Bug 2024489
Summary: | SELinux is preventing (o-bridge) from 'ioctl' accesses on the unix_stream_socket unix_stream_socket. | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Davide Repetto <red> |
Component: | selinux-policy | Assignee: | Zdenek Pytela <zpytela> |
Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 35 | CC: | cjashfor, dwalsh, grepl.miroslav, holger, jimtahu, justin, lvrabec, mikhail.v.gavrilov, mmalik, mst, nixuser, omosnace, pkoncity, Shurik, vikigoyal, vmojzis, zpytela |
Target Milestone: | --- | Keywords: | Triaged |
Target Release: | --- | ||
Hardware: | x86_64 | ||
OS: | Unspecified | ||
Whiteboard: | abrt_hash:cd8922fc870c981adeae7badada6c664f5eecc655f9d894ef69fc692a0c981f4;VARIANT_ID=matecompiz; | ||
Fixed In Version: | selinux-policy-35.10-1.fc35 | Doc Type: | If docs needed, set a value |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2022-01-19 02:11:26 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Davide Repetto
2021-11-18 06:57:12 UTC
Similar problem has been detected: This denial happened during a "dnf upgrde" thich tuched: corosync-3.1.6-1.fc35.x86_64 corosynclib-3.1.6-1.fc35.x86_64 google-chrome-beta-97.0.4692.20-1.x86_64 ibus-typing-booster-2.15.0-1.fc35.noarch java-1.8.0-openjdk-1:1.8.0.312.b07-2.fc35.x86_64 java-1.8.0-openjdk-headless-1:1.8.0.312.b07-2.fc35.x86_64 libqb-2.0.4-1.fc35.x86_64 libsmbclient-2:4.15.2-3.fc35.x86_64 libwbclient-2:4.15.2-3.fc35.x86_64 perl-HTTP-Tiny-0.080-1.fc35.noarch python-pip-wheel-21.2.3-4.fc35.noarch python3-pip-21.2.3-4.fc35.noarch python3-reportlab-3.6.2-2.fc35.x86_64 python3-samba-2:4.15.2-3.fc35.x86_64 samba-2:4.15.2-3.fc35.x86_64 samba-client-2:4.15.2-3.fc35.x86_64 samba-client-libs-2:4.15.2-3.fc35.x86_64 samba-common-2:4.15.2-3.fc35.noarch samba-common-libs-2:4.15.2-3.fc35.x86_64 samba-common-tools-2:4.15.2-3.fc35.x86_64 samba-dc-libs-2:4.15.2-3.fc35.x86_64 samba-libs-2:4.15.2-3.fc35.x86_64 samba-winbind-2:4.15.2-3.fc35.x86_64 samba-winbind-clients-2:4.15.2-3.fc35.x86_64 samba-winbind-modules-2:4.15.2-3.fc35.x86_64 swtpm-0.7.0-1.20211109gitb79fd91.fc35.x86_64 swtpm-libs-0.7.0-1.20211109gitb79fd91.fc35.x86_64 swtpm-tools-0.7.0-1.20211109gitb79fd91.fc35.x86_64 hashmarkername: setroubleshoot kernel: 5.14.17-301.fc35.x86_64 package: selinux-policy-targeted-35.5-1.fc35.noarch reason: SELinux is preventing (o-bridge) from 'ioctl' accesses on the unix_stream_socket unix_stream_socket. type: libreport I'm also seeing this on Rawhide (36). Similar problem has been detected: Gt this during this dnf upgrade: [davide@dave ~]$ dnf history info last ID transazione : 165 Ora inizio : lun 20 dic 2021, 15:27:03 rpmdb iniziale : 4699:cd5413e1521b873fad026ad62e510e5fd6b55a56 Ora termine : lun 20 dic 2021, 15:27:30 (27 secondi) rpmdb finale : 4699:c8d309c738778e5c8751e9959f3c3ce7d9d41959 Utente : Davide <davide> Codice di uscita : Completato Rilascio: 35 Linea di comando : -y upgrade Commento : Pacchetti modificati: Upgrade cmake-3.22.1-4.fc35.x86_64 @updates Upgraded cmake-3.22.1-1.fc35.x86_64 @@System Upgrade cmake-data-3.22.1-4.fc35.noarch @updates Upgraded cmake-data-3.22.1-1.fc35.noarch @@System Upgrade cmake-filesystem-3.22.1-4.fc35.x86_64 @updates Upgraded cmake-filesystem-3.22.1-1.fc35.x86_64 @@System Upgrade cmake-rpm-macros-3.22.1-4.fc35.noarch @updates Upgraded cmake-rpm-macros-3.22.1-1.fc35.noarch @@System Upgrade fwupd-1.7.3-1.fc35.x86_64 @updates Upgraded fwupd-1.7.2-1.fc35.x86_64 @@System Upgrade fwupd-plugin-flashrom-1.7.3-1.fc35.x86_64 @updates Upgraded fwupd-plugin-flashrom-1.7.2-1.fc35.x86_64 @@System Upgrade fwupd-plugin-modem-manager-1.7.3-1.fc35.x86_64 @updates Upgraded fwupd-plugin-modem-manager-1.7.2-1.fc35.x86_64 @@System Upgrade fwupd-plugin-uefi-capsule-data-1.7.3-1.fc35.x86_64 @updates Upgraded fwupd-plugin-uefi-capsule-data-1.7.2-1.fc35.x86_64 @@System Upgrade guestfs-tools-1.47.3-1.fc35.x86_64 @updates Upgraded guestfs-tools-1.47.2-2.fc35.x86_64 @@System Upgrade libvmaf-2.1.1-3.fc35.x86_64 @updates Upgraded libvmaf-2.1.1-2.fc35.x86_64 @@System Upgrade libxcrypt-4.4.27-1.fc35.i686 @updates Upgraded libxcrypt-4.4.26-4.fc35.i686 @@System Upgrade libxcrypt-4.4.27-1.fc35.x86_64 @updates Upgraded libxcrypt-4.4.26-4.fc35.x86_64 @@System Upgrade libxcrypt-compat-4.4.27-1.fc35.i686 @updates Upgraded libxcrypt-compat-4.4.26-4.fc35.i686 @@System Upgrade libxcrypt-compat-4.4.27-1.fc35.x86_64 @updates Upgraded libxcrypt-compat-4.4.26-4.fc35.x86_64 @@System Upgrade libxcrypt-devel-4.4.27-1.fc35.x86_64 @updates Upgraded libxcrypt-devel-4.4.26-4.fc35.x86_64 @@System Upgrade mesa-dri-drivers-21.3.2-1.fc35.i686 @updates Upgraded mesa-dri-drivers-21.3.1-2.fc35.i686 @@System Upgrade mesa-dri-drivers-21.3.2-1.fc35.x86_64 @updates Upgraded mesa-dri-drivers-21.3.1-2.fc35.x86_64 @@System Upgrade mesa-filesystem-21.3.2-1.fc35.i686 @updates Upgraded mesa-filesystem-21.3.1-2.fc35.i686 @@System Upgrade mesa-filesystem-21.3.2-1.fc35.x86_64 @updates Upgraded mesa-filesystem-21.3.1-2.fc35.x86_64 @@System Upgrade mesa-libEGL-21.3.2-1.fc35.i686 @updates Upgraded mesa-libEGL-21.3.1-2.fc35.i686 @@System Upgrade mesa-libEGL-21.3.2-1.fc35.x86_64 @updates Upgraded mesa-libEGL-21.3.1-2.fc35.x86_64 @@System Upgrade mesa-libGL-21.3.2-1.fc35.i686 @updates Upgraded mesa-libGL-21.3.1-2.fc35.i686 @@System Upgrade mesa-libGL-21.3.2-1.fc35.x86_64 @updates Upgraded mesa-libGL-21.3.1-2.fc35.x86_64 @@System Upgrade mesa-libOSMesa-21.3.2-1.fc35.i686 @updates Upgraded mesa-libOSMesa-21.3.1-2.fc35.i686 @@System Upgrade mesa-libOSMesa-21.3.2-1.fc35.x86_64 @updates Upgraded mesa-libOSMesa-21.3.1-2.fc35.x86_64 @@System Upgrade mesa-libOpenCL-21.3.2-1.fc35.i686 @updates Upgraded mesa-libOpenCL-21.3.1-2.fc35.i686 @@System Upgrade mesa-libOpenCL-21.3.2-1.fc35.x86_64 @updates Upgraded mesa-libOpenCL-21.3.1-2.fc35.x86_64 @@System Upgrade mesa-libgbm-21.3.2-1.fc35.i686 @updates Upgraded mesa-libgbm-21.3.1-2.fc35.i686 @@System Upgrade mesa-libgbm-21.3.2-1.fc35.x86_64 @updates Upgraded mesa-libgbm-21.3.1-2.fc35.x86_64 @@System Upgrade mesa-libglapi-21.3.2-1.fc35.i686 @updates Upgraded mesa-libglapi-21.3.1-2.fc35.i686 @@System Upgrade mesa-libglapi-21.3.2-1.fc35.x86_64 @updates Upgraded mesa-libglapi-21.3.1-2.fc35.x86_64 @@System Upgrade mesa-libxatracker-21.3.2-1.fc35.x86_64 @updates Upgraded mesa-libxatracker-21.3.1-2.fc35.x86_64 @@System Upgrade mesa-vdpau-drivers-21.3.2-1.fc35.x86_64 @updates Upgraded mesa-vdpau-drivers-21.3.1-2.fc35.x86_64 @@System Upgrade mesa-vulkan-drivers-21.3.2-1.fc35.i686 @updates Upgraded mesa-vulkan-drivers-21.3.1-2.fc35.i686 @@System Upgrade mesa-vulkan-drivers-21.3.2-1.fc35.x86_64 @updates Upgraded mesa-vulkan-drivers-21.3.1-2.fc35.x86_64 @@System Upgrade openvpn-2.5.5-2.fc35.x86_64 @updates Upgraded openvpn-2.5.4-1.fc35.x86_64 @@System Upgrade osinfo-db-20211216-1.fc35.noarch @updates Upgraded osinfo-db-20211013-1.fc35.noarch @@System Upgrade pdfarranger-1.8.1-1.fc35.noarch @updates Upgraded pdfarranger-1.7.1-3.fc35.noarch @@System Upgrade python3-pyatspi-2.38.2-1.fc35.noarch @updates Upgraded python3-pyatspi-2.38.1-3.fc35.noarch @@System Upgrade rb_libtorrent-2.0.5-1.fc35.x86_64 @updates Upgraded rb_libtorrent-2.0.4-5.fc35.x86_64 @@System hashmarkername: setroubleshoot kernel: 5.15.8-200.fc35.x86_64 package: selinux-policy-targeted-35.6-1.fc35.noarch reason: SELinux is preventing (o-bridge) from 'ioctl' accesses on the unix_stream_socket unix_stream_socket. type: libreport Similar problem has been detected: This appeared during a dnf update of the following: bluez-5.63-1.fc35.x86_64 bluez-cups-5.63-1.fc35.x86_64 bluez-libs-5.63-1.fc35.i686 bluez-libs-5.63-1.fc35.x86_64 bluez-obexd-5.63-1.fc35.x86_64 gegl04-0.4.34-1.fc35.x86_64 libwebp-1.2.1-3.fc35.i686 libwebp-1.2.1-3.fc35.x86_64 netpbm-10.97.00-1.fc35.x86_64 netpbm-progs-10.97.00-1.fc35.x86_64 python3-paramiko-2.9.1-1.fc35.noarch python3-requests-2.27.0-1.fc35.noarch python3-requests+socks-2.27.0-1.fc35.noarch python3-urllib3-1.26.7-2.fc35.noarch vivaldi-stable-5.0.2497.35-1.x86_64 hashmarkername: setroubleshoot kernel: 5.15.12-200.fc35.x86_64 package: selinux-policy-targeted-35.7-1.fc35.noarch reason: SELinux is preventing (o-bridge) from 'ioctl' accesses on the unix_stream_socket unix_stream_socket. type: libreport Similar problem has been detected: (after the dnf upgrade) This also appears after closing the mate session and loggin back in. hashmarkername: setroubleshoot kernel: 5.15.12-200.fc35.x86_64 package: selinux-policy-targeted-35.7-1.fc35.noarch reason: SELinux is preventing (o-bridge) from 'ioctl' accesses on the unix_stream_socket unix_stream_socket. type: libreport Similar problem has been detected: I am seeing this each time I run `sudo dnf upgrade` the past couple weeks. I am using permissive mode at the moment, so I have not noticed anything breaking. I was not able to find much about o-bridge online, and am therfor not sure what it is for/what might be different. hashmarkername: setroubleshoot kernel: 5.15.12-200.fc35.x86_64 package: selinux-policy-targeted-35.8-1.fc35.noarch reason: SELinux is preventing (o-bridge) from 'ioctl' accesses on the unix_stream_socket unix_stream_socket. type: libreport Similar problem has been detected: while doing these upgrades; #dnf upgrade Fedora 35 - x86_64 - Updates 48 kB/s | 15 kB 00:00 Fedora 35 - x86_64 - Updates 897 kB/s | 2.1 MB 00:02 Fedora Modular 35 - x86_64 - Updates 44 kB/s | 22 kB 00:00 Dependencies resolved. ================================================================================ Package Architecture Version Repository Size ================================================================================ Upgrading: gnome-desktop3 x86_64 41.3-1.fc35 updates 601 k gnome-shell x86_64 41.3-1.fc35 updates 1.6 M mutter x86_64 41.3-1.fc35 updates 2.3 M Transaction Summary ================================================================================ Upgrade 3 Packages Total download size: 4.5 M Is this ok [y/N]: y Downloading Packages: (1/3): gnome-desktop3-41.2-1.fc35_41.3-1.fc35.x 233 kB/s | 80 kB 00:00 (2/3): gnome-shell-41.2-1.fc35_41.3-1.fc35.x86_ 390 kB/s | 173 kB 00:00 (3/3): mutter-41.2-2.fc35_41.3-1.fc35.x86_64.dr 387 kB/s | 217 kB 00:00 [DRPM 1/3] gnome-desktop3-41.2-1.fc35_41.3-1.fc35.x86_64.drpm: done [DRPM 2/3] gnome-shell-41.2-1.fc35_41.3-1.fc35.x86_64.drpm: done [DRPM 3/3] mutter-41.2-2.fc35_41.3-1.fc35.x86_64.drpm: done -------------------------------------------------------------------------------- Total 71 kB/s | 470 kB 00:06 Delta RPMs reduced 4.5 MB of updates to 0.5 MB (89.9% saved) Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Upgrading : gnome-desktop3-41.3-1.fc35.x86_64 1/6 Upgrading : mutter-41.3-1.fc35.x86_64 2/6 Upgrading : gnome-shell-41.3-1.fc35.x86_64 3/6 Cleanup : gnome-shell-41.2-1.fc35.x86_64 4/6 Cleanup : mutter-41.2-2.fc35.x86_64 5/6 Cleanup : gnome-desktop3-41.2-1.fc35.x86_64 6/6 Running scriptlet: gnome-desktop3-41.2-1.fc35.x86_64 6/6 Verifying : gnome-desktop3-41.3-1.fc35.x86_64 1/6 Verifying : gnome-desktop3-41.2-1.fc35.x86_64 2/6 Verifying : gnome-shell-41.3-1.fc35.x86_64 3/6 Verifying : gnome-shell-41.2-1.fc35.x86_64 4/6 Verifying : mutter-41.3-1.fc35.x86_64 5/6 Verifying : mutter-41.2-2.fc35.x86_64 6/6 Upgraded: gnome-desktop3-41.3-1.fc35.x86_64 gnome-shell-41.3-1.fc35.x86_64 mutter-41.3-1.fc35.x86_64 Complete! hashmarkername: setroubleshoot kernel: 5.15.13-200.fc35.x86_64 package: selinux-policy-targeted-35.8-1.fc35.noarch reason: SELinux is preventing (o-bridge) from 'ioctl' accesses on the unix_stream_socket unix_stream_socket. type: libreport I've submitted a Fedora PR to address the issue: https://github.com/fedora-selinux/selinux-policy/pull/1000 Unfortunately I cannot reproduce it, so it may be incomplete. For further details on similar problems refer to https://github.com/fedora-selinux/selinux-policy/commit/6a6fff9f00a02723d3a9c58e892e12a527df8efa *** Bug 2024445 has been marked as a duplicate of this bug. *** *** Bug 2039987 has been marked as a duplicate of this bug. *** FEDORA-2022-41fa7610dd has been submitted as an update to Fedora 35. https://bodhi.fedoraproject.org/updates/FEDORA-2022-41fa7610dd FEDORA-2022-41fa7610dd has been pushed to the Fedora 35 stable repository. If problem still persists, please make note of it in this bug report. |