Description of problem:
SELinux is preventing (geoclue) from 'execute_no_trans' accesses on the file /usr/libexec/geoclue.
***** Plugin catchall (100. confidence) suggests **************************
If you believe that (geoclue) should be allowed execute_no_trans access on the geoclue file by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# ausearch -c '(geoclue)' --raw | audit2allow -M my-geoclue
# semodule -X 300 -i my-geoclue.pp
Additional Information:
Source Context system_u:system_r:init_t:s0
Target Context system_u:object_r:geoclue_exec_t:s0
Target Objects /usr/libexec/geoclue [ file ]
Source (geoclue)
Source Path (geoclue)
Port <Unknown>
Host (removed)
Source RPM Packages
Target RPM Packages geoclue2-2.4.10-1.fc29.x86_64
Policy RPM selinux-policy-3.14.2-16.fc29.noarch
Selinux Enabled True
Policy Type targeted
Enforcing Mode Enforcing
Host Name (removed)
Platform Linux (removed) 4.17.0-0.rc3.git2.1.fc29.x86_64 #1
SMP Wed May 2 16:56:55 UTC 2018 x86_64 x86_64
Alert Count 1
First Seen 2018-05-05 11:21:58 +05
Last Seen 2018-05-05 11:21:58 +05
Local ID 91fdc8db-4f7c-4fcd-abc6-728cb0776756
Raw Audit Messages
type=AVC msg=audit(1525501318.483:366): avc: denied { execute_no_trans } for pid=22696 comm="(geoclue)" path="/usr/libexec/geoclue" dev="sda1" ino=2102999 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:geoclue_exec_t:s0 tclass=file permissive=0
Hash: (geoclue),init_t,geoclue_exec_t,file,execute_no_trans
Version-Release number of selected component:
selinux-policy-3.14.2-16.fc29.noarch
Additional info:
component: selinux-policy
reporter: libreport-2.9.5
hashmarkername: setroubleshoot
kernel: 4.17.0-0.rc3.git2.1.fc29.x86_64
type: libreport
Comment 3Fedora Update System
2018-09-12 02:57:36 UTC
selinux-policy-3.14.2-34.fc29 has been pushed to the Fedora 29 stable repository. If problems still persist, please make note of it in this bug report.
Description of problem:
at the boot whithout doing anything I have this alert
Version-Release number of selected component:
selinux-policy-3.14.2-48.fc29.noarch
Additional info:
reporter: libreport-2.10.0
hashmarkername: setroubleshoot
kernel: 4.13.9-300.fc27.x86_64
type: libreport
Description of problem: SELinux is preventing (geoclue) from 'execute_no_trans' accesses on the file /usr/libexec/geoclue. ***** Plugin catchall (100. confidence) suggests ************************** If you believe that (geoclue) should be allowed execute_no_trans access on the geoclue file by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # ausearch -c '(geoclue)' --raw | audit2allow -M my-geoclue # semodule -X 300 -i my-geoclue.pp Additional Information: Source Context system_u:system_r:init_t:s0 Target Context system_u:object_r:geoclue_exec_t:s0 Target Objects /usr/libexec/geoclue [ file ] Source (geoclue) Source Path (geoclue) Port <Unknown> Host (removed) Source RPM Packages Target RPM Packages geoclue2-2.4.10-1.fc29.x86_64 Policy RPM selinux-policy-3.14.2-16.fc29.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 4.17.0-0.rc3.git2.1.fc29.x86_64 #1 SMP Wed May 2 16:56:55 UTC 2018 x86_64 x86_64 Alert Count 1 First Seen 2018-05-05 11:21:58 +05 Last Seen 2018-05-05 11:21:58 +05 Local ID 91fdc8db-4f7c-4fcd-abc6-728cb0776756 Raw Audit Messages type=AVC msg=audit(1525501318.483:366): avc: denied { execute_no_trans } for pid=22696 comm="(geoclue)" path="/usr/libexec/geoclue" dev="sda1" ino=2102999 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:geoclue_exec_t:s0 tclass=file permissive=0 Hash: (geoclue),init_t,geoclue_exec_t,file,execute_no_trans Version-Release number of selected component: selinux-policy-3.14.2-16.fc29.noarch Additional info: component: selinux-policy reporter: libreport-2.9.5 hashmarkername: setroubleshoot kernel: 4.17.0-0.rc3.git2.1.fc29.x86_64 type: libreport