Bug 857628
Summary: | SELinux is preventing /usr/libexec/dovecot/auth from 'block_suspend' accesses on the capability2 . | ||||||||
---|---|---|---|---|---|---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Nicolas Mailhot <nicolas.mailhot> | ||||||
Component: | dovecot | Assignee: | Michal Hlavinka <mhlavink> | ||||||
Status: | CLOSED DUPLICATE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||||
Severity: | unspecified | Docs Contact: | |||||||
Priority: | unspecified | ||||||||
Version: | 19 | CC: | dominick.grift, dwalsh, eparis, janfrode, mgrepl, mhlavink | ||||||
Target Milestone: | --- | ||||||||
Target Release: | --- | ||||||||
Hardware: | x86_64 | ||||||||
OS: | Unspecified | ||||||||
Whiteboard: | abrt_hash:1ba5cd187697e97ef19b7e2cd4b9c8faa8e3e77d2976f23e5c70e4ae5bc69789 | ||||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||||
Doc Text: | Story Points: | --- | |||||||
Clone Of: | Environment: | ||||||||
Last Closed: | 2014-09-03 09:44:57 UTC | Type: | --- | ||||||
Regression: | --- | Mount Type: | --- | ||||||
Documentation: | --- | CRM: | |||||||
Verified Versions: | Category: | --- | |||||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||
Cloudforms Team: | --- | Target Upstream Version: | |||||||
Embargoed: | |||||||||
Attachments: |
|
Description
Nicolas Mailhot
2012-09-15 09:41:31 UTC
Created attachment 613225 [details]
File: type
Created attachment 613226 [details]
File: hashmarkername
Eric, Second call that I have seen to epoll_ctl that generates a block_suspend but the call is successful.success=yes even though the machine in enforcing mode. Could this be a bug in the kernel? Or is the syscall just taking a different path if this is blocked. Also in #857629 Code in question: /* Check if EPOLLWAKEUP is allowed */ if ((epds.events & EPOLLWAKEUP) && !capable(CAP_BLOCK_SUSPEND)) epds.events &= ~EPOLLWAKEUP; If an application is failing this capability check, it is because it explictly ask for EPOLLWAKEUP. The syscall won't fail, but we probably should check with each application you see these for an determine if they actually need it. This is not a particularly dangerous thing, from what I can see. Just means the app can use some more battery.... Ok dovecot maintainer, do you actually think dovecot needs to be able to block suspend? (In reply to comment #5) > Ok dovecot maintainer, do you actually think dovecot needs to be able to > block suspend? The answer is I don't know. I don't know when it is good idea to use it nor when it's a bad idea to use it. I searched for some documentation, but found nothing. Could you point me somewhere where I could get more information? Google failed me this time. I think the idea of this access is to stop the machine from suspending while the tool is executing. /* Allow preventing system suspends */ #define CAP_BLOCK_SUSPEND 36 It used to be called epollwakeup. When an epoll_event, that has the EPOLLWAKEUP flag set, is ready, a wakeup_source will be active to prevent suspend. This can be used to handle wakeup events from a driver that support poll, e.g. input, if that driver wakes up the waitqueue passed to epoll before allowing suspend. This bug appears to have been reported against 'rawhide' during the Fedora 19 development cycle. Changing version to '19'. (As we did not run this process for some time, it could affect also pre-Fedora 19 development cycle bugs. We are very sorry. It will help us with cleanup during Fedora 19 End Of Life. Thank you.) More information and reason for this action is here: https://fedoraproject.org/wiki/BugZappers/HouseKeeping/Fedora19 *** This bug has been marked as a duplicate of bug 1136575 *** |