Bug 637339
| Summary: | empathy 2.31.90-2 blocked by SELinux | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | John Watzke <watzkej> |
| Component: | empathy | Assignee: | Brian Pepple <bdpepple> |
| Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | medium | Docs Contact: | |
| Priority: | low | ||
| Version: | 14 | CC: | awilliam, bdpepple, domg444, dwalsh, jlaska |
| Target Milestone: | --- | Keywords: | CommonBugs |
| Target Release: | --- | ||
| Hardware: | x86_64 | ||
| OS: | Linux | ||
| Whiteboard: | https://fedoraproject.org/wiki/Common_F14_bugs#empathy_selinux | ||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2010-10-07 01:24:27 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | |||
| Bug Blocks: | 538277 | ||
BTW, I think the AVC audit message says MSN because I had tried the AIM client first. Additional message:
type=AVC msg=audit(1285377925.037:93): avc: denied { name_connect } for pid=6537 comm="telepathy-haze" dest=5050 scontext=unconfined_u:unconfined_r:telepathy_msn_t:s0-s0:c0.c1023 tcontext=system_u:object_r:mmcc_port_t:s0 tclass=tcp_socket
Was caused by:
Missing type enforcement (TE) allow rule.
You can use audit2allow to generate a loadable module to allow this access.
I commit the fix for connecting to tcp:5050. http://git.fedorahosted.org/git/?p=selinux-policy.git;a=commitdiff;h=e66aa74b4a5d36a49d1e35c7ee25a881e8ea0f3b The issue where haze wants to read /proc/1/exe is under investigation (appears to be a bug in libpurple according to the folks at #telepathy) Fixed in selinux-policy-3.9.5-6.fc14 This was discussed at the 2010-10-01 blocker review meeting. We accepted it as a blocker under the criterion "All applications listed under the Applications menu must withstand a basic functionality test and not crash after a few minutes of normal use. They must also have working Help and Help -> About menu items". Dan, the selinux-policy -7 update has passed critpath testing now, so can you please submit it to stable? Thanks! Dear Bug Reporter, This blocker bug has been marked as fixed. If possible could you verify that this problem is in fact fixed in the latest build? Your help in completing this task and adding a comment to this bug prior to the next Fedora 14 Alpha Blocker meeting on Friday, October 8, 2010, would be most appreciated. Thank you, John Ah yes, I forgot to come put a comment in here. It's fixed now. Thanks! |
Description of problem: Cannot connect to yahoo using empathy Version-Release number of selected component (if applicable): empathy-2.31.90-2.fc14.x86_64 How reproducible: Always Steps to Reproduce: 1. Start empathy 2. Try to connect to a Yahoo account (or probably any account) 3. Get connection error Actual results: Seems to be blocked by SELinux Expected results: Connect to yahoo Additional info: Here's some debug info thanks to fenris02: type=AVC msg=audit(1285377244.752:78): avc: denied { read } for pid=6314 comm="telepathy-haze" name="exe" dev=proc ino=8648 scontext=unconfined_u:unconfined_r:telepathy_msn_t:s0-s0:c0.c1023 tcontext=system_u:system_r:init_t:s0 tclass=lnk_file Was caused by: Missing type enforcement (TE) allow rule. You can use audit2allow to generate a loadable module to allow this access. =============== If I execute: "setenforce 0" I can connect.