Bug 1750288

Summary:	Blocking the D-Bus autostart of fwupd
Product:	[Fedora] Fedora	Reporter:	Richard Hughes <rhughes>
Component:	selinux-policy	Assignee:	Lukas Vrabec <lvrabec>
Status:	CLOSED ERRATA	QA Contact:	Fedora Extras Quality Assurance <extras-qa>
Severity:	unspecified	Docs Contact:
Priority:	unspecified
Version:	30	CC:	dwalsh, lvrabec, mgrepl, plautrba, zpytela
Target Milestone:	---
Target Release:	---
Hardware:	All
OS:	Linux
Whiteboard:
Fixed In Version:	selinux-policy-3.14.3-52.fc30	Doc Type:	If docs needed, set a value
Doc Text:		Story Points:	---
Clone Of:		Environment:
Last Closed:	2019-11-17 01:13:17 UTC	Type:	Bug
Regression:	---	Mount Type:	---
Documentation:	---	CRM:
Verified Versions:		Category:	---
oVirt Team:	---	RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---	Target Upstream Version:
Embargoed:

Description Richard Hughes 2019-09-09 08:49:46 UTC

Description of problem:

selinux blocks the D-Bus autostart of fwupd with:


time->Mon Sep  9 09:42:27 2019
type=AVC msg=audit(1568018547.182:368): avc:  denied  { mounton } for  pid=3436 comm="(fwupd)" path="/run/systemd/unit-root/var/cache/fwupd" dev="dm-0" ino=414287 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:fwupd_cache_t:s0 tclass=dir permissive=0

Version-Release number of selected component (if applicable):

selinux-policy-3.14.3-45.fc30.noarch
fwupd-1.3.1-0.516.20190909git.fc30.x86_64

How reproducible:

ALways, until selinux is turned off.

Steps to Reproduce:
1. Install the RC fwupd from https://copr.fedorainfracloud.org/coprs/rhughes/fwupd/
2. Reboot
3. `sudo systemctl status fwupd` shows `fwupd.service: Main process exited, code=exited, status=226/NAMESPACE`

Actual results:

All clients (including gnome-software, which is started by default in the session...) hanging for 30 seconds and then timing out with an error.

Expected results:

fwupd to start, as it does with `setenforce 0`

Additional info:

This might be a dupe of the closed https://bugzilla.redhat.com/show_bug.cgi?id=1429341

Comment 1 Lukas Vrabec 2019-09-09 11:42:00 UTC

commit f4e1dbba5f02e5dc20f52b2d2ad5b7f78cf5fc4a (HEAD -> rawhide)
Author: Lukas Vrabec <lvrabec>
Date:   Mon Sep 9 13:41:48 2019 +0200

    Allow systemd to mount fwupd_cache_t BZ(1750288)

Comment 2 Richard Hughes 2019-09-12 08:42:31 UTC

Cool, thanks. Is there a timescale of a build for F31/30 I can depend on? I want to make sure all the bits are in place before doing the fwupd upstream release. Thanks.

Comment 3 Fedora Update System 2019-10-04 13:36:21 UTC

FEDORA-2019-6bbf3d600d has been submitted as an update to Fedora 30. https://bodhi.fedoraproject.org/updates/FEDORA-2019-6bbf3d600d

Comment 4 Fedora Update System 2019-10-04 22:14:54 UTC

selinux-policy-3.14.3-48.fc30 has been pushed to the Fedora 30 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2019-6bbf3d600d

Comment 5 Fedora Update System 2019-10-10 07:49:07 UTC

FEDORA-2019-6bbf3d600d has been submitted as an update to Fedora 30. https://bodhi.fedoraproject.org/updates/FEDORA-2019-6bbf3d600d

Comment 6 Fedora Update System 2019-10-10 17:29:12 UTC

selinux-policy-3.14.3-49.fc30 has been pushed to the Fedora 30 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2019-6bbf3d600d

Comment 7 Fedora Update System 2019-10-23 07:00:30 UTC

FEDORA-2019-d68c9e27f8 has been submitted as an update to Fedora 30. https://bodhi.fedoraproject.org/updates/FEDORA-2019-d68c9e27f8

Comment 8 Fedora Update System 2019-10-25 19:34:05 UTC

selinux-policy-3.14.3-50.fc30 has been pushed to the Fedora 30 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2019-d68c9e27f8

Comment 9 Fedora Update System 2019-10-26 17:02:54 UTC

FEDORA-2019-f83217e2bf has been submitted as an update to Fedora 30. https://bodhi.fedoraproject.org/updates/FEDORA-2019-f83217e2bf

Comment 10 Fedora Update System 2019-10-27 03:54:51 UTC

selinux-policy-3.14.3-51.fc30 has been pushed to the Fedora 30 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2019-f83217e2bf

Comment 11 Fedora Update System 2019-11-03 14:10:54 UTC

FEDORA-2019-70d80ad4bc has been submitted as an update to Fedora 30. https://bodhi.fedoraproject.org/updates/FEDORA-2019-70d80ad4bc

Comment 12 Fedora Update System 2019-11-04 02:10:18 UTC

selinux-policy-3.14.3-52.fc30 has been pushed to the Fedora 30 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2019-70d80ad4bc

Comment 13 Fedora Update System 2019-11-17 01:13:17 UTC

selinux-policy-3.14.3-52.fc30 has been pushed to the Fedora 30 stable repository. If problems still persist, please make note of it in this bug report.