Bug 785629

Summary: SELinux is preventing /usr/libexec/fprintd from 'read' accesses on the None /etc/ld.so.cache.
Product: [Fedora] Fedora Reporter: bsfmig <bigslowfat>
Component: selinux-policyAssignee: Miroslav Grepl <mgrepl>
Status: CLOSED NOTABUG QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 16CC: dominick.grift, dwalsh, mgrepl, mikhail.v.gavrilov, valveur
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Unspecified   
Whiteboard: abrt_hash:5d57cbcd3094cc66104103f05d3a16ad92bce19c078d34533050d1c9cee181e7
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2012-01-30 10:53:59 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Attachments:
Description Flags
File: description
none
SELinux alert windows none

Description bsfmig 2012-01-30 04:42:53 UTC 
libreport version: 2.0.8
executable:     /usr/bin/python
hashmarkername: setroubleshoot
kernel:         3.2.2-1.fc16.x86_64
reason:         SELinux is preventing /usr/libexec/fprintd from 'read' accesses on the None /etc/ld.so.cache.
time:           2012年01月30日 星期一 12时42分27秒

description:    Binary file, 2717 bytes
Comment 1 bsfmig 2012-01-30 04:42:56 UTC 
Created attachment 558260 [details]
File: description
Comment 2 bsfmig 2012-01-30 04:45:00 UTC 
Also I see a lot of "SELinux is preventing someapp from 'read' accesses on the None /etc/ld.so.cache." errors.
Comment 3 Miroslav Grepl 2012-01-30 10:53:59 UTC 
file_t indicates that the file has no label. You will need to relabel all machine how sealert tells you.

--

If you think this is caused by a badly mislabeled machine.
Then you need to fully relabel.
Do
touch /.autorelabel; reboot

---
Comment 4 Miroslav Grepl 2012-01-30 12:11:12 UTC 
*** Bug 785554 has been marked as a duplicate of this bug. ***
Comment 5 Miroslav Grepl 2012-01-30 12:12:01 UTC 
*** Bug 785500 has been marked as a duplicate of this bug. ***
Comment 6 Miroslav Grepl 2012-01-30 12:12:22 UTC 
*** Bug 785499 has been marked as a duplicate of this bug. ***
Comment 7 Miroslav Grepl 2012-01-30 12:12:35 UTC 
*** Bug 785498 has been marked as a duplicate of this bug. ***
Comment 8 Mikhail 2012-02-06 01:45:42 UTC 
Why not a bug? I see SELinux alert windows after every boot.
Comment 9 Mikhail 2012-02-06 01:46:53 UTC 
Created attachment 559528 [details]
SELinux alert windows
Comment 10 Miroslav Grepl 2012-02-06 08:13:04 UTC 
So /tmp/.com.google.Chrome.vwMBIF/SingletonSocket is still labeled as user_home_dir_t?
Comment 11 Daniel Walsh 2012-02-06 16:34:48 UTC 
Mikhail, 

rm -rf /tmp/.com*
Then reboot and see if the AVC goes away.
Comment 12 Miroslav Grepl 2012-02-06 17:56:38 UTC 
This could work.
Comment 13 Mikhail 2012-02-07 18:49:53 UTC 
Thanks, But how these files appears in /tmp directory?
Comment 14 Daniel Walsh 2012-02-07 20:00:43 UTC 
If I was to guess, you were running in permissive mode or potentially mislabeled and google application created a direcory in a homedir and then that got mv'd to /tmp/