxfs mount:                /sys/fs/selinux
SELinux root directory:         /etc/selinux
Loaded policy name:             targeted
Current mode:                   enforcing
Mode from config file:          enforcing
Policy MLS status:              enabled
Policy deny_unknown status:     allowed
Memory protection checking:     actual (secure)
Max kernel policy version:      33
# service mosquitto status
Redirecting to /bin/systemctl status mosquitto.service
● mosquitto.service - Mosquitto MQTT Broker
     Loaded: loaded (/usr/lib/systemd/system/mosquitto.service; disabled; vendor preset: disabled)
     Active: active (running) since Tue 2022-09-06 10:34:46 CEST; 9min ago
       Docs: man:mosquitto.conf(5)
             man:mosquitto(8)
    Process: 1800 ExecStartPre=/bin/mkdir -m 740 -p /var/log/mosquitto (code=exited, status=0/SUCCESS)
    Process: 1801 ExecStartPre=/bin/chown mosquitto:mosquitto /var/log/mosquitto (code=exited, status=0/SUCCESS)
    Process: 1802 ExecStartPre=/bin/mkdir -m 740 -p /run/mosquitto (code=exited, status=0/SUCCESS)
    Process: 1803 ExecStartPre=/bin/chown mosquitto:mosquitto /run/mosquitto (code=exited, status=0/SUCCESS)
   Main PID: 1804 (mosquitto)
      Tasks: 1 (limit: 2317)
     Memory: 1.1M
        CPU: 357ms
     CGroup: /system.slice/mosquitto.service
             └─ 1804 /usr/sbin/mosquitto -c /etc/mosquitto/mosquitto.conf

Sep 06 10:34:46 fedora systemd[1]: Starting mosquitto.service - Mosquitto MQTT Broker...
Sep 06 10:34:46 fedora mosquitto[1804]: 1662453286: mosquitto version 2.0.15 starting
Sep 06 10:34:46 fedora mosquitto[1804]: 1662453286: Config loaded from /etc/mosquitto/mosquitto.conf.
Sep 06 10:34:46 fedora mosquitto[1804]: 1662453286: Starting in local only mode. Connections will only be possible from clients running on this machine.
Sep 06 10:34:46 fedora mosquitto[1804]: 1662453286: Create a configuration file which defines a listener to allow remote access.
Sep 06 10:34:46 fedora mosquitto[1804]: 1662453286: For more details see https://mosquitto.org/documentation/authentication-methods/
Sep 06 10:34:46 fedora mosquitto[1804]: 1662453286: Opening ipv4 listen socket on port 1883.
Sep 06 10:34:46 fedora mosquitto[1804]: 1662453286: Opening ipv6 listen socket on port 1883.
Sep 06 10:34:46 fedora mosquitto[1804]: 1662453286: mosquitto version 2.0.15 running
Sep 06 10:34:46 fedora systemd[1]: Started mosquitto.service - Mosquitto MQTT Broker.
# ps -efZ | grep mosq
system_u:system_r:unconfined_service_t:s0 mosquit+ 1804 1  0 10:34 ?       00:00:00 /usr/sbin/mosquitto -c /etc/mosquitto/mosquitto.conf
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 root 1971 1901  0 10:44 pts/0 00:00:00 grep --color=auto mosq
# ls -lZ /usr/sbin/mosquitto 
-rwxr-xr-x. 1 root root system_u:object_r:bin_t:s0 294008 Aug 17 17:15 /usr/sbin/mosquitto
# ausearch -m avc -m user_avc -m selinux_err -i -ts today
<no matches>
#

The mosquitto service seems to run successfully on my Fedora 36 VM. No configuration changes made.

CLosing until I can revisit.