Bug 1294107

Summary: SELinux is preventing ModemManager from 'read' accesses on the file /etc/passwd.
Product: [Fedora] Fedora Reporter: Frank Büttner <bugzilla>
Component: selinux-policyAssignee: Miroslav Grepl <mgrepl>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: low Docs Contact:
Priority: medium    
Version: 23CC: dgilbert, dominick.grift, dwalsh, konrad.paumann, lvrabec, mgrepl, plautrba, sargassi, stanislav.stipl, vlad
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Unspecified   
Whiteboard: abrt_hash:24bea2469ae8219f1fcc92eaadd640da74d3b1778e33976fbe66c1e7f7e66137;VARIANT_ID=workstation;
Fixed In Version: selinux-policy-3.13.1-158.7.fc23 selinux-policy-3.13.1-158.9.fc23 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-03-05 06:22:41 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Frank Büttner 2015-12-24 22:36:01 UTC 
Description of problem:
SELinux is preventing ModemManager from 'read' accesses on the file /etc/passwd.

*****  Plugin catchall (100. confidence) suggests   **************************

If sie denken, dass es ModemManager standardmässig erlaubt sein sollte, read Zugriff auf passwd file zu erhalten.
Then sie sollten dies als Fehler melden.
Um diesen Zugriff zu erlauben, können Sie ein lokales Richtlinien-Modul erstellen.
Do
zugriff jetzt erlauben, indem Sie die nachfolgenden Befehle ausführen:
# grep ModemManager /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp

Additional Information:
Source Context                system_u:system_r:modemmanager_t:s0
Target Context                system_u:object_r:passwd_file_t:s0
Target Objects                /etc/passwd [ file ]
Source                        ModemManager
Source Path                   ModemManager
Port                          <Unknown>
Host                          (removed)
Source RPM Packages           
Target RPM Packages           setup-2.9.8-2.fc23.noarch
Policy RPM                    selinux-policy-3.13.1-158.fc23.noarch
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Enforcing
Host Name                     (removed)
Platform                      Linux (removed) 4.2.8-300.fc23.x86_64 #1 SMP Tue
                              Dec 15 16:49:06 UTC 2015 x86_64 x86_64
Alert Count                   56
First Seen                    2015-12-01 20:36:19 CET
Last Seen                     2015-12-24 23:34:35 CET
Local ID                      5bfa4ec0-0064-4d37-9225-86c7c58a6d22

Raw Audit Messages
type=AVC msg=audit(1450996475.727:128): avc:  denied  { read } for  pid=1409 comm="mbim-proxy" name="passwd" dev="dm-1" ino=4327697 scontext=system_u:system_r:modemmanager_t:s0 tcontext=system_u:object_r:passwd_file_t:s0 tclass=file permissive=0


Hash: ModemManager,modemmanager_t,passwd_file_t,file,read

Version-Release number of selected component:
selinux-policy-3.13.1-158.fc23.noarch

Additional info:
reporter:       libreport-2.6.3
hashmarkername: setroubleshoot
kernel:         4.2.8-300.fc23.x86_64
type:           libreport
Comment 1 Dr. David Alan Gilbert 2016-01-13 12:43:41 UTC 
Description of problem:
I plugged in my phone to bring up adb/charge - when I plugged it in the se warnings appeared

Version-Release number of selected component:
selinux-policy-3.13.1-158.fc23.noarch

Additional info:
reporter:       libreport-2.6.3
hashmarkername: setroubleshoot
kernel:         4.3.3-300.fc23.x86_64
type:           libreport
Comment 2 Lukas Vrabec 2016-02-25 13:04:37 UTC 
commit 1136d4c013cd26287fb0efa45827957f856b6d3c
Author: Lukas Vrabec <lvrabec>
Date:   Thu Feb 25 13:37:20 2016 +0100

    Allow modemmanager to read /etc/passwd file.
Comment 3 Fedora Update System 2016-02-27 13:50:13 UTC 
selinux-policy-3.13.1-158.9.fc23 has been submitted as an update to Fedora 23. https://bodhi.fedoraproject.org/updates/FEDORA-2016-ffbae3a870
Comment 4 Fedora Update System 2016-02-28 13:54:06 UTC 
selinux-policy-3.13.1-158.9.fc23 has been pushed to the Fedora 23 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-ffbae3a870
Comment 5 Konrad Paumann 2016-02-29 06:40:57 UTC 
*** Bug 1312733 has been marked as a duplicate of this bug. ***
Comment 6 Stanislav Stipl 2016-02-29 17:24:45 UTC 
Description of problem:
SELinux problem ocurred after connecting Vodafone (Huawei) K5150 LTE USB modem

lsusb:
Bus 001 Device 005: ID 12d1:1f16 Huawei Technologies Co., Ltd. K5150 LTE modem (Mass Storage Mode)

dmesg:
[  955.200079] scsi 6:0:0:0: Direct-Access     Vodafone Storage(Huawei)  2.31 PQ: 0 ANSI: 2
[  955.202834] sd 6:0:0:0: Attached scsi generic sg1 type 0
[  955.277522] sd 6:0:0:0: [sdb] Attached SCSI removable disk

Version-Release number of selected component:
selinux-policy-3.13.1-158.7.fc23.noarch

Additional info:
reporter:       libreport-2.6.4
hashmarkername: setroubleshoot
kernel:         4.4.2-301.fc23.x86_64
type:           libreport
Comment 7 Fedora Update System 2016-03-05 06:21:48 UTC 
selinux-policy-3.13.1-158.9.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.