| Summary: | SELinux is preventing /usr/libexec/telepathy-gabble from using the 'fork' accesses on a process. | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | James Cape <jamescape777> |
| Component: | selinux-policy | Assignee: | Miroslav Grepl <mgrepl> |
| Status: | CLOSED CANTFIX | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | medium | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 15 | CC: | dwalsh, mgrepl |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | x86_64 | ||
| OS: | Linux | ||
| Whiteboard: | setroubleshoot_trace_hash:8360e7642d6924c243f4619c9fedc3d281409ae525547b7bc21a5fb99eb790c0 | ||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2011-04-25 13:28:01 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
Please log out an dback in and your telepathy apps will be running with the right context. This is just an update problem and we can not cleanly fix it. It will not happen in release. |
SELinux is preventing /usr/libexec/telepathy-gabble from using the 'fork' accesses on a process. ***** Plugin catchall (100. confidence) suggests *************************** If you believe that telepathy-gabble should be allowed fork access on processes labeled unlabeled_t by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # grep telepathy-gabbl /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context system_u:object_r:unlabeled_t:s0 Target Context system_u:object_r:unlabeled_t:s0 Target Objects Unknown [ process ] Source telepathy-gabbl Source Path /usr/libexec/telepathy-gabble Port <Unknown> Host (removed) Source RPM Packages telepathy-gabble-0.11.8-1.fc15 Target RPM Packages Policy RPM selinux-policy-3.9.16-15.fc15 Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 2.6.38.2-9.fc15.x86_64 #1 SMP Wed Mar 30 16:55:57 UTC 2011 x86_64 x86_64 Alert Count 1 First Seen Fri 22 Apr 2011 09:32:47 PM CDT Last Seen Fri 22 Apr 2011 09:32:47 PM CDT Local ID ba0dddf1-fb0f-4e83-a5a4-640012b09382 Raw Audit Messages type=AVC msg=audit(1303525967.645:174): avc: denied { fork } for pid=3078 comm="telepathy-gabbl" scontext=system_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=process type=SYSCALL msg=audit(1303525967.645:174): arch=x86_64 syscall=clone success=no exit=EACCES a0=3d0f00 a1=7fd99274ced0 a2=7fd99274d9d0 a3=7fd99274d9d0 items=0 ppid=1 pid=3078 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) ses=2 comm=telepathy-gabbl exe=/usr/libexec/telepathy-gabble subj=system_u:object_r:unlabeled_t:s0 key=(null) Hash: telepathy-gabbl,unlabeled_t,unlabeled_t,process,fork audit2allow #============= unlabeled_t ============== allow unlabeled_t self:process fork; audit2allow -R #============= unlabeled_t ============== allow unlabeled_t self:process fork;