Bug 730163
Summary: | SELinux is preventing /usr/libexec/fprintd from 'getattr' accesses on the unix_stream_socket unix_stream_socket. | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Frantisek Hanzlik <franta> |
Component: | selinux-policy | Assignee: | Miroslav Grepl <mgrepl> |
Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | medium | Docs Contact: | |
Priority: | unspecified | ||
Version: | 15 | CC: | dominick.grift, dwalsh, mgrepl |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | i386 | ||
OS: | Linux | ||
Whiteboard: | setroubleshoot_trace_hash:8c981ded91232122dbbb18796b16fd718a4a2387eed46b35d450781e13e45e8c | ||
Fixed In Version: | selinux-policy-3.9.16-39.fc15 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2011-10-06 00:02:08 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Frantisek Hanzlik
2011-08-12 00:45:48 UTC
Any idea of what you were doing when this happened? This attempt is triggered always when I login into system (xfce DE), or when some command over sudo is entered. At roughly same time are logged similar events: Aug 12 02:41:21 (null) (null): audit(1313109681.838:162): avc: denied { read write } for pid=3621 comm=fprintd path="socket:[17652]" ino=17652 dev=sockfs scontext=system_u:system_r:fprintd_t:s0-s0:c0.c1023 tcontext=system_u:system_r:init_t:s0 tclass=unix_stream_socket Aug 12 02:41:51 (null) (null): audit(1313109711.959:173): avc: denied { write } for pid=3621 comm=fprintd path="socket:[17652]" ino=17652 dev=sockfs scontext=system_u:system_r:fprintd_t:s0-s0:c0.c1023 tcontext=system_u:system_r:init_t:s0 tclass=unix_stream_socket System is desktop PC without fingerprint sensor, thus there is no need for fprintd and uninstalling that package probably solve things. But on system with fingerprint reader it isn't acceptable solution. I dont audited these in F16. Fixed in F15. selinux-policy-3.9.16-39.fc15 has been submitted as an update for Fedora 15. https://admin.fedoraproject.org/updates/selinux-policy-3.9.16-39.fc15 Package selinux-policy-3.9.16-39.fc15: * should fix your issue, * was pushed to the Fedora 15 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing selinux-policy-3.9.16-39.fc15' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/selinux-policy-3.9.16-39.fc15 then log in and leave karma (feedback). selinux-policy-3.9.16-39.fc15 has been pushed to the Fedora 15 stable repository. If problems still persist, please make note of it in this bug report. |