Bug 1245477
Summary: | SELinux is preventing abrt-hook-ccpp from using the 'sigchld' accesses on a process. | ||||||
---|---|---|---|---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Jean-Christophe Baptiste <jc> | ||||
Component: | selinux-policy | Assignee: | Lukas Vrabec <lvrabec> | ||||
Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||
Severity: | urgent | Docs Contact: | |||||
Priority: | urgent | ||||||
Version: | 22 | CC: | 7kaifi, adam, alain.carcel, alick9188, amessina, amidius.1992, amit.shah, angiolucci, antonio.montagnani, as.maps, assuncao2gether, autarch, awilliam, azzow.sy, bcrussi, beland, brentrbrian, bruno.thomsen, bugiardolr, bugzilla, bugzilla, bvtbd946, bztdlinux, cbi207214864, chmelarz, crosbytr, david, decathorpe, deesto, diegocasast, dinimito2, dominick.grift, dwalsh, ebirman77, edosurina, edward07w, elitedeciel, emashukoff, ericksondyeggo, erihe251, fedora, foss, fraph24, fulminemizzega, geezuslucifer, genes1122, gerard.fernandes, glauber.roch7, grzeniek, gustavo, hhurley3, hx, jankowalski25, japan, jarr5, jax6, jayabharat, jbrandt, jeharris, jfilak, jfrieben, joarivera, jorti, josephstamand, joshua, jskarvad, jsmith.fedora, jtfas90, kasunranasinghe303, k.a.szmit, khanderia.h, komitikki, lantw44, laufor, lslebodn, luis.st, luya, lvrabec, marco.guazzone, marco.kunzli, martincigorraga, mcatanzaro+wrong-account-do-not-cc, mgrepl, michael, mikhail.v.gavrilov, mkluge.04, mov_ebpesp, nalimilan, nexfwall, nikola.p-k, oliver, olivier.reyes.r, pablo, padrebrunoalmeida, padudzinski, peljasz, phoenixresurrec, plautrba, pschindl, psi-jack, rabin, rajesh, raulmanga18, r, rehol3, req1348, rich, robert-brooks, robin.bowes, rrdinu, rupatel, schnepp.david, severen, shenada, silvio.a.palmieri, spike85051, sylvain.julmy, tadbilby, thomas, tomspur, tunomarsan, uckelman, vidhan1995.jain, viduranga.randila, vikigoyal, vrutkovs, wilf, Wolfgang.Reh, yajo.sk8, zman0900 | ||||
Target Milestone: | --- | Keywords: | Reopened | ||||
Target Release: | --- | ||||||
Hardware: | x86_64 | ||||||
OS: | Unspecified | ||||||
Whiteboard: | abrt_hash:e6d10fcd6f18e995dfe405a4aefb445f20ab0971bcc32b9d72dad9e065f8049f | ||||||
Fixed In Version: | selinux-policy-3.13.1-128.18.fc22 selinux-policy-3.13.1-128.21.fc22 | Doc Type: | Bug Fix | ||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | |||||||
: | 1254188 1276305 (view as bug list) | Environment: | |||||
Last Closed: | 2015-11-27 03:54:39 UTC | Type: | --- | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Bug Depends On: | |||||||
Bug Blocks: | 1254188, 1276305 | ||||||
Attachments: |
|
Description
Jean-Christophe Baptiste
2015-07-22 07:25:21 UTC
Description of problem: Fingerprint to access sudo Version-Release number of selected component: selinux-policy-3.13.1-128.6.fc22.noarch Additional info: reporter: libreport-2.6.1 hashmarkername: setroubleshoot kernel: 4.0.8-300.fc22.x86_64 type: libreport Description of problem: installed all updates as of Monday, July 27th. After the updates started receiving this selinux issue. Version-Release number of selected component: selinux-policy-3.13.1-128.6.fc22.noarch Additional info: reporter: libreport-2.6.1 hashmarkername: setroubleshoot kernel: 4.0.8-300.fc22.x86_64 type: libreport Description of problem: gnome-shell crashed on a monitor attach event, then abrt crashed while processing that crash Version-Release number of selected component: selinux-policy-3.13.1-128.8.fc22.noarch Additional info: reporter: libreport-2.6.2 hashmarkername: setroubleshoot kernel: 4.1.2-200.fc22.x86_64 type: libreport Description of problem: This often happens during the normal use of Firefox in Fedora 22. No particular actions. Version-Release number of selected component: selinux-policy-3.13.1-128.8.fc22.noarch Additional info: reporter: libreport-2.6.2 hashmarkername: setroubleshoot kernel: 4.1.3-200.fc22.x86_64 type: libreport Jakub, what was our solution here? (In reply to Miroslav Grepl from comment #5) > Jakub, > what was our solution here? /usr/libexec/abrt-hook-ccpp is a core dumper used in /proc/sys/kernel/core_pattern. Strating with abrt-2.6.1, abrt-hook-ccpp tries to ptrace(PTRACE_SEIZE, ..., PTRACE_O_TRACEEXIT) the process that is being dumped by kernel. It does that because we want to generate the crash backtrace before kernel unloads the process's memory. After we call ptrace() we have to waitpid() and check whether the ptrace action was successful. If you want to trigger this functionality, just kill something with SIGABRT or run /usr/bin/will_segfault. We did not notice any AVC when we were testing this feature. Should we label it as abrt_helper_exec_t? # chcon -t abrt_helper_exec_t /usr/libexec/abrt-hook-ccpp Description of problem: Fedora Workstation 22 (x86-64) is installed as Guest in VMWare Workstation 10.0.7 (Hostsystem is Win 8.1 Enterprise, x86-64). I installed updates ("su" with pwd) with "dnf updates" in a terminal session. I get a SELinux Alert before the updates are complete finished. Version-Release number of selected component: selinux-policy-3.13.1-128.8.fc22.noarch Additional info: reporter: libreport-2.6.2 hashmarkername: setroubleshoot kernel: 4.1.3-201.fc22.x86_64 type: libreport Description of problem: installed a new copy of F22, all upgraded, no other appication installed other that gnome tweak tool. Constantly comes up, and eventually crashed. Version-Release number of selected component: selinux-policy-3.13.1-128.8.fc22.noarch Additional info: reporter: libreport-2.6.2 hashmarkername: setroubleshoot kernel: 4.1.3-201.fc22.x86_64 type: libreport Description of problem: Fedora 22 (x64) works as guest in a VMWare Workstation v10.0.7. Installed as "su" Adobe Flash Plugin in a terminal session with "dnf install adobe-release-x86_64-1.0-1.noarch.rpm" then "dnf install flash-plugin". After i close the terminal session with "exit" (su) and another "exit" (for the terminal session) i checked the installation in Firefox and closed the browser. Then i get a SELinux Alert and i am logged out. Version-Release number of selected component: selinux-policy-3.13.1-128.8.fc22.noarch Additional info: reporter: libreport-2.6.2 hashmarkername: setroubleshoot kernel: 4.1.3-201.fc22.x86_64 type: libreport *** Bug 1245756 has been marked as a duplicate of this bug. *** (In reply to Miroslav Grepl from comment #7) > Should we label it as abrt_helper_exec_t? > > # chcon -t abrt_helper_exec_t /usr/libexec/abrt-hook-ccpp Ok we probably need to add another ABRT domain - either abrt_dump_oops_t or a new one. The point is this new domain will need to ptrace random domains and will require sigchld. *** Bug 1246784 has been marked as a duplicate of this bug. *** Lukas, it works with $ cat myabrt.cil (block abrt_dump_oops_t) (block kernel_t) (in kernel_t (optional kernel_optional_abrt (call domtrans_pattern (kernel_t abrt_dump_oops_exec_t abrt_dump_oops_t)))) (in abrt_dump_oops_t (allow abrt_dump_oops_t self (capability (kill net_admin sys_ptrace))) (allow abrt_dump_oops_t proc_security_t (file (getattr read open))) (call domain_ptrace_all_domains (abrt_dump_oops_t)) (call domain_read_all_domains_state (abrt_dump_oops_t)) (call domain_signull_all_domains (abrt_dump_oops_t))) Description of problem: I saw this alert after waking the system from suspension. Version-Release number of selected component: selinux-policy-3.13.1-128.10.fc22.noarch Additional info: reporter: libreport-2.6.2 hashmarkername: setroubleshoot kernel: 4.1.5-200.fc22.x86_64 type: libreport Description of problem: Woke the system from suspend, there was an alert notice on the GDM lock screen regarding Abrt. After pressing ESC to lift the lock screen BAM! GDM or X crashed and then restarted -- of course losing my currently running session :'( Nonetheless, thanks everyone for putting everything together to make F22 a great distro. Version-Release number of selected component: selinux-policy-3.13.1-128.10.fc22.noarch Additional info: reporter: libreport-2.6.2 hashmarkername: setroubleshoot kernel: 4.1.5-200.fc22.x86_64 type: libreport commit ca95767f8e2db2296343db21b47852b820a8bb24 Author: Lukas Vrabec <lvrabec> Date: Tue Aug 18 18:00:41 2015 +0200 Allow abrt_dump_oops_t to read proc_security_t files. commit a7ca01f148f78355a0795c14570890c112410e0c Author: Lukas Vrabec <lvrabec> Date: Tue Aug 18 17:55:18 2015 +0200 Allow abrt_dump_oops to signull all domains Allow abrt_dump_oops to read all domains state Allow abrt_dump_oops to ptrace all domains commit 7c68bff8cd0381677e3953c7c9eeb4d6f1dac729 Author: Lukas Vrabec <lvrabec> Date: Tue Aug 18 17:54:57 2015 +0200 Add interface abrt_dump_oops_domtrans() commit 9c122650fa1ef973594fcbc6d4c9dff967b9cfa6 Author: Lukas Vrabec <lvrabec> Date: Tue Aug 18 17:57:21 2015 +0200 Allow kernel_t domtrans to abrt_dump_oops_t Description of problem: Woke up the system and found the alert on the lock screen :'( Version-Release number of selected component: selinux-policy-3.13.1-128.10.fc22.noarch Additional info: reporter: libreport-2.6.2 hashmarkername: setroubleshoot kernel: 4.1.5-200.fc22.x86_64 type: libreport selinux-policy-3.13.1-128.12.fc22 has been submitted as an update to Fedora 22. https://bugzilla.redhat.com/show_bug.cgi?id=1245477 *** Bug 1256050 has been marked as a duplicate of this bug. *** selinux-policy-3.13.1-128.12.fc22 has been pushed to the Fedora 22 testing repository. If problems still persist, please make note of it in this bug report.\nIf you want to test the update, you can install it with \n su -c 'yum --enablerepo=updates-testing update selinux-policy'. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2015-14076 Description of problem: fprintd.service segfault Version-Release number of selected component: selinux-policy-3.13.1-128.12.fc22.noarch Additional info: reporter: libreport-2.6.2 hashmarkername: setroubleshoot kernel: 4.1.5-200.fc22.x86_64 type: libreport This happens when I login to the system or unlock the screen. selinux-policy from updates-testing is already installed. Additional Information: Source Context system_u:system_r:fprintd_t:s0 Target Context system_u:system_r:kernel_t:s0 Target Objects Unknown [ process ] Source abrt-hook-ccpp Source Path /usr/libexec/abrt-hook-ccpp Port <Unknown> Host wnn Source RPM Packages abrt-addon-coredump-helper-2.6.1-2.fc22.x86_64 Target RPM Packages Policy RPM selinux-policy-3.13.1-128.12.fc22.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name wnn Platform Linux wnn 4.1.5-200.fc22.x86_64 #1 SMP Mon Aug 10 23:38:23 UTC 2015 x86_64 x86_64 Alert Count 12 First Seen 2015-08-25 17:58:36 CST Last Seen 2015-08-26 17:52:06 CST Local ID a9bbcde8-08bd-4a19-89fb-30853a73cb1a Raw Audit Messages type=AVC msg=audit(1440582726.335:26278): avc: denied { sigchld } for pid=9849 comm="abrt-hook-ccpp" scontext=system_u:system_r:fprintd_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=0 type=SYSCALL msg=audit(1440582726.335:26278): arch=x86_64 syscall=wait4 success=no exit=EACCES a0=2405 a1=7fff77148d7c a2=0 a3=0 items=0 ppid=31635 pid=9849 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=abrt-hook-ccpp exe=/usr/libexec/abrt-hook-ccpp subj=system_u:system_r:kernel_t:s0 key=(null) Hash: abrt-hook-ccpp,fprintd_t,kernel_t,process,sigchld Description of problem: no idea...it appeard when I unlocked my PC Version-Release number of selected component: selinux-policy-3.13.1-128.10.fc22.noarch Additional info: reporter: libreport-2.6.2 hashmarkername: setroubleshoot kernel: 4.1.5-200.fc22.x86_64 type: libreport *** Bug 1257313 has been marked as a duplicate of this bug. *** selinux-policy-3.13.1-128.12.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report. Description of problem: Tried to connect to a running docker container using docker exce -ti <hash> Was unable to because of SELinux error Works OK in permissive mode Version-Release number of selected component: selinux-policy-3.13.1-128.12.fc22.noarch Additional info: reporter: libreport-2.6.2 hashmarkername: setroubleshoot kernel: 4.1.6-200.fc22.x86_64 type: libreport Description of problem: unlock screen and fprintd segfault Version-Release number of selected component: selinux-policy-3.13.1-128.12.fc22.noarch Additional info: reporter: libreport-2.6.2 hashmarkername: setroubleshoot kernel: 4.1.6-200.fc22.x86_64 type: libreport Created attachment 1070174 [details]
journalctl -b 0
I'm reopening as (as others above) I've just seen this again with selinux-policy 3.13.1-128.12.fc22.
See the attached log:
sept. 04 08:58:24 milan abrt-hook-ccpp[13793]: Failed to create core_backtrace: waitpid failed: Permission denied
A possible explanation is that it looks like systemd-journald crashed, as can be seen from this line:
sept. 04 09:00:34 milan abrt-server[13832]: Deleting problem directory ccpp-2015-09-04-08:58:15-423 (dup of ccpp-2015-06-28-17:43:01-403)
The latter problem directory is about systemd-journald. Maybe some processes require more permissions than others?
Description of problem: i really dont know~ Version-Release number of selected component: selinux-policy-3.13.1-128.12.fc22.noarch Additional info: reporter: libreport-2.6.2 hashmarkername: setroubleshoot kernel: 4.1.6-200.fc22.x86_64 type: libreport Description of problem: Nothing -- logged into system. Version-Release number of selected component: selinux-policy-3.13.1-128.13.fc22.noarch Additional info: reporter: libreport-2.6.2 hashmarkername: setroubleshoot kernel: 4.1.6-201.fc22.x86_64 type: libreport *** Bug 1247745 has been marked as a duplicate of this bug. *** Description of problem: I received this bug with SELinux?! Version-Release number of selected component: selinux-policy-3.13.1-128.13.fc22.noarch Additional info: reporter: libreport-2.6.2 hashmarkername: setroubleshoot kernel: 4.1.7-200.fc22.x86_64 type: libreport At my system this was happened by call: "setenforce 0" Description of problem: Boot and login Version-Release number of selected component: selinux-policy-3.13.1-128.13.fc22.noarch Additional info: reporter: libreport-2.6.2 hashmarkername: setroubleshoot kernel: 4.1.7-200.fc22.x86_64 type: libreport *** Bug 1246757 has been marked as a duplicate of this bug. *** *** Bug 1266598 has been marked as a duplicate of this bug. *** Description of problem: It just happened. I don't know what triggered it. Version-Release number of selected component: selinux-policy-3.13.1-128.16.fc22.noarch Additional info: reporter: libreport-2.6.2 hashmarkername: setroubleshoot kernel: 4.1.8-200.fc22.x86_64 type: libreport Description of problem: dnf upgrade with these packages updated in the end: curl.x86_64 7.45.0-1.0.cf.fc22 google-chrome-beta.x86_64 46.0.2490.64-1 libcurl.x86_64 7.45.0-1.0.cf.fc22 libcurl-devel.x86_64 7.45.0-1.0.cf.fc22 libnm-gtk.x86_64 1.0.6-3.fc22 libteam.x86_64 1.21-1.fc22 nm-connection-editor.x86_64 1.0.6-3.fc22 orca.noarch 3.16.3-1.fc22 perl-namespace-clean.noarch 0.26-1.fc22 python-beautifulsoup4.noarch 4.4.1-1.fc22 teamd.x86_64 1.21-1.fc22 Version-Release number of selected component: selinux-policy-3.13.1-128.16.fc22.noarch Additional info: reporter: libreport-2.6.2 hashmarkername: setroubleshoot kernel: 4.1.8-200.fc22.x86_64 type: libreport selinux-policy-3.13.1-128.18.fc22 has been submitted as an update to Fedora 22. https://bodhi.fedoraproject.org/updates/FEDORA-2015-946cd8d690 Description of problem: I installed the application from the site https://extensions.gnome.org/ kaffein SELinux is preventing abrt-hook-ccpp from using the sigchld access on a process. Module: catchall you want to allow abrt-hook-ccpp to have sigchld access on the Unknown processEsli you think abrt-hook-ccpp sigchld should allow access to the processes of the type kernel_t default. It is recommended to create a bug report. To allow access, you can create a local policy module. To allow access, run: # Grep abrt-hook-ccpp /var/log/audit/audit.log | audit2allow -M mypol # Semodule -i mypol.pp Version-Release number of selected component: selinux-policy-3.13.1-128.16.fc22.noarch Additional info: reporter: libreport-2.6.2 hashmarkername: setroubleshoot kernel: 4.1.10-200.fc22.x86_64 type: libreport Dmitry, Please check version of selinux-policy package. We fixed this in selinux-policy-3.13.1-128.18.fc22 and you using selinux-policy-3.13.1-128.16.fc22.noarch. Thank you. You were right I was a version of selinux-policy-3.13.1-128.16.fc22.noarh, updated to selinux-policy-3.13.1-128.18.fc22. Thank you very much! selinux-policy-3.13.1-128.18.fc22 has been pushed to the Fedora 22 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with $ su -c 'dnf --enablerepo=updates-testing update selinux-policy' You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2015-946cd8d690 I applied the update, but I still see a (different) SELinux warning. The update fixed the original issue but created another issue. This happens when I log in and fprintd segfault. SELinux is preventing /usr/libexec/abrt-hook-ccpp from getattr access on the file /usr/libexec/fprintd. ***** Plugin catchall (100. confidence) suggests ************************** If 您認為 abrt-hook-ccpp 就預設值應擁有 fprintd file 的 getattr 存取權。 Then 您應將此回報為錯誤。 您可產生本機模組,以允許這項存取。 Do 現在透過執行以下指令來允許此存取: # grep abrt-hook-ccpp /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context system_u:system_r:abrt_dump_oops_t:s0 Target Context system_u:object_r:fprintd_exec_t:s0 Target Objects /usr/libexec/fprintd [ file ] Source abrt-hook-ccpp Source Path /usr/libexec/abrt-hook-ccpp Port <Unknown> Host <hostname> Source RPM Packages abrt-addon-coredump-helper-2.6.1-5.fc22.x86_64 Target RPM Packages fprintd-0.6.0-1.fc22.x86_64 Policy RPM selinux-policy-3.13.1-128.18.fc22.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name wnn Platform Linux <hostname> 4.1.10-200.fc22.x86_64 #1 SMP Mon Oct 5 14:22:49 UTC 2015 x86_64 x86_64 Alert Count 1 First Seen 2015-10-10 15:49:05 CST Last Seen 2015-10-10 15:49:05 CST Local ID e6771c52-2912-4f4f-a4fb-7bc0ffd7b208 Raw Audit Messages type=AVC msg=audit(1444463345.425:294): avc: denied { getattr } for pid=3790 comm="abrt-hook-ccpp" path="/usr/libexec/fprintd" dev="sda2" ino=1233627 scontext=system_u:system_r:abrt_dump_oops_t:s0 tcontext=system_u:object_r:fprintd_exec_t:s0 tclass=file permissive=0 type=SYSCALL msg=audit(1444463345.425:294): arch=x86_64 syscall=stat success=no exit=EACCES a0=55990a7b9be0 a1=7ffe377e2b70 a2=7ffe377e2b70 a3=7aa items=0 ppid=113 pid=3790 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=abrt-hook-ccpp exe=/usr/libexec/abrt-hook-ccpp subj=system_u:system_r:abrt_dump_oops_t:s0 key=(null) Hash: abrt-hook-ccpp,abrt_dump_oops_t,fprintd_exec_t,file,getattr Version-Release number of selected component: selinux-policy-3.13.1-128.18.fc22.noarch Description of problem: I think qemu crashed? there's no entry in dmesg but it did disappear. Something else has been trigering this on my machine. Version-Release number of selected component: selinux-policy-3.13.1-128.13.fc22.noarch Additional info: reporter: libreport-2.6.2 hashmarkername: setroubleshoot kernel: 4.1.6-201.fc22.x86_64 type: libreport *** Bug 1270546 has been marked as a duplicate of this bug. *** Description of problem: This seems to happen on every boot. Version-Release number of selected component: selinux-policy-3.13.1-128.16.fc22.noarch Additional info: reporter: libreport-2.6.2 hashmarkername: setroubleshoot kernel: 4.1.10-200.fc22.x86_64 type: libreport Description of problem: Started a VM in Boxes. Version-Release number of selected component: selinux-policy-3.13.1-128.16.fc22.noarch Additional info: reporter: libreport-2.6.2 hashmarkername: setroubleshoot kernel: 4.1.8-200.fc22.x86_64 type: libreport Description of problem: Abrt is unable to run on some backtrace due to an AVC denial. Version-Release number of selected component: selinux-policy-3.13.1-128.18.fc22.noarch Additional info: reporter: libreport-2.6.3 hashmarkername: setroubleshoot kernel: 4.2.3-200.fc22.x86_64 type: libreport Description of problem: Started VM in Boxes. Version-Release number of selected component: selinux-policy-3.13.1-128.16.fc22.noarch Additional info: reporter: libreport-2.6.2 hashmarkername: setroubleshoot kernel: 4.2.3-200.fc22.x86_64 type: libreport Description of problem: I tried to switch users from the top-right menu. There was only one user logged in at the time; on console 2. (Console 1 being taken up by GDM.) GDM should have appeared, allowing me to login as a different user; however there was only a blank screen. Upon switch back to the logged in user with Ctr-Alt-F2 I noticed the SElinux notification attached. This has - to my knowledge - occured at least once before I reported this now; I switch users semi-regularly, normally there is no problem with this. Version-Release number of selected component: selinux-policy-3.13.1-128.16.fc22.noarch Additional info: reporter: libreport-2.6.2 hashmarkername: setroubleshoot kernel: 4.1.10-200.fc22.x86_64 type: libreport Description of problem: Happens after installing Fedora 23 Final RC2 Workstation x86_64 live in a KVM, running through g-i-s to create a user, and logging in. It's in sealert as soon as you can run it, so not sure exactly when it happens. Version-Release number of selected component: selinux-policy-3.13.1-152.fc23.noarch Additional info: reporter: libreport-2.6.2 hashmarkername: setroubleshoot kernel: 4.2.3-300.fc23.x86_64 type: libreport Description of problem: Printing Amazon Return from Chrome. Clicked on Print Label & Return Button <javascript:window.print()> Using the printer driver from Brother for a MFC-9970CDW This error happens when printing from Web browsers often (probably b/c of the javascript call?) but not in other progams/with other docs... Hope that helps! Version-Release number of selected component: selinux-policy-3.13.1-128.13.fc22.noarch Additional info: reporter: libreport-2.6.2 hashmarkername: setroubleshoot kernel: 4.1.7-200.fc22.x86_64 type: libreport Description of problem: Sorry, but I am really not sure. I was just working along and it popped up. At the moment I got the alreat I was reading an epub in Atril Document Viewer 1.10.2 Version-Release number of selected component: selinux-policy-3.13.1-128.16.fc22.noarch Additional info: reporter: libreport-2.6.2 hashmarkername: setroubleshoot kernel: 4.2.3-200.fc22.x86_64 type: libreport Description of problem: not really sure what happen, just in case sending this report I am. Version-Release number of selected component: selinux-policy-3.13.1-152.fc23.noarch Additional info: reporter: libreport-2.6.3 hashmarkername: setroubleshoot kernel: 4.2.3-300.fc23.x86_64 type: libreport selinux-policy-3.13.1-128.18.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report. This issue is not resolved with updating selinux-policy to selinux-policy-3.13.1-128.18.fc22. Please reopen. Description of problem: I'm working on my fedora, chrome browser, sublime text editor, Document Viewer, DB Browser for Sqlite is opening then locked my fedora. I cann't do nothing just move mouse pointer. Version-Release number of selected component: selinux-policy-3.13.1-128.16.fc22.noarch Additional info: reporter: libreport-2.6.2 hashmarkername: setroubleshoot kernel: 4.2.3-200.fc22.x86_64 type: libreport This problem still exists on Fedora 23 with all available updates applied. (In reply to Heiko Adams from comment #61) > This problem still exists on Fedora 23 with all available updates applied. Yes, there a problem with this. I created a new issue https://github.com/fedora-selinux/selinux-policy/issues/59 Description of problem: no idea Version-Release number of selected component: selinux-policy-3.13.1-128.18.fc22.noarch Additional info: reporter: libreport-2.6.3 hashmarkername: setroubleshoot kernel: 4.2.3-200.fc22.x86_64 type: libreport Description of problem: Fui salvar um documento no gedit e na tela de seleção do local cliquei em localizar para encontrar a pasta e pimba.... caiu tudo a porcaria e perdi um monte de informações importantes Version-Release number of selected component: selinux-policy-3.13.1-128.18.fc22.noarch Additional info: reporter: libreport-2.6.3 hashmarkername: setroubleshoot kernel: 4.2.3-200.fc22.x86_64 type: libreport Description of problem: At the time, I was browsing in Firefox and using HexChat when I first noticed this error. Version-Release number of selected component: selinux-policy-3.13.1-152.fc23.noarch Additional info: reporter: libreport-2.6.3 hashmarkername: setroubleshoot kernel: 4.2.3-300.fc23.x86_64 type: libreport Description of problem: I opened a PDF on evince and normally closed it minutes later. Then SELinux showed up a warning message. Version-Release number of selected component: selinux-policy-3.13.1-152.fc23.noarch Additional info: reporter: libreport-2.6.2 hashmarkername: setroubleshoot kernel: 4.2.3-300.fc23.x86_64 type: libreport (In reply to Justin W. Flory from comment #65) > At the time, I was browsing in Firefox and using HexChat when I first > noticed this error. (In reply to Vinicius Reis from comment #66) > I opened a PDF on evince and normally closed it minutes later. Then SELinux > showed up a warning message. I realize now that I quite likely also had some PDFs and LibreOffice Writer documents open around the time that I received this error. Description of problem: I was removing some files from an external drive using Nautilus. Version-Release number of selected component: selinux-policy-3.13.1-152.fc23.noarch Additional info: reporter: libreport-2.6.3 hashmarkername: setroubleshoot kernel: 4.2.3-300.fc23.x86_64 type: libreport Description of problem: Was reading a newspaper via Midori in Workspace 1 and had just posted a comment. Clicked on the back button and went somewhere unexpected followed by the application immediately closing down. Fedora remained stable and continued to work. Workspace 2 had VirtualBox running with Win 8.1 loaded. Workspace 3 had System Monitor loaded and Workspace 4 had ThunderBird checking emails. Version-Release number of selected component: selinux-policy-3.13.1-128.18.fc22.noarch Additional info: reporter: libreport-2.6.3 hashmarkername: setroubleshoot kernel: 4.2.3-200.fc22.x86_64 type: libreport Description of problem: Logged out from another session (Openbox), logged back with my main user into GNOME Shell and got a message alarting of an SELinux denial. Version-Release number of selected component: selinux-policy-3.13.1-152.fc23.noarch Additional info: reporter: libreport-2.6.3 hashmarkername: setroubleshoot kernel: 4.2.3-300.fc23.x86_64 type: libreport Description of problem: I was looking on details of failure in abrt. Version-Release number of selected component: selinux-policy-3.13.1-152.fc23.noarch Additional info: reporter: libreport-2.6.3 hashmarkername: setroubleshoot kernel: 4.2.3-300.fc23.x86_64 type: libreport Description of problem: Browsing the web, reading stuff... Version-Release number of selected component: selinux-policy-3.13.1-128.16.fc22.noarch Additional info: reporter: libreport-2.6.2 hashmarkername: setroubleshoot kernel: 4.2.3-200.fc22.x86_64 type: libreport Description of problem: It happened when I tried to reproduce crash in sssd which was caught by abrt. Version-Release number of selected component: selinux-policy-3.13.1-152.fc23.noarch Additional info: reporter: libreport-2.6.3 hashmarkername: setroubleshoot kernel: 4.2.3-300.fc23.x86_64 type: libreport Description of problem: I was reporting a bug report regarding Evolution using abrt. Version-Release number of selected component: selinux-policy-3.13.1-152.fc23.noarch Additional info: reporter: libreport-2.6.2 hashmarkername: setroubleshoot kernel: 4.2.3-300.fc23.x86_64 type: libreport Description of problem: virt-manager or one of its child processes crashed. Version-Release number of selected component: selinux-policy-3.13.1-128.16.fc22.noarch Additional info: reporter: libreport-2.6.3 hashmarkername: setroubleshoot kernel: 4.2.3-200.fc22.x86_64 type: libreport Description of problem: One of the processes, most likely virt-manager, crashed. Version-Release number of selected component: selinux-policy-3.13.1-128.18.fc22.noarch Additional info: reporter: libreport-2.6.3 hashmarkername: setroubleshoot kernel: 4.2.3-200.fc22.x86_64 type: libreport Description of problem: This happened after another program crashed. There doesn't seem to be a file named "file". Version-Release number of selected component: selinux-policy-3.13.1-152.fc23.noarch Additional info: reporter: libreport-2.6.2 hashmarkername: setroubleshoot kernel: 4.2.5-300.fc23.x86_64 type: libreport Description of problem: Other app chrashed (nautilus) Version-Release number of selected component: selinux-policy-3.13.1-152.fc23.noarch Additional info: reporter: libreport-2.6.3 hashmarkername: setroubleshoot kernel: 4.2.3-300.fc23.x86_64 type: libreport Reopened since still see it with selinux-policy 3.13.1-128.18.fc22 Description of problem: I am getting this on production machine, it wasn't there before. Version-Release number of selected component: selinux-policy-3.13.1-128.18.fc22.noarch Additional info: reporter: libreport-2.6.3 hashmarkername: setroubleshoot kernel: 4.2.3-200.fc22.x86_64 type: libreport Description of problem: Trying to install 'dash to dock' extension for Gnome Shell (https://extensions.gnome.org/extension/307/dash-to-dock/), using native firefox gnome shell plugin. It was working fine on Fedora 20,21 and 22. Version-Release number of selected component: selinux-policy-3.13.1-152.fc23.noarch Additional info: reporter: libreport-2.6.3 hashmarkername: setroubleshoot kernel: 4.2.3-300.fc23.x86_64 type: libreport Description of problem: Opened English channel of Euronews in Totem, got crash and found this selinux warning in the logs. Version-Release number of selected component: selinux-policy-3.13.1-152.fc23.noarch Additional info: reporter: libreport-2.6.3 hashmarkername: setroubleshoot kernel: 4.2.3-300.fc23.x86_64 type: libreport Description of problem: i upgraded from 22 to 23 using dnf upgrade. now added the extensions for gnome. it happened. Version-Release number of selected component: selinux-policy-3.13.1-152.fc23.noarch Additional info: reporter: libreport-2.6.3 hashmarkername: setroubleshoot kernel: 4.2.3-300.fc23.x86_64 type: libreport Description of problem: Starting KillingFloor from Steam with Bumblebee (primusrun). Version-Release number of selected component: selinux-policy-3.13.1-128.18.fc22.noarch Additional info: reporter: libreport-2.6.3 hashmarkername: setroubleshoot kernel: 4.2.3-200.fc22.x86_64 type: libreport Description of problem: just after I log into gnome @Wayland. Version-Release number of selected component: selinux-policy-3.13.1-152.fc23.noarch Additional info: reporter: libreport-2.6.3 hashmarkername: setroubleshoot kernel: 4.2.3-300.fc23.x86_64 type: libreport Description of problem: I have updated my Fedora 22 system about maybe week ago and SELinux policies were updated too. From that time on, SELinux Alert Browser shows a warning about abrt-hook-ccpp about 5 times a day. Version-Release number of selected component: selinux-policy-3.13.1-128.18.fc22.noarch Additional info: reporter: libreport-2.6.3 hashmarkername: setroubleshoot kernel: 4.2.3-200.fc22.x86_64 type: libreport Description of problem: On fedora 22 (x86_64): 1) install mysql-workbench-community-6.3.5-1.fc22.x86_64 2) launch mysql-workbench go to: Database -> Connect to Database... 3) select for "Connection Method": Standard TCP/IP over SSH 4) give your ssh and mariadb account connection infos ex: (using a local kvm server) ssh host : 192.168.122.3:22 mysql hostname: 127.0.0.1 5) try to connect bug: selinux prevent mysql-workbench from working Version-Release number of selected component: selinux-policy-3.13.1-128.18.fc22.noarch Additional info: reporter: libreport-2.6.3 hashmarkername: setroubleshoot kernel: 4.2.3-200.fc22.x86_64 type: libreport Description of problem: I open the store app for the first time. I don't know whether this pop up is a good or a bad thing. Sorry if I bother you. Version-Release number of selected component: selinux-policy-3.13.1-152.fc23.noarch Additional info: reporter: libreport-2.6.3 hashmarkername: setroubleshoot kernel: 4.2.3-300.fc23.x86_64 type: libreport Description of problem: I think this occured after flash (and possibly some other plugins) crashed in firefox Version-Release number of selected component: selinux-policy-3.13.1-128.13.fc22.noarch Additional info: reporter: libreport-2.6.3 hashmarkername: setroubleshoot kernel: 4.2.3-200.fc22.x86_64 type: libreport Description of problem: I opened the Sublime Text 3 editor and this immediately fired. Version-Release number of selected component: selinux-policy-3.13.1-128.18.fc22.noarch Additional info: reporter: libreport-2.6.3 hashmarkername: setroubleshoot kernel: 4.2.3-200.fc22.x86_64 type: libreport 92 e-mails in CCed -> Urgent. Description of problem: I opened Nautilus and this immediately fired. Version-Release number of selected component: selinux-policy-3.13.1-152.fc23.noarch Additional info: reporter: libreport-2.6.3 hashmarkername: setroubleshoot kernel: 4.2.3-300.fc23.x86_64 type: libreport Description of problem: Got that alert before Problem Report application notification displays. The SE Troubleshooter is unhelpful to fix that error. Version-Release number of selected component: selinux-policy-3.13.1-152.fc23.noarch Additional info: reporter: libreport-2.6.3 hashmarkername: setroubleshoot kernel: 4.2.5-300.fc23.x86_64 type: libreport Description of problem: this error is new now i dont know if is because there is a new fedora version already (fedora 23 mate) and i must to upgrade to that version. and i dont know if is a threat or something but i don't know what to do when selinux ask me to do one or other option... i just deleted that warning but it still appearing over and over again. Version-Release number of selected component: selinux-policy-3.13.1-128.18.fc22.noarch Additional info: reporter: libreport-2.6.3 hashmarkername: setroubleshoot kernel: 4.2.3-200.fc22.x86_64 type: libreport Description of problem: SELinux reports this problem multiple times a day. Version-Release number of selected component: selinux-policy-3.13.1-152.fc23.noarch Additional info: reporter: libreport-2.6.3 hashmarkername: setroubleshoot kernel: 4.2.5-300.fc23.x86_64 type: libreport Description of problem: Opened GNOME Software to view pending updates. Version-Release number of selected component: selinux-policy-3.13.1-152.fc23.noarch Additional info: reporter: libreport-2.6.3 hashmarkername: setroubleshoot kernel: 4.2.3-300.fc23.x86_64 type: libreport Description of problem: This error was detected after supend laptop up again. Version-Release number of selected component: selinux-policy-3.13.1-128.19.fc22.noarch Additional info: reporter: libreport-2.6.3 hashmarkername: setroubleshoot kernel: 4.2.5-201.fc22.x86_64 type: libreport Description of problem: Just switched (ALT+TAB) from a gnome-terminal window (which was running vim) to a google chrome window. Version-Release number of selected component: selinux-policy-3.13.1-152.fc23.noarch Additional info: reporter: libreport-2.6.3 hashmarkername: setroubleshoot kernel: 4.2.5-300.fc23.x86_64 type: libreport Description of problem: No idea. The alert appeared just after a reboot and starting a gnome session. Version-Release number of selected component: selinux-policy-3.13.1-128.18.fc22.noarch Additional info: reporter: libreport-2.6.3 hashmarkername: setroubleshoot kernel: 4.2.5-201.fc22.x86_64 type: libreport Description of problem: This alert appears at every boot time. Version-Release number of selected component: selinux-policy-3.13.1-128.18.fc22.noarch Additional info: reporter: libreport-2.6.3 hashmarkername: setroubleshoot kernel: 4.2.5-201.fc22.x86_64 type: libreport Description of problem: I was renaming a directory on the Home tree structure. When I hit return, the alert fired and the window closed. It did rename the directory though. Additional info: reporter: libreport-2.6.3 hashmarkername: setroubleshoot kernel: 4.2.5-300.fc23.x86_64 type: libreport Description of problem: Absolutely no clue what this is about. Has setroubleshoot gone bonkers? Version-Release number of selected component: selinux-policy-3.13.1-152.fc23.noarch Additional info: reporter: libreport-2.6.3 hashmarkername: setroubleshoot kernel: 4.2.3-300.fc23.x86_64 type: libreport I think ABRT is detecting somewhat different issues as duplicates of this bug. Here's mine (to provide context for my "bonkers" statement; this output is unsanitized and it literally says "file file"): SELinux is preventing abrt-hook-ccpp from getattr access on the file file. ***** Plugin catchall_labels (83.8 confidence) suggests ******************* If you want to allow abrt-hook-ccpp to have getattr access on the file file Then you need to change the label on file Do # semanage fcontext -a -t FILE_TYPE 'file' where FILE_TYPE is one of the following: NetworkManager_log_t, NetworkManager_tmp_t, abrt_dump_oops_exec_t, abrt_etc_t, abrt_helper_exec_t, abrt_tmp_t, abrt_upload_watch_tmp_t, abrt_var_cache_t, abrt_var_lib_t, abrt_var_log_t, abrt_var_run_t, acct_data_t, admin_crontab_tmp_t, admin_home_t, afs_logfile_t, aide_log_t, alsa_tmp_t, amanda_log_t, amanda_tmp_t, anon_inodefs_t, antivirus_log_t, antivirus_tmp_t, apcupsd_log_t, apcupsd_tmp_t, apmd_log_t, apmd_tmp_t, arpwatch_tmp_t, asterisk_log_t, asterisk_tmp_t, auditadm_sudo_tmp_t, auth_cache_t, automount_tmp_t, awstats_tmp_t, bacula_log_t, bacula_tmp_t, bin_t, bitlbee_log_t, bitlbee_tmp_t, blueman_tmp_t, bluetooth_helper_tmp_t, bluetooth_helper_tmpfs_t, bluetooth_tmp_t, boinc_log_t, boinc_project_tmp_t, boinc_tmp_t, boot_t, bootloader_tmp_t, bugzilla_tmp_t, calamaris_log_t, callweaver_log_t, canna_log_t, cardmgr_dev_t, ccs_tmp_t, ccs_var_lib_t, ccs_var_log_t, cdcc_tmp_t, certmaster_var_log_t, cfengine_log_t, cgred_log_t, checkpc_log_t, chrome_sandbox_tmp_t, chronyd_var_log_t, cinder_api_tmp_t, cinder_backup_tmp_t, cinder_log_t, cinder_scheduler_tmp_t, cinder_volume_tmp_t, cloud_init_tmp_t, cloud_log_t, cluster_tmp_t, cluster_var_log_t, cobbler_tmp_t, cobbler_var_log_t, cockpit_tmp_t, collectd_script_tmp_t, colord_tmp_t, comsat_tmp_t, condor_log_t, condor_master_tmp_t, condor_schedd_tmp_t, condor_startd_tmp_t, conman_log_t, conman_tmp_t, consolekit_log_t, couchdb_log_t, couchdb_tmp_t, cpu_online_t, crack_tmp_t, cron_log_t, crond_tmp_t, crontab_tmp_t, ctdbd_log_t, ctdbd_tmp_t, cups_pdf_tmp_t, cupsd_log_t, cupsd_lpd_tmp_t, cupsd_tmp_t, cvs_tmp_t, cyphesis_log_t, cyphesis_tmp_t, cyrus_tmp_t, dbadm_sudo_tmp_t, dbskkd_tmp_t, dcc_client_tmp_t, dcc_dbclean_tmp_t, dccd_tmp_t, dccifd_tmp_t, dccm_tmp_t, ddclient_log_t, ddclient_tmp_t, debugfs_t, deltacloudd_log_t, deltacloudd_tmp_t, denyhosts_var_log_t, devicekit_tmp_t, devicekit_var_log_t, dhcpc_tmp_t, dhcpd_tmp_t, dirsrv_snmp_var_log_t, dirsrv_tmp_t, dirsrv_var_log_t, dirsrvadmin_tmp_t, disk_munin_plugin_tmp_t, dkim_milter_tmp_t, dlm_controld_var_log_t, dnsmasq_var_log_t, dnssec_trigger_tmp_t, dovecot_auth_tmp_t, dovecot_deliver_tmp_t, dovecot_tmp_t, dovecot_var_log_t, drbd_tmp_t, dspam_log_t, etc_runtime_t, etc_t, evtchnd_var_log_t, exim_log_t, exim_tmp_t, fail2ban_log_t, fail2ban_tmp_t, faillog_t, fenced_tmp_t, fenced_var_log_t, fetchmail_log_t, fingerd_log_t, firewalld_tmp_t, firewalld_var_log_t, firewallgui_tmp_t, foghorn_var_log_t, fonts_cache_t, fonts_t, fsadm_log_t, fsadm_tmp_t, fsdaemon_tmp_t, ftpd_tmp_t, ftpdctl_tmp_t, games_tmp_t, games_tmpfs_t, gconf_tmp_t, gear_log_t, geoclue_tmp_t, getty_log_t, getty_tmp_t, gfs_controld_var_log_t, git_script_tmp_t, gkeyringd_tmp_t, glance_log_t, glance_registry_tmp_t, glance_tmp_t, glusterd_log_t, glusterd_tmp_t, gpg_agent_tmp_t, gpg_pinentry_tmp_t, gpg_pinentry_tmpfs_t, gpm_tmp_t, groupd_var_log_t, gssd_tmp_t, haproxy_var_log_t, hsqldb_tmp_t, httpd_log_t, httpd_php_tmp_t, httpd_suexec_tmp_t, httpd_tmp_t, icecast_log_t, inetd_child_tmp_t, inetd_log_t, inetd_tmp_t, init_tmp_t, init_var_lib_t, initrc_tmp_t, initrc_var_log_t, innd_log_t, ipsec_log_t, ipsec_tmp_t, iptables_tmp_t, iscsi_log_t, iscsi_tmp_t, iwhd_log_t, jetty_log_t, jetty_tmp_t, jockey_var_log_t, kadmind_log_t, kadmind_tmp_t, kdumpctl_tmp_t, kdumpgui_tmp_t, keystone_log_t, keystone_tmp_t, kismet_log_t, kismet_tmp_t, kismet_tmpfs_t, klogd_tmp_t, krb5_host_rcache_t, krb5kdc_log_t, krb5kdc_tmp_t, ksmtuned_log_t, ktalkd_log_t, ktalkd_tmp_t, l2tpd_tmp_t, lastlog_t, ld_so_cache_t, ld_so_t, ldconfig_tmp_t, lib_t, livecd_tmp_t, locale_t, logrotate_mail_tmp_t, logrotate_tmp_t, logwatch_mail_tmp_t, logwatch_tmp_t, lpd_tmp_t, lpr_tmp_t, lsassd_tmp_t, lsmd_plugin_tmp_t, lvm_tmp_t, machineid_t, mail_munin_plugin_tmp_t, mailman_cgi_tmp_t, mailman_log_t, mailman_mail_tmp_t, mailman_queue_tmp_t, man_cache_t, man_t, mandb_cache_t, mcelog_log_t, mdadm_log_t, mdadm_tmp_t, mediawiki_tmp_t, minidlna_log_t, mirrormanager_log_t, mock_tmp_t, mojomojo_tmp_t, mongod_log_t, mongod_tmp_t, motion_log_t, mount_tmp_t, mozilla_plugin_tmp_t, mozilla_plugin_tmpfs_t, mozilla_tmp_t, mozilla_tmpfs_t, mpd_log_t, mpd_tmp_t, mplayer_tmpfs_t, mrtg_log_t, mscan_tmp_t, munin_log_t, munin_script_tmp_t, munin_tmp_t, mysqld_log_t, mysqld_tmp_t, mythtv_var_log_t, naemon_log_t, nagios_eventhandler_plugin_tmp_t, nagios_log_t, nagios_openshift_plugin_tmp_t, nagios_system_plugin_tmp_t, nagios_tmp_t, named_log_t, named_tmp_t, netutils_tmp_t, neutron_log_t, neutron_tmp_t, nova_log_t, nova_tmp_t, nscd_log_t, ntop_tmp_t, ntpd_log_t, ntpd_tmp_t, numad_var_log_t, nut_upsd_tmp_t, nut_upsdrvctl_tmp_t, nut_upsmon_tmp_t, nx_server_tmp_t, openshift_cgroup_read_tmp_t, openshift_cron_tmp_t, openshift_initrc_tmp_t, openshift_log_t, openshift_tmp_t, opensm_log_t, openvpn_status_t, openvpn_tmp_t, openvpn_var_log_t, openvswitch_log_t, openvswitch_tmp_t, openwsman_log_t, openwsman_tmp_t, osad_log_t, pam_timestamp_tmp_t, passenger_log_t, passenger_tmp_t, passwd_file_t, pcp_log_t, pcp_tmp_t, pegasus_openlmi_storage_tmp_t, pegasus_tmp_t, piranha_log_t, piranha_web_tmp_t, pkcs_slotd_tmp_t, pki_ra_log_t, pki_tomcat_log_t, pki_tomcat_tmp_t, pki_tps_log_t, plymouthd_var_log_t, podsleuth_tmp_t, podsleuth_tmpfs_t, policykit_tmp_t, polipo_log_t, portmap_tmp_t, postfix_bounce_tmp_t, postfix_cleanup_tmp_t, postfix_local_tmp_t, postfix_map_tmp_t, postfix_pickup_tmp_t, postfix_pipe_tmp_t, postfix_postdrop_t, postfix_qmgr_tmp_t, postfix_smtp_tmp_t, postfix_smtpd_tmp_t, postfix_virtual_tmp_t, postgresql_log_t, postgresql_tmp_t, pppd_log_t, pppd_tmp_t, pptp_log_t, prelink_exec_t, prelink_log_t, prelink_tmp_t, prelude_lml_tmp_t, prelude_log_t, privoxy_log_t, proc_t, procmail_log_t, procmail_tmp_t, prosody_log_t, prosody_tmp_t, psad_tmp_t, psad_var_log_t, pulseaudio_tmpfs_t, puppet_log_t, puppet_tmp_t, puppetmaster_tmp_t, pyicqt_log_t, qdiskd_var_log_t, qpidd_tmp_t, rabbitmq_var_log_t, racoon_tmp_t, radiusd_log_t, realmd_tmp_t, redis_log_t, rhev_agentd_log_t, rhev_agentd_tmp_t, rhsmcertd_log_t, rhsmcertd_tmp_t, ricci_modcluster_var_log_t, ricci_tmp_t, ricci_var_log_t, rkhunter_var_lib_t, rlogind_tmp_t, rolekit_tmp_t, rpcbind_tmp_t, rpm_log_t, rpm_script_tmp_t, rpm_tmp_t, rsync_log_t, rsync_tmp_t, rtas_errd_log_t, rtas_errd_tmp_t, samba_log_t, samba_net_tmp_t, sanlock_log_t, sblim_tmp_t, secadm_sudo_tmp_t, sectool_tmp_t, sectool_var_log_t, selinux_munin_plugin_tmp_t, semanage_tmp_t, sendmail_log_t, sendmail_tmp_t, sensord_log_t, services_munin_plugin_tmp_t, session_dbusd_tmp_t, setroubleshoot_var_log_t, sge_tmp_t, shell_exec_t, shorewall_log_t, shorewall_tmp_t, slapd_log_t, slapd_tmp_t, slpd_log_t, smbd_tmp_t, smoltclient_tmp_t, smsd_log_t, smsd_tmp_t, snapperd_log_t, snmpd_log_t, snort_log_t, snort_tmp_t, sosreport_tmp_t, soundd_tmp_t, spamc_tmp_t, spamd_log_t, spamd_tmp_t, speech-dispatcher_log_t, speech-dispatcher_tmp_t, squid_log_t, squid_tmp_t, squirrelmail_spool_t, src_t, ssh_agent_tmp_t, ssh_keygen_tmp_t, ssh_tmpfs_t, sssd_var_log_t, staff_sudo_tmp_t, stapserver_log_t, stapserver_tmp_t, stunnel_tmp_t, svirt_tmp_t, svnserve_tmp_t, swat_tmp_t, swift_tmp_t, sysadm_passwd_tmp_t, sysadm_sudo_tmp_t, syslogd_tmp_t, syslogd_var_run_t, sysstat_log_t, system_conf_t, system_cronjob_tmp_t, system_db_t, system_dbusd_tmp_t, system_mail_tmp_t, system_munin_plugin_tmp_t, tcpd_tmp_t, telepathy_gabble_tmp_t, telepathy_idle_tmp_t, telepathy_logger_tmp_t, telepathy_mission_control_tmp_t, telepathy_msn_tmp_t, telepathy_salut_tmp_t, telepathy_sofiasip_tmp_t, telepathy_stream_engine_tmp_t, telepathy_sunshine_tmp_t, telnetd_tmp_t, tetex_data_t, textrel_shlib_t, tgtd_tmp_t, thin_aeolus_configserver_log_t, thin_log_t, thumb_tmp_t, tmp_t, tomcat_log_t, tomcat_tmp_t, tor_var_log_t, tuned_log_t, tuned_tmp_t, tvtime_tmp_t, tvtime_tmpfs_t, udev_tmp_t, ulogd_var_log_t, uml_tmp_t, uml_tmpfs_t, unconfined_munin_plugin_tmp_t, update_modules_tmp_t, user_cron_spool_t, user_fonts_t, user_home_t, user_mail_tmp_t, user_tmp_t, usr_t, uucpd_log_t, uucpd_tmp_t, var_log_t, var_spool_t, varnishd_tmp_t, varnishlog_log_t, vdagent_log_t, virt_log_t, virt_qemu_ga_log_t, virt_qemu_ga_tmp_t, virt_tmp_t, vmtools_tmp_t, vmware_host_tmp_t, vmware_log_t, vmware_tmp_t, vmware_tmpfs_t, vpnc_tmp_t, w3c_validator_tmp_t, watchdog_log_t, webadm_tmp_t, webalizer_tmp_t, winbind_log_t, wireshark_tmp_t, wireshark_tmpfs_t, wtmp_t, xauth_tmp_t, xdm_log_t, xend_tmp_t, xend_var_log_t, xenstored_tmp_t, xenstored_var_log_t, xferlog_t, xserver_log_t, xserver_tmpfs_t, ypbind_tmp_t, ypserv_tmp_t, zabbix_log_t, zabbix_tmp_t, zarafa_deliver_log_t, zarafa_deliver_tmp_t, zarafa_gateway_log_t, zarafa_ical_log_t, zarafa_indexer_log_t, zarafa_indexer_tmp_t, zarafa_monitor_log_t, zarafa_server_log_t, zarafa_server_tmp_t, zarafa_spooler_log_t, zarafa_var_lib_t, zebra_log_t, zebra_tmp_t, zoneminder_log_t. Then execute: restorecon -v 'file' ***** Plugin catchall (17.1 confidence) suggests ************************** If you believe that abrt-hook-ccpp should be allowed getattr access on the file file by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # grep abrt-hook-ccpp /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context system_u:system_r:abrt_dump_oops_t:s0 Target Context system_u:object_r:unlabeled_t:s0 Target Objects file [ file ] Source abrt-hook-ccpp Source Path abrt-hook-ccpp Port <Unknown> Host rg Source RPM Packages Target RPM Packages Policy RPM selinux-policy-3.13.1-152.fc23.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name rg Platform Linux rg 4.2.3-300.fc23.x86_64 #1 SMP Mon Oct 5 15:42:54 UTC 2015 x86_64 x86_64 Alert Count 5 First Seen 2015-10-17 22:19:15 CDT Last Seen 2015-11-07 21:15:21 CST Local ID 226f9154-07f9-4670-bdc0-26348cb71e33 Raw Audit Messages type=AVC msg=audit(1446952521.520:740): avc: denied { getattr } for pid=30764 comm="abrt-hook-ccpp" path="ipc:[4026531839]" dev="nsfs" ino=4026531839 scontext=system_u:system_r:abrt_dump_oops_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=file permissive=0 Hash: abrt-hook-ccpp,abrt_dump_oops_t,unlabeled_t,file,getattr I think the issue is that ABRT is trying to do stuff when thing crash, but SElinux says NO. mcatanzaro: yeah, as Wilf says, I think the issue here is SELinux denying abrt's attempt to analyze a crash. Description of problem: $ sudo emacs -nw /etc/yum.repo.d/docker.repo --> boom! Version-Release number of selected component: selinux-policy-3.13.1-153.fc23.noarch Additional info: reporter: libreport-2.6.3 hashmarkername: setroubleshoot kernel: 4.2.5-300.fc23.x86_64 type: libreport *** This bug has been marked as a duplicate of bug 1276931 *** selinux-policy-3.13.1-128.17.fc22 has been submitted as an update to Fedora 22. https://bodhi.fedoraproject.org/updates/FEDORA-2015-f396e330d9 selinux-policy-3.13.1-128.20.fc22 has been submitted as an update to Fedora 22. https://bodhi.fedoraproject.org/updates/FEDORA-2015-f396e330d9 selinux-policy-3.13.1-128.20.fc22 has been pushed to the Fedora 22 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with $ su -c 'dnf --enablerepo=updates-testing update selinux-policy' You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2015-f396e330d9 Description of problem: Fresh log in Version-Release number of selected component: selinux-policy-3.13.1-153.fc23.noarch Additional info: reporter: libreport-2.6.3 hashmarkername: setroubleshoot kernel: 4.2.5-300.fc23.x86_64 type: libreport Description of problem: I am really not sure how this happened. 1. I did a fresh install of fedora 22 64 bit on an Asus Laptop with a brand new SSD drive 2. While connected through wired network I performed a full update (dnf update) 3. I installed tweak tool 4. I installed Fedy 5. Reboot system 6. Wired network onnection works for a few minutes then drops. Must use Wifi to connect even though I have correct IP address. Cannot ping any device locally or otherwise while on Wired. Check SELINUX to see this error (which as a newbie I have no idea what it means) Version-Release number of selected component: selinux-policy-3.13.1-128.18.fc22.noarch Additional info: reporter: libreport-2.6.3 hashmarkername: setroubleshoot kernel: 4.2.5-201.fc22.x86_64 type: libreport Description of problem: Sorry, I'm not sure. Version-Release number of selected component: selinux-policy-3.13.1-152.fc23.noarch Additional info: reporter: libreport-2.6.3 hashmarkername: setroubleshoot kernel: 4.2.5-300.fc23.x86_64 type: libreport Description of problem: Right click in Atom (not packaged in Fedora), in a GNOME Wayland session. Version-Release number of selected component: selinux-policy-3.13.1-152.fc23.noarch Additional info: reporter: libreport-2.6.3 hashmarkername: setroubleshoot kernel: 4.2.5-300.fc23.x86_64 type: libreport Description of problem: not sure, I've just logged a Gnome session Version-Release number of selected component: selinux-policy-3.13.1-128.18.fc22.noarch Additional info: reporter: libreport-2.6.3 hashmarkername: setroubleshoot kernel: 4.4.0-0.rc0.git7.2.fc24.x86_64 type: libreport Description of problem: Started "Database browser" and clicked on the button <<Data sources...>>, Then "Database access control center" opened up and when clicking <<New>>, the application crashed. Version-Release number of selected component: selinux-policy-3.13.1-128.18.fc22.noarch Additional info: reporter: libreport-2.6.3 hashmarkername: setroubleshoot kernel: 4.2.5-201.fc22.x86_64 type: libreport Description of problem: I was tagging music in MusicBrainz Picard, which is adding metadata tags to my music in /home/user/Music/. Version-Release number of selected component: selinux-policy-3.13.1-128.19.fc22.noarch Additional info: reporter: libreport-2.6.3 hashmarkername: setroubleshoot kernel: 4.2.5-201.fc22.x86_64 type: libreport Description of problem: This error occurrs sometimes when logging in (KDE). Version-Release number of selected component: selinux-policy-3.13.1-128.18.fc22.noarch Additional info: reporter: libreport-2.6.3 hashmarkername: setroubleshoot kernel: 4.2.5-201.fc22.x86_64 type: libreport Description of problem: This error occurrs sometimes when switching back and forth between qemu vitrual machine and other applications. Version-Release number of selected component: selinux-policy-3.13.1-128.18.fc22.noarch Fix: dnf --enablerepo=updates-testing update selinux-policy selinux-policy-3.13.1-128.20.fc22.noarch seems to have fixed the problem for me. SELinux is preventing abrt-hook-ccpp from using the sigchld access on a process. ***** Plugin catchall (100. confidence) suggests ************************** If you believe that abrt-hook-ccpp should be allowed sigchld access on processes labeled kernel_t by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # grep abrt-hook-ccpp /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context system_u:system_r:fprintd_t:s0 Target Context system_u:system_r:kernel_t:s0 Target Objects Unknown [ process ] Source abrt-hook-ccpp Source Path abrt-hook-ccpp Port <Unknown> Host localhost.localdomain Source RPM Packages Target RPM Packages Policy RPM selinux-policy-3.13.1-128.16.fc22.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name localhost.localdomain Platform Linux localhost.localdomain 4.1.7-200.fc22.x86_64 #1 SMP Mon Sep 14 20:19:24 UTC 2015 x86_64 x86_64 Alert Count 3 First Seen 2015-08-24 12:11:35 EDT Last Seen 2015-10-27 09:13:59 EDT Local ID e709e911-5cd4-4f64-bd3e-01010c182961 Raw Audit Messages type=AVC msg=audit(1445951639.513:4427): avc: denied { sigchld } for pid=10639 comm="abrt-hook-ccpp" scontext=system_u:system_r:fprintd_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=0 Hash: abrt-hook-ccpp,fprintd_t,kernel_t,process,sigchld Description of problem: Hello everybody! I send this report, but I don't know about this mistake. Apologize for my poor english. Thanks. Version-Release number of selected component: selinux-policy-3.13.1-128.18.fc22.noarch Additional info: reporter: libreport-2.6.3 hashmarkername: setroubleshoot kernel: 4.2.5-201.fc22.x86_64 type: libreport selinux-policy-3.13.1-128.21.fc22 has been submitted as an update to Fedora 22. https://bodhi.fedoraproject.org/updates/FEDORA-2015-1bbd3df966 Description of problem: Error ocuurs on Plasma autostart. Version-Release number of selected component: selinux-policy-3.13.1-128.18.fc22.noarch Additional info: reporter: libreport-2.6.3 hashmarkername: setroubleshoot kernel: 4.2.6-200.fc22.x86_64 type: libreport selinux-policy-3.13.1-128.21.fc22 has been pushed to the Fedora 22 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with $ su -c 'dnf --enablerepo=updates-testing update selinux-policy' You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2015-1bbd3df966 Description of problem: This bug has occured while I try to update the Fedora OS. Version-Release number of selected component: selinux-policy-3.13.1-128.18.fc22.noarch Additional info: reporter: libreport-2.6.3 hashmarkername: setroubleshoot kernel: 4.0.4-301.fc22.x86_64 type: libreport Description of problem: my network is slow down and stopped Version-Release number of selected component: selinux-policy-3.13.1-128.18.fc22.noarch Additional info: reporter: libreport-2.6.3 hashmarkername: setroubleshoot kernel: 4.2.6-200.fc22.x86_64 type: libreport Description of problem: opened users and groups app under mate(as sudo) Version-Release number of selected component: selinux-policy-3.13.1-128.18.fc22.noarch Additional info: reporter: libreport-2.6.3 hashmarkername: setroubleshoot kernel: 4.2.6-200.fc22.x86_64 type: libreport SELinux denial when closing any Firefox page with flash content. This has only started happening regularly recently after a recent update. SELinux is preventing /usr/libexec/abrt-hook-ccpp from using the sigchld access on a process. Additional Information: Source Context system_u:system_r:xdm_t:s0-s0:c0.c1023 Target Context system_u:system_r:kernel_t:s0 Target Objects Unknown [ process ] Source abrt-hook-ccpp Source Path /usr/libexec/abrt-hook-ccpp Port <Unknown> Host linux986.cbm.com Source RPM Packages abrt-addon-coredump-helper-2.6.1-5.fc22.x86_64 Target RPM Packages Policy RPM selinux-policy-3.13.1-128.16.fc22.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name linux986.cbm.com Platform Linux linux986.cbm.com 4.2.3-200.fc22.x86_64 #1 SMP Thu Oct 8 03:23:55 UTC 2015 x86_64 x86_64 Alert Count 212 First Seen 2015-07-27 22:48:38 EDT Last Seen 2015-10-30 20:33:42 EDT Local ID 3aa6a74e-543f-49a9-8385-f36d0a99839a Raw Audit Messages type=AVC msg=audit(1446251622.579:488): avc: denied { sigchld } for pid=2099 comm="abrt-hook-ccpp" scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=0 type=SYSCALL msg=audit(1446251622.579:488): arch=x86_64 syscall=wait4 success=no exit=EACCES a0=7fe a1=7ffefdfdc73c a2=0 a3=0 items=0 ppid=201 pid=2099 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=abrt-hook-ccpp exe=/usr/libexec/abrt-hook-ccpp subj=system_u:system_r:kernel_t:s0 key=(null) Hash: abrt-hook-ccpp,xdm_t,kernel_t,process,sigchld libselinux-python3-2.3-10.fc22.x86_64 libselinux-2.3-10.fc22.i686 selinux-policy-doc-3.13.1-128.18.fc22.noarch selinux-policy-3.13.1-128.18.fc22.noarch libselinux-2.3-10.fc22.x86_64 libselinux-utils-2.3-10.fc22.x86_64 selinux-policy-devel-3.13.1-128.18.fc22.noarch libselinux-python-2.3-10.fc22.x86_64 rpm-plugin-selinux-4.12.0.1-13.fc22.x86_64 selinux-policy-targeted-3.13.1-128.18.fc22.noarch 4.2.6-200.fc22.x86_64 VERSION="22 (Twenty Two)" Nov 23 21:40:25 linuxpc audit: <audit-1701> auid=1000 uid=1000 gid=1000 ses=1 subj=unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c0.c1023 pid=7133 comm="plugin-containe" exe="/usr/lib64/firefox/plugin-container" sig=11 Nov 23 21:40:25 linuxpc kernel: traps: plugin-containe[7133] general protection ip:7f1f87bfb79e sp:7ffd40452440 error:0 in libflashplayer.so[7f1f87639000+117a000] Nov 23 21:40:25 linuxpc abrt-hook-ccpp: Can't open /proc/sys/fs/suid_dumpable Nov 23 21:40:25 linuxpc abrt-hook-ccpp: Can't open process's CWD for CompatCore: Permission denied Nov 23 21:40:28 linuxpc audit: <audit-1400> avc: denied { open } for pid=7180 comm="abrt-hook-ccpp" path="/usr/lib64/firefox/plugin-container" dev="dm-1" ino=40286 scontext=system_u:system_r:abrt_dump_oops_t:s0 tcontext=system_u:object_r:mozilla_plugin_exec_t:s0 tclass=file permissive=0 Nov 23 21:40:28 linuxpc audit: <audit-1300> arch=c000003e syscall=2 success=no exit=-13 a0=557afbda5060 a1=0 a2=7ffd4ec5c880 a3=7aa items=0 ppid=6964 pid=7180 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="abrt-hook-ccpp" exe="/usr/libexec/abrt-hook-ccpp" subj=system_u:system_r:abrt_dump_oops_t:s0 key=(null) Nov 23 21:40:28 linuxpc audit: <audit-1327> proctitle=2F7573722F6C6962657865632F616272742D686F6F6B2D63637070003131003138343436373434303733373039353531363135003731333300313030300031303030003134343833333238323500706C7567696E2D636F6E7461696E6500373133330037313333 Nov 23 21:40:28 linuxpc org.fedoraproject.Setroubleshootd: 'list' object has no attribute 'split' Nov 23 21:40:28 linuxpc setroubleshoot: Plugin Exception restorecon_source Nov 23 21:40:28 linuxpc setroubleshoot: SELinux is preventing /usr/libexec/abrt-hook-ccpp from open access on the file /usr/lib64/firefox/plugin-container. For complete SELinux messages. run sealert -l 60e8134b-69a5-467e-8f32-fb02684026ec Nov 23 21:40:28 linuxpc python: SELinux is preventing /usr/libexec/abrt-hook-ccpp from open access on the file /usr/lib64/firefox/plugin-container.#012#012***** Plugin catchall (100. confidence) suggests **************************#012#012If you believe that abrt-hook-ccpp should be allowed open access on the plugin-container file by default.#012Then you should report this as a bug.#012You can generate a local policy module to allow this access.#012Do#012allow this access for now by executing:#012# grep abrt-hook-ccpp /var/log/audit/audit.log | audit2allow -M mypol#012# semodule -i mypol.pp#012 Nov 23 21:40:28 linuxpc abrt-hook-ccpp: Failed to create core_backtrace: dwfl_getthread_frames failed: Callback returned failure Nov 23 21:40:28 linuxpc abrt-server: Blacklisted package 'firefox' Nov 23 21:40:28 linuxpc abrt-server: 'post-create' on '/var/spool/abrt/ccpp-2015-11-23-21:40:25-7133' exited with 1 Nov 23 21:40:28 linuxpc abrt-server: Deleting problem directory '/var/spool/abrt/ccpp-2015-11-23-21:40:25-7133' Description of problem: Every time after starting virtual machine using command 'virsh start VIRT_NAME' Version-Release number of selected component: selinux-policy-3.13.1-128.16.fc22.noarch Additional info: reporter: libreport-2.6.2 hashmarkername: setroubleshoot kernel: 4.1.10-200.fc22.x86_64 type: libreport selinux-policy-3.13.1-128.21.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report. Description of problem: The fedora installer wont run Version-Release number of selected component: selinux-policy-3.13.1-152.fc23.noarch Additional info: reporter: libreport-2.6.3 hashmarkername: setroubleshoot kernel: 4.2.3-300.fc23.x86_64 type: libreport Description of problem: I just unlocked my xscreensaver, and saw the alert pop up. Fedora 23, XFCE. Version-Release number of selected component: selinux-policy-3.13.1-152.fc23.noarch Additional info: reporter: libreport-2.6.3 hashmarkername: setroubleshoot kernel: 4.2.6-301.fc23.x86_64+debug type: libreport Description of problem: On the very first SO load, while I was adding my acounts. Version-Release number of selected component: selinux-policy-3.13.1-152.fc23.noarch Additional info: reporter: libreport-2.6.3 hashmarkername: setroubleshoot kernel: 4.2.3-300.fc23.x86_64 type: libreport Description of problem: Aparece el error al intentar instalar Geany desde la aplicación software, tarda mucho tiempo intentando instalar para que al final arroje ese error y se trunque Additional info: reporter: libreport-2.6.3 hashmarkername: setroubleshoot kernel: 4.2.3-300.fc23.x86_64 type: libreport |