| Summary: | SELinux is preventing dbus-daemon-lau from 'execute' accesses on the file fwupd. | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Alex <MyNameIsJIEXA> |
| Component: | selinux-policy | Assignee: | Lukas Vrabec <lvrabec> |
| Status: | CLOSED NOTABUG | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 25 | CC: | dominick.grift, dwalsh, jackneill1000+redhatbugzilla, lvrabec, mgrepl, nori, plautrba, pmoore, ssekidde |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | x86_64 | ||
| OS: | Unspecified | ||
| Whiteboard: | abrt_hash:c057ed39145d527f5b873a6b7187a1ba0538adb0228853ee67040cbbd1fc446a;VARIANT_ID=workstation; | ||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2016-11-28 23:34:45 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
Hi, Please use restorecon command to fix SELinux labels on your system: # restorecon -Rv / Thanks. |
Description of problem: SELinux is preventing dbus-daemon-lau from 'execute' accesses on the file fwupd. ***** Plugin catchall_labels (83.8 confidence) suggests ******************* If you want to allow dbus-daemon-lau to have execute access on the fwupd file Then необходимо изменить метку на fwupd Do # semanage fcontext -a -t FILE_TYPE 'fwupd' where FILE_TYPE is one of the following: NetworkManager_exec_t, NetworkManager_initrc_exec_t, abrt_exec_t, abrt_helper_exec_t, abrt_initrc_exec_t, accountsd_exec_t, acct_initrc_exec_t, afs_initrc_exec_t, aiccu_initrc_exec_t, ajaxterm_initrc_exec_t, amtu_initrc_exec_t, antivirus_initrc_exec_t, apcupsd_initrc_exec_t, apmd_initrc_exec_t, arpwatch_initrc_exec_t, asterisk_initrc_exec_t, auditd_initrc_exec_t, automount_initrc_exec_t, avahi_exec_t, avahi_initrc_exec_t, bacula_initrc_exec_t, bcfg2_initrc_exec_t, bin_t, bitlbee_initrc_exec_t, blkmapd_initrc_exec_t, blueman_exec_t, bluetooth_initrc_exec_t, boinc_initrc_exec_t, boot_t, callweaver_initrc_exec_t, canna_initrc_exec_t, ccs_initrc_exec_t, certmaster_initrc_exec_t, certmonger_initrc_exec_t, cfengine_initrc_exec_t, cgconfig_initrc_exec_t, cgred_initrc_exec_t, chronyd_initrc_exec_t, ciped_initrc_exec_t, cluster_initrc_exec_t, clvmd_initrc_exec_t, cmirrord_initrc_exec_t, cobblerd_initrc_exec_t, collectd_initrc_exec_t, colord_exec_t, condor_initrc_exec_t, consolekit_exec_t, couchdb_initrc_exec_t, cpufreqselector_exec_t, cpuplug_initrc_exec_t, crond_initrc_exec_t, ctdbd_initrc_exec_t, cupsd_config_exec_t, cupsd_initrc_exec_t, cvs_initrc_exec_t, cyphesis_initrc_exec_t, cyrus_initrc_exec_t, dbusd_exec_t, ddclient_initrc_exec_t, debuginfo_exec_t, denyhosts_initrc_exec_t, devicekit_disk_exec_t, devicekit_exec_t, devicekit_power_exec_t, dhcpc_exec_t, dhcpc_helper_exec_t, dhcpd_initrc_exec_t, dictd_initrc_exec_t, dlm_controld_initrc_exec_t, dnsmasq_initrc_exec_t, dovecot_initrc_exec_t, drbd_initrc_exec_t, dspam_initrc_exec_t, entropyd_initrc_exec_t, etc_runtime_t, etc_t, exim_initrc_exec_t, fail2ban_initrc_exec_t, fcoemon_initrc_exec_t, fetchmail_initrc_exec_t, firewalld_exec_t, firewalld_initrc_exec_t, firewallgui_exec_t, foghorn_initrc_exec_t, fprintd_exec_t, fsdaemon_initrc_exec_t, ftpd_initrc_exec_t, fwupd_exec_t, gconfd_exec_t, gconfdefaultsm_exec_t, gdomap_initrc_exec_t, geoclue_exec_t, glance_api_initrc_exec_t, glance_registry_initrc_exec_t, glance_scrubber_initrc_exec_t, glusterd_initrc_exec_t, gnomesystemmm_exec_t, gpm_initrc_exec_t, gpsd_initrc_exec_t, hddtemp_initrc_exec_t, httpd_initrc_exec_t, hypervkvp_initrc_exec_t, icecast_initrc_exec_t, initrc_exec_t, innd_initrc_exec_t, iodined_initrc_exec_t, ipsec_initrc_exec_t, iptables_initrc_exec_t, irqbalance_initrc_exec_t, isnsd_initrc_exec_t, iwhd_initrc_exec_t, jabberd_initrc_exec_t, jockey_exec_t, kdump_initrc_exec_t, kdumpgui_exec_t, kerberos_initrc_exec_t, keystone_initrc_exec_t, kismet_initrc_exec_t, ksmtuned_initrc_exec_t, l2tpd_initrc_exec_t, ld_so_t, lib_t, likewise_initrc_exec_t, lircd_initrc_exec_t, lldpad_initrc_exec_t, mcelog_initrc_exec_t, mdadm_initrc_exec_t, memcached_initrc_exec_t, minidlna_initrc_exec_t, minissdpd_initrc_exec_t, modemmanager_exec_t, mon_statd_initrc_exec_t, mongod_initrc_exec_t, mpd_initrc_exec_t, mrtg_initrc_exec_t, mscan_initrc_exec_t, munin_initrc_exec_t, mysqld_initrc_exec_t, mysqlmanagerd_initrc_exec_t, naemon_initrc_exec_t, nagios_initrc_exec_t, named_exec_t, named_initrc_exec_t, neutron_initrc_exec_t, nfsd_initrc_exec_t, nis_initrc_exec_t, nscd_initrc_exec_t, nslcd_initrc_exec_t, ntop_initrc_exec_t, ntpd_initrc_exec_t, openct_initrc_exec_t, openhpid_initrc_exec_t, openvpn_initrc_exec_t, oracleasm_initrc_exec_t, osad_initrc_exec_t, pads_initrc_exec_t, pcp_pmcd_initrc_exec_t, pcp_pmie_initrc_exec_t, pcp_pmlogger_initrc_exec_t, pcp_pmmgr_initrc_exec_t, pcp_pmproxy_initrc_exec_t, pcp_pmwebd_initrc_exec_t, pcscd_initrc_exec_t, pingd_initrc_exec_t, piranha_pulse_initrc_exec_t, pkcs_slotd_initrc_exec_t, pki_ra_script_exec_t, pki_tps_script_exec_t, policykit_auth_exec_t, policykit_exec_t, polipo_initrc_exec_t, portmap_initrc_exec_t, portreserve_initrc_exec_t, postfix_initrc_exec_t, postgresql_initrc_exec_t, postgrey_initrc_exec_t, pppd_exec_t, pppd_initrc_exec_t, prelink_exec_t, prelude_initrc_exec_t, privoxy_initrc_exec_t, psad_initrc_exec_t, pulseaudio_exec_t, puppetagent_initrc_exec_t, puppetmaster_initrc_exec_t, qpidd_initrc_exec_t, rabbitmq_initrc_exec_t, radiusd_initrc_exec_t, radvd_initrc_exec_t, realmd_exec_t, redis_initrc_exec_t, rhnsd_initrc_exec_t, rhsmcertd_exec_t, rhsmcertd_initrc_exec_t, ricci_initrc_exec_t, rngd_initrc_exec_t, roundup_initrc_exec_t, rpcbind_initrc_exec_t, rpcd_initrc_exec_t, rpm_exec_t, rtkit_daemon_exec_t, rtkit_daemon_initrc_exec_t, rwho_initrc_exec_t, samba_initrc_exec_t, sambagui_exec_t, sanlock_initrc_exec_t, saslauthd_initrc_exec_t, sblim_initrc_exec_t, sectoolm_exec_t, semanage_exec_t, sendmail_initrc_exec_t, sensord_initrc_exec_t, setrans_initrc_exec_t, setroubleshoot_fixit_exec_t, setroubleshootd_exec_t, shell_exec_t, shorewall_initrc_exec_t, slapd_initrc_exec_t, slpd_initrc_exec_t, smokeping_initrc_exec_t, smsd_initrc_exec_t, snapperd_exec_t, snmpd_initrc_exec_t, snort_initrc_exec_t, soundd_initrc_exec_t, spamd_initrc_exec_t, squid_initrc_exec_t, src_t, sshd_initrc_exec_t, sslh_initrc_exec_t, sssd_initrc_exec_t, svnserve_initrc_exec_t, syslogd_initrc_exec_t, sysstat_initrc_exec_t, system_conf_t, system_db_t, systemd_passwd_agent_exec_t, systemd_systemctl_exec_t, tcsd_initrc_exec_t, textrel_shlib_t, tgtd_initrc_exec_t, tor_initrc_exec_t, tuned_initrc_exec_t, ulogd_initrc_exec_t, usr_t, uucpd_initrc_exec_t, uuidd_initrc_exec_t, varnishd_initrc_exec_t, varnishlog_initrc_exec_t, vdagentd_initrc_exec_t, vhostmd_initrc_exec_t, virtd_initrc_exec_t, virtlogd_initrc_exec_t, vnstatd_initrc_exec_t, watchdog_initrc_exec_t, wdmd_initrc_exec_t, ypbind_initrc_exec_t, zabbix_agent_initrc_exec_t, zabbix_initrc_exec_t, zebra_initrc_exec_t, zoneminder_initrc_exec_t. Then execute: restorecon -v 'fwupd' ***** Plugin catchall (17.1 confidence) suggests ************************** If вы считаете, что dbus-daemon-lau следует разрешить доступ execute к fwupd file по умолчанию. Then рекомендуется создать отчет об ошибке. Чтобы разрешить доступ, можно создать локальный модуль политики. Do allow this access for now by executing: # ausearch -c 'dbus-daemon-lau' --raw | audit2allow -M my-dbusdaemonlau # semodule -X 300 -i my-dbusdaemonlau.pp Additional Information: Source Context system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 Target Context system_u:object_r:unlabeled_t:s0 Target Objects fwupd [ file ] Source dbus-daemon-lau Source Path dbus-daemon-lau Port <Unknown> Host (removed) Source RPM Packages Target RPM Packages Policy RPM selinux-policy-3.13.1-224.fc25.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 4.8.7-300.fc25.x86_64 #1 SMP Fri Nov 11 14:02:22 UTC 2016 x86_64 x86_64 Alert Count 3 First Seen 2016-11-29 02:02:55 MSK Last Seen 2016-11-29 02:06:56 MSK Local ID 176c4385-0487-4324-a044-33eab95053f6 Raw Audit Messages type=AVC msg=audit(1480374416.730:302): avc: denied { execute } for pid=3327 comm="dbus-daemon-lau" name="fwupd" dev="dm-0" ino=1707366 scontext=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:unlabeled_t:s0 tclass=file permissive=0 Hash: dbus-daemon-lau,system_dbusd_t,unlabeled_t,file,execute Version-Release number of selected component: selinux-policy-3.13.1-224.fc25.noarch Additional info: reporter: libreport-2.8.0 hashmarkername: setroubleshoot kernel: 4.8.7-300.fc25.x86_64 type: libreport Potential duplicate: bug 849306