Bug 1512242

Summary: SELinux is preventing geary from 'map' accesses on the fifo_file fifo_file.
Product: [Fedora] Fedora Reporter: Anass Ahmed <anass.1430>
Component: selinux-policyAssignee: Lukas Vrabec <lvrabec>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 27CC: dwalsh, lvrabec, mgrepl, plautrba, pmoore
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Unspecified   
Whiteboard: abrt_hash:2f276624a577dac52bbf9f930b10631586fe46b05ccf25ca0217664f8bf00aef;VARIANT_ID=workstation;
Fixed In Version: selinux-policy-3.13.1-283.16.fc27 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-11-20 16:56:03 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Anass Ahmed 2017-11-12 00:23:29 UTC 
Description of problem:
SELinux is preventing geary from 'map' accesses on the fifo_file fifo_file.

*****  Plugin catchall (100. confidence) suggests   **************************

If you believe that geary should be allowed map access on the fifo_file fifo_file by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# ausearch -c 'geary' --raw | audit2allow -M my-geary
# semodule -X 300 -i my-geary.pp

Additional Information:
Source Context                unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1
                              023
Target Context                unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1
                              023
Target Objects                fifo_file [ fifo_file ]
Source                        geary
Source Path                   geary
Port                          <Unknown>
Host                          (removed)
Source RPM Packages           
Target RPM Packages           
Policy RPM                    <Unknown>
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Enforcing
Host Name                     (removed)
Platform                      Linux (removed) 4.13.9-300.fc27.x86_64 #1 SMP Mon
                              Oct 23 13:41:58 UTC 2017 x86_64 x86_64
Alert Count                   8
First Seen                    2017-10-08 22:40:24 EET
Last Seen                     2017-11-12 02:22:38 EET
Local ID                      9e8beb3f-3238-40aa-91e6-1a43c5d82e3a

Raw Audit Messages
type=AVC msg=audit(1510446158.410:2218): avc:  denied  { map } for  pid=13003 comm="geary" path="pipe:[4823794]" dev="pipefs" ino=4823794 scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=fifo_file permissive=0


Hash: geary,unconfined_t,unconfined_t,fifo_file,map


Additional info:
component:      selinux-policy
reporter:       libreport-2.9.2
hashmarkername: setroubleshoot
kernel:         4.13.9-300.fc27.x86_64
type:           libreport
Comment 1 Fedora Update System 2017-11-16 15:11:22 UTC 
selinux-policy-3.13.1-283.16.fc27 has been submitted as an update to Fedora 27. https://bodhi.fedoraproject.org/updates/FEDORA-2017-5178e6a393
Comment 2 Fedora Update System 2017-11-17 18:55:47 UTC 
selinux-policy-3.13.1-283.16.fc27 has been pushed to the Fedora 27 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2017-5178e6a393
Comment 3 Fedora Update System 2017-11-20 16:56:03 UTC 
selinux-policy-3.13.1-283.16.fc27 has been pushed to the Fedora 27 stable repository. If problems still persist, please make note of it in this bug report.