Bug 1393373

Summary: selinux causes certain gnome-disks operations to be 25 seconds delayed
Product: [Fedora] Fedora Reporter: Kamil Páral <kparal>
Component: selinux-policyAssignee: Lukas Vrabec <lvrabec>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 25CC: awilliam, dominick.grift, dwalsh, jbwillia, lvrabec, mgrepl, nb, plautrba, pmoore, robatino, sgallagh, ssekidde
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard: RejectedBlocker AcceptedFreezeException
Fixed In Version: selinux-policy-3.13.1-224.fc25 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-11-15 13:33:23 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1277290    

Description Kamil Páral 2016-11-09 12:22:22 UTC 
Description of problem:
When I try to create a new partitioning table in gnome-disks on a hard drive, nothing seems to happen at first. But after ~25 seconds, the change is applied. During that time I see this printed in the journal:

Nov 09 06:31:53 localhost-live audit[982]: USER_AVC pid=982 uid=81 auid=4294967295 ses=4294967295 subj=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 msg='avc:  denied  { send_msg } for msgtype=method_return dest=:1.35 spid=974 tpid=1509 scontext=system_u:system_r:systemd_logind_t:s0 tcontext=system_u:system_r:devicekit_t:s0 tclass=dbus
                                            exe="/usr/bin/dbus-daemon" sauid=81 hostname=? addr=? terminal=?'
Nov 09 06:32:18 localhost-live udisksd[1509]: Error inhibiting: Timeout was reached (g-io-error-quark, 24)
Nov 09 06:32:18 localhost-live kernel:  vdb:

When I boot with enforcing=0 (but I really have to boot with it, using "setenforce 0" didn't seem to fix the behavior for me), gnome-disks can format a disk without any delay, repeatedly. So this seems to be a selinux-related issue.

Version-Release number of selected component (if applicable):
Fedora-Workstation-Live-x86_64-25-1.1.iso
gnome-disk-utility-3.22.0-1.fc25.x86_64
selinux-policy-3.13.1-222.fc25.noarch
storaged-2.6.2-2.fc25.x86_64

How reproducible:
always

Steps to Reproduce:
1. add a clean disk to a VM
2. boot either Live or an installed system
3. run gnome-disks
4. try to format the clean disk with MBR or GPT, see that nothing happens at first, but it happens after 25 seconds
5. you can repeat this be swapping MBR and GPT
Comment 1 Kamil Páral 2016-11-09 12:24:50 UTC 
This seems to break basic application functionality:
"All applications that can be launched using the standard graphical mechanism of a release-blocking desktop after a default installation of that desktop must start successfully and withstand a basic functionality test. "
https://fedoraproject.org/wiki/Fedora_25_Final_Release_Criteria#Default_application_functionality

It does not break it completely, but it seems that nothing has happened, so you try several times in a row, and then gnome-disks gets very weird (stops performing any tasks, shows dbus timeout errors, etc).
Comment 2 Kamil Páral 2016-11-09 12:39:16 UTC 
It seems some of the actions are pending for a long time (perhaps indefinitely). This is what I see many minutes later:

$ poweroff
Operation inhibited by "Disk Manager" (PID 1389 "udisksd", user root), reason is "Formatting Device".
Please retry operation after closing inhibitors and logging out other users.
Alternatively, ignore inhibitors and users with 'systemctl poweroff -i'.
Comment 3 Kamil Páral 2016-11-09 14:07:39 UTC 
(A bit off topic, but a weird thing is that the AVC did not appear in setroubleshoot, nor any notification popped up. Is that expected, or a bug in setroubleshoot?)
Comment 4 Fedora Update System 2016-11-09 16:32:58 UTC 
selinux-policy-3.13.1-224.fc25 has been submitted as an update to Fedora 25. https://bodhi.fedoraproject.org/updates/FEDORA-2016-f29b746f2e
Comment 5 Stephen Gallagher 2016-11-09 17:04:41 UTC 
I'm -1 blocker, +1 FE on this one. It's ugly, but if it eventually completes it's not quite broken enough for me to block on it.
Comment 6 Dennis Gilmore 2016-11-09 17:06:02 UTC 
-1 blocker
+1 FE

while annoying it does not prevent it working, just delays things
Comment 7 Nick Bebout 2016-11-09 17:08:14 UTC 
-1 blocker, +1 FE
Comment 8 Adam Williamson 2016-11-09 17:10:47 UTC 
yeah, same for me. -1 / +1.

that's -4 / +4, so setting accepted FE.
Comment 9 Ben Williams 2016-11-09 17:12:16 UTC 
-1 blocker +1 FE
Comment 10 Kamil Páral 2016-11-10 09:46:41 UTC 
(In reply to Fedora Update System from comment #4)
> selinux-policy-3.13.1-224.fc25 has been submitted as an update to Fedora 25.
> https://bodhi.fedoraproject.org/updates/FEDORA-2016-f29b746f2e

Seems to fix this.
Comment 11 Fedora Update System 2016-11-10 19:26:25 UTC 
selinux-policy-3.13.1-224.fc25 has been pushed to the Fedora 25 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-f29b746f2e
Comment 12 Fedora Update System 2016-11-15 13:33:23 UTC 
selinux-policy-3.13.1-224.fc25 has been pushed to the Fedora 25 stable repository. If problems still persist, please make note of it in this bug report.