| Summary: | SELinux is preventing fprintd from using the 'wake_alarm' capabilities. | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Frank Büttner <bugzilla> |
| Component: | selinux-policy | Assignee: | Lukas Vrabec <lvrabec> |
| Status: | CLOSED EOL | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 23 | CC: | adrian.babista024, alexgnuant, alick9188, apeetham, codyjohnson144, dbmkcc, dford, diego.ml, dominick.grift, dwalsh, flokip, gauravkunwarweb, jamiller106, krzysztofbti, lam, long, lvrabec, mgrepl, mostafa.elnazer, noemi.calace, noobusinghacks, ole088, oscarcontreras, paul59584, peemhq, plautrba, pmoore, redhat, simon.parrer, ssekidde, tcosenza, tn |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | x86_64 | ||
| OS: | Unspecified | ||
| Whiteboard: | abrt_hash:f61a6e778063647f6d62ad36f8fb6cdff5e1b7eaafd6f792422b70f76e4ebe58;VARIANT_ID=workstation; | ||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2016-12-20 21:43:31 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
Description of problem: new installation of kernel Linux localhost.localdomain 4.8.8-100.fc23.x86_64 #1 SMP Tue Nov 15 18:51:53 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux warning upon login Version-Release number of selected component: selinux-policy-3.13.1-158.24.fc23.noarch Additional info: reporter: libreport-2.6.4 hashmarkername: setroubleshoot kernel: 4.8.8-100.fc23.x86_64 type: libreport Description of problem: Immediately after screen unlock. Version-Release number of selected component: selinux-policy-3.13.1-158.24.fc23.noarch Additional info: reporter: libreport-2.6.4 hashmarkername: setroubleshoot kernel: 4.8.8-100.fc23.x86_64 type: libreport Description of problem: Simply restarted the system with latest updates. This is new. Version-Release number of selected component: selinux-policy-3.13.1-158.24.fc23.noarch Additional info: reporter: libreport-2.6.4 hashmarkername: setroubleshoot kernel: 4.8.8-100.fc23.x86_64 type: libreport Easy fix: dnf remove fprintd Try as you might to break my F23 with last second updates, I will never upgrade! (Last time I said that, it took you 7 releases to fix my showstopper, so I guess see you in another 3 years, cheers!) Description of problem: These SELinux alerts started showing after upgrading to kernel 4.8.8-100.fc23.x86_64. They happen short after every reboot without any action from the user. Version-Release number of selected component: selinux-policy-3.13.1-158.24.fc23.noarch Additional info: reporter: libreport-2.6.4 hashmarkername: setroubleshoot kernel: 4.8.8-100.fc23.x86_64 type: libreport Description of problem: The alert pops up when I was trying to login back from screen locker with a failed password. Version-Release number of selected component: selinux-policy-3.13.1-158.24.fc23.noarch Additional info: reporter: libreport-2.6.4 hashmarkername: setroubleshoot kernel: 4.8.10-100.fc23.x86_64 type: libreport Think I'll also go with "dnf remove fprintd" since I do not use fingerprint devices. Description of problem: The only thing that has happened around all occurences of this error was unlocking of the desktop. Version-Release number of selected component: selinux-policy-3.13.1-158.24.fc23.noarch Additional info: reporter: libreport-2.6.4 hashmarkername: setroubleshoot kernel: 4.8.12-100.fc23.x86_64 type: libreport Description of problem: runnig sudoku savant Version-Release number of selected component: selinux-policy-3.13.1-158.24.fc23.noarch Additional info: reporter: libreport-2.6.4 hashmarkername: setroubleshoot kernel: 4.8.10-100.fc23.x86_64 type: libreport Fedora 23 changed to end-of-life (EOL) status on 2016-12-20. Fedora 23 is no longer maintained, which means that it will not receive any further security or bug fix updates. As a result we are closing this bug. If you can reproduce this bug against a currently maintained version of Fedora please feel free to reopen this bug against that version. If you are unable to reopen this bug, please file a new report against the current release. If you experience problems, please add a comment to this bug. Thank you for reporting this bug and we are sorry it could not be fixed. lol Description of problem: don't know trouble why it happen all ways of last month every day! I don't know what it's happen! Version-Release number of selected component: selinux-policy-3.13.1-158.24.fc23.noarch Additional info: reporter: libreport-2.6.4 hashmarkername: setroubleshoot kernel: 4.8.13-100.fc23.i686 type: libreport Description of problem: I really don't know what happened! Version-Release number of selected component: selinux-policy-3.13.1-158.24.fc23.noarch Additional info: reporter: libreport-2.6.4 hashmarkername: setroubleshoot kernel: 4.8.13-100.fc23.i686 type: libreport Description of problem: unknown Version-Release number of selected component: selinux-policy-3.13.1-158.24.fc23.noarch Additional info: reporter: libreport-2.6.4 hashmarkername: setroubleshoot kernel: 4.8.13-100.fc23.x86_64 type: libreport Description of problem: Opened Firefox with home page set to Spotify Version-Release number of selected component: selinux-policy-3.13.1-158.24.fc23.noarch Additional info: reporter: libreport-2.6.4 hashmarkername: setroubleshoot kernel: 4.8.13-100.fc23.x86_64 type: libreport |
Description of problem: unlock the login screen. SELinux is preventing fprintd from using the 'wake_alarm' capabilities. ***** Plugin catchall (100. confidence) suggests ************************** If sie denken, dass fprintd standardmäßig wake_alarm Berechtigung haben sollten. Then sie sollten dies als Fehler melden. Um diesen Zugriff zu erlauben, können Sie ein lokales Richtlinien-Modul erstellen. Do allow this access for now by executing: # ausearch -c 'fprintd' --raw | audit2allow -M my-fprintd # semodule -X 300 -i my-fprintd.pp Additional Information: Source Context system_u:system_r:fprintd_t:s0 Target Context system_u:system_r:fprintd_t:s0 Target Objects Unknown [ capability2 ] Source fprintd Source Path fprintd Port <Unknown> Host (removed) Source RPM Packages Target RPM Packages Policy RPM selinux-policy-3.13.1-158.24.fc23.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 4.8.8-100.fc23.x86_64 #1 SMP Tue Nov 15 18:51:53 UTC 2016 x86_64 x86_64 Alert Count 1 First Seen 2016-11-26 10:37:41 CET Last Seen 2016-11-26 10:37:41 CET Local ID 78f0e941-0984-4b79-ad8e-62a11d03db97 Raw Audit Messages type=AVC msg=audit(1480153061.991:267): avc: denied { wake_alarm } for pid=27454 comm="fprintd" capability=35 scontext=system_u:system_r:fprintd_t:s0 tcontext=system_u:system_r:fprintd_t:s0 tclass=capability2 permissive=0 Hash: fprintd,fprintd_t,fprintd_t,capability2,wake_alarm Version-Release number of selected component: selinux-policy-3.13.1-158.24.fc23.noarch Additional info: reporter: libreport-2.6.4 hashmarkername: setroubleshoot kernel: 4.8.8-100.fc23.x86_64 type: libreport Potential duplicate: bug 1361616