Description of problem: SELinux is preventing /usr/libexec/nm-dispatcher.action from using the 'sigkill' accesses on a process. ***** Plugin catchall (100. confidence) suggests ************************** If jeśli nm-dispatcher.action powinno mieć domyślnie sigkill dostęp do procesów z etykietami initrc_t. Then proszę to zgłosić jako błąd. Można utworzyć lokalny moduł polityki, aby umożliwić ten dostęp. Do można tymczasowo zezwolić na ten dostęp wykonując polecenia: # grep nm-dispatcher.a /var/log/audit/audit.log | audit2allow -M mojapolityka # semodule -i mojapolityka.pp Additional Information: Source Context system_u:system_r:NetworkManager_t:s0 Target Context system_u:system_r:initrc_t:s0 Target Objects [ process ] Source nm-dispatcher.a Source Path /usr/libexec/nm-dispatcher.action Port <Unknown> Host (removed) Source RPM Packages NetworkManager-0.9.9.0-24.git20131003.fc20.x86_64 Target RPM Packages Policy RPM selinux-policy-3.12.1-116.fc20.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 3.12.7-300.fc20.x86_64 #1 SMP Fri Jan 10 15:35:31 UTC 2014 x86_64 x86_64 Alert Count 1 First Seen 2014-01-16 17:44:44 CET Last Seen 2014-01-16 17:44:44 CET Local ID d4da3c88-da01-45d8-81b6-14e5d00aef6e Raw Audit Messages type=AVC msg=audit(1389890684.826:359): avc: denied { sigkill } for pid=928 comm="nm-dispatcher.a" scontext=system_u:system_r:NetworkManager_t:s0 tcontext=system_u:system_r:initrc_t:s0 tclass=process type=SYSCALL msg=audit(1389890684.826:359): arch=x86_64 syscall=kill success=no exit=EACCES a0=715 a1=9 a2=7f23c37d7790 a3=4000 items=0 ppid=1 pid=928 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 ses=4294967295 tty=(none) comm=nm-dispatcher.a exe=/usr/libexec/nm-dispatcher.action subj=system_u:system_r:NetworkManager_t:s0 key=(null) Hash: nm-dispatcher.a,NetworkManager_t,initrc_t,process,sigkill Additional info: reporter: libreport-2.1.11 hashmarkername: setroubleshoot kernel: 3.12.7-300.fc20.x86_64 type: libreport
Description of problem: Fresh install from F20 Network install. Additional info: reporter: libreport-2.1.11 hashmarkername: setroubleshoot kernel: 3.12.7-300.fc20.i686+PAE type: libreport
bb3c90c354ff8ed92f5b6b65c036f67bcda0c23d and 1d67863a52262d5b56530ba36f34febaceb9fc31 fix this in git.
Description of problem: This happens upon connecting a PPTP VPN via kde-plasma-nm-pptp. This just started to happen after the update today to the following.... Jan 17 06:37:43 Updated: selinux-policy-3.12.1-116.fc20.noarch Jan 17 06:39:45 Updated: selinux-policy-targeted-3.12.1-116.fc20.noarch Jan 17 06:40:03 Updated: selinux-policy-devel-3.12.1-116.fc20.noarch Jan 17 06:40:05 Updated: selinux-policy-doc-3.12.1-116.fc20.noarch Additional info: reporter: libreport-2.1.11 hashmarkername: setroubleshoot kernel: 3.12.7-300.fc20.x86_64 type: libreport
Description of problem: I am not sure. I just use sudo yum update and then I saw nfs-utils.x86_64 1:1.2.8-6.0.fc20 was supposed to be removed but is not! Additional info: reporter: libreport-2.1.11 hashmarkername: setroubleshoot kernel: 3.12.7-300.fc20.x86_64 type: libreport
Description of problem: After every reboot I get this alert. Do not know why though. Additional info: reporter: libreport-2.1.11 hashmarkername: setroubleshoot kernel: 3.12.7-300.fc20.x86_64 type: libreport
Description of problem: It happens when OS is rebooted and since the last update, which I believe had a network-manager update involved. Additional info: reporter: libreport-2.1.11 hashmarkername: setroubleshoot kernel: 3.12.7-300.fc20.x86_64 type: libreport
A reboot isn't necessary for me to get this, losing/regaining WLAN connectivity triggers it here. Additional Information: Source Context system_u:system_r:NetworkManager_t:s0 Target Context system_u:system_r:initrc_t:s0 Target Objects [ process ] Source nm-dispatcher.a Source Path /usr/libexec/nm-dispatcher.action Port <Unknown> Host gaspode Source RPM Packages NetworkManager-0.9.9.0-24.git20131003.fc20.x86_64 Target RPM Packages Policy RPM selinux-policy-3.12.1-116.fc20.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name gaspode Platform Linux gaspode 3.12.7-300.fc20.x86_64 #1 SMP Fri Jan 10 15:35:31 UTC 2014 x86_64 x86_64 Alert Count 1 First Seen 2014-01-17 02:46:16 PST Last Seen 2014-01-17 02:46:16 PST Local ID 6f7ca30f-703f-443e-9f97-310f0c8c4939 Raw Audit Messages type=AVC msg=audit(1389955576.584:706): avc: denied { sigkill } for pid=13362 comm="nm-dispatcher.a" scontext=system_u:system_r:NetworkManager_t:s0 tcontext=system_u:system_r:initrc_t:s0 tclass=process type=SYSCALL msg=audit(1389955576.584:706): arch=x86_64 syscall=kill success=no exit=EACCES a0=343a a1=9 a2=7f871b515790 a3=4000 items=0 ppid=1 pid=13362 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 ses=4294967295 tty=(none) comm=nm-dispatcher.a exe=/usr/libexec/nm-dispatcher.action subj=system_u:system_r:NetworkManager_t:s0 key=(null) Hash: nm-dispatcher.a,NetworkManager_t,initrc_t,process,sigkill
Description of problem: I do nothing. This trouble was generate after start fedora linux. Additional info: reporter: libreport-2.1.11 hashmarkername: setroubleshoot kernel: 3.12.7-300.fc20.x86_64 type: libreport
Description of problem: the computer goes to sleep, and I have this message when I wake it up. Additional info: reporter: libreport-2.1.11 hashmarkername: setroubleshoot kernel: 3.12.7-300.fc20.x86_64 type: libreport
(In reply to Dimitris from comment #7) > A reboot isn't necessary for me to get this, losing/regaining WLAN > connectivity triggers it here. True. If I unplug and/or plug in ethernet it triggers it as well.
Description of problem: Getting the alert after every reboot. Can be reproduced by rebooting computer. Using an up-to-date install of Fedora 20, currently have installed selinux-policy.noarch 3.12.1-117.fc20 and selinux-policy-targeted.noarch 3.12.1-117.fc20, but first noticed the behaviour on selinux-policy.noarch 3.12.1-116.fc20 and selinux-policy-targeted.noarch 3.12.1-116.fc20. Full details from SETroubleshoot as follows: SELinux is preventing /usr/libexec/nm-dispatcher.action from using the sigkill access on a process. ***** Plugin catchall (100. confidence) suggests ************************** If you believe that nm-dispatcher.action should be allowed sigkill access on processes labeled initrc_t by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # grep nm-dispatcher.a /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context system_u:system_r:NetworkManager_t:s0 Target Context system_u:system_r:initrc_t:s0 Target Objects [ process ] Source nm-dispatcher.a Source Path /usr/libexec/nm-dispatcher.action Port <Unknown> Host (removed) Source RPM Packages NetworkManager-0.9.9.0-24.git20131003.fc20.x86_64 Target RPM Packages Policy RPM selinux-policy-3.12.1-117.fc20.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux fedora_linux_jim 3.12.7-300.fc20.x86_64 #1 SMP Fri Jan 10 15:35:31 UTC 2014 x86_64 x86_64 Alert Count 2 First Seen 2014-01-17 23:23:34 GMT Last Seen 2014-01-18 15:35:20 GMT Local ID 6947854b-7fe9-42cf-9ce8-594b3c70e593 Raw Audit Messages type=AVC msg=audit(1390059320.815:378): avc: denied { sigkill } for pid=1915 comm="nm-dispatcher.a" scontext=system_u:system_r:NetworkManager_t:s0 tcontext=system_u:system_r:initrc_t:s0 tclass=process type=SYSCALL msg=audit(1390059320.815:378): arch=x86_64 syscall=kill success=no exit=EACCES a0=78d a1=9 a2=7f22cf6af790 a3=4000 items=0 ppid=1 pid=1915 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 ses=4294967295 tty=(none) comm=nm-dispatcher.a exe=/usr/libexec/nm-dispatcher.action subj=system_u:system_r:NetworkManager_t:s0 key=(null) Hash: nm-dispatcher.a,NetworkManager_t,initrc_t,process,sigkill Additional info: reporter: libreport-2.1.11 hashmarkername: setroubleshoot kernel: 3.12.7-300.fc20.x86_64 type: libreport
Description of problem: It typicaly happens when I am torrenting. It also seems to happen any time I get disconnected, which is usually while I am torrenting. Additional info: reporter: libreport-2.1.11 hashmarkername: setroubleshoot kernel: 3.12.7-300.fc20.x86_64 type: libreport
Description of problem: The system was booting up, before this bug. Additional info: reporter: libreport-2.1.11 hashmarkername: setroubleshoot kernel: 3.12.6-300.fc20.x86_64 type: libreport
Description of problem: This occurred after logging in, after updating to NetworkManager-0.9.9.0-24.git20131003.fc20.x86_64 and selinux-policy-3.12.1-117.fc20.noarch Additional info: reporter: libreport-2.1.11 hashmarkername: setroubleshoot kernel: 3.12.6-300.fc20.x86_64 type: libreport
Description of problem: Ran Fedup and rebooted Laptop after upgrading to 3.12.7-300.fc20.x86_64 from 3.12.5-300.fc20.x86_64. Additional info: reporter: libreport-2.1.11 hashmarkername: setroubleshoot kernel: 3.12.7-300.fc20.x86_64 type: libreport
commit 45b2e2074d53b5ce09afd9ed03b3319e668a3197 Author: Dan Walsh <dwalsh> Date: Thu Jan 16 16:29:06 2014 -0500 Allow NetworkManager to signal and sigkill init scripts
Description of problem: after updating this error occours every time I boot my notebook and login Additional info: reporter: libreport-2.1.11 hashmarkername: setroubleshoot kernel: 3.12.7-300.fc20.x86_64 type: libreport
Description of problem: I just connected to my home wifi network, and got the SELinux alert. Additional info: reporter: libreport-2.1.11 hashmarkername: setroubleshoot kernel: 3.12.7-300.fc20.x86_64 type: libreport
Description of problem: I rebooted after an update, including selinux-policy, selinux-policy-targeted and selinux-policy-devel. Additional info: reporter: libreport-2.1.11 hashmarkername: setroubleshoot kernel: 3.12.7-300.fc20.i686+PAE type: libreport
Description of problem: yum update and then failed Running transaction check Running transaction test Transaction test succeeded Running transaction Updating : 32:bind-license-9.9.4-11.P2.fc20.noarch 1/18 Updating : 32:bind-libs-9.9.4-11.P2.fc20.x86_64 2/18 warning: %post(bind-libs-32:9.9.4-11.P2.fc20.x86_64) scriptlet failed, exit status 127 Non-fatal POSTIN scriptlet failure in rpm package 32:bind-libs-9.9.4-11.P2.fc20.x86_64 Updating : 32:bind-utils-9.9.4-11.P2.fc20.x86_64 3/18 Updating : 32:bind-libs-lite-9.9.4-11.P2.fc20.x86_64 4/18 warning: %post(bind-libs-lite-32:9.9.4-11.P2.fc20.x86_64) scriptlet failed, exit status 127 Non-fatal POSTIN scriptlet failure in rpm package 32:bind-libs-lite-9.9.4-11.P2.fc20.x86_64 error: %pre(tcpdump-14:4.5.1-1.fc20.x86_64) scriptlet failed, exit status 127 Error in PREIN scriptlet in rpm package 14:tcpdump-4.5.1-1.fc20.x86_64 error: tcpdump-14:4.5.1-1.fc20.x86_64: install failed error: %pre(initscripts-9.51-1.fc20.x86_64) scriptlet failed, exit status 127 Error in PREIN scriptlet in rpm package initscripts-9.51-1.fc20.x86_64 error: initscripts-9.51-1.fc20.x86_64: install failed error: %pre(selinux-policy-targeted-3.12.1-117.fc20.noarch) scriptlet failed, exit status 127 Error in PREIN scriptlet in rpm package selinux-policy-targeted-3.12.1-117.fc20.noarch error: selinux-policy-targeted-3.12.1-117.fc20.noarch: install failed error: %pre(nfs-utils-1:1.2.9-2.1.fc20.x86_64) scriptlet failed, exit status 127 Error in PREIN scriptlet in rpm package 1:nfs-utils-1.2.9-2.1.fc20.x86_64 Updating : libldb-1.1.16-4.fc20.x86_64 9/18 error: nfs-utils-1:1.2.9-2.1.fc20.x86_64: install failed warning: %post(libldb-1.1.16-4.fc20.x86_64) scriptlet failed, exit status 127 Non-fatal POSTIN scriptlet failure in rpm package libldb-1.1.16-4.fc20.x86_64 Cleanup : 32:bind-libs-lite-9.9.4-8.fc20.x86_64 10/18 error: selinux-policy-targeted-3.12.1-116.fc20.noarch: erase skipped warning: %postun(bind-libs-lite-32:9.9.4-8.fc20.x86_64) scriptlet failed, exit status 127 Non-fatal POSTUN scriptlet failure in rpm package 32:bind-libs-lite-9.9.4-8.fc20.x86_64 Cleanup : 32:bind-utils-9.9.4-8.fc20.x86_64 11/18 Cleanup : 32:bind-libs-9.9.4-8.fc20.x86_64 12/18 warning: %postun(bind-libs-32:9.9.4-8.fc20.x86_64) scriptlet failed, exit status 127 Non-fatal POSTUN scriptlet failure in rpm package 32:bind-libs-9.9.4-8.fc20.x86_64 Cleanup : 32:bind-license-9.9.4-8.fc20.noarch 13/18 Cleanup : libldb-1.1.16-3.fc20.x86_64 14/18 error: tcpdump-14:4.5.0-1.20131108gitb07944a.fc20.x86_64: erase skipped error: initscripts-9.50-1.fc20.x86_64: erase skipped error: nfs-utils-1:1.2.8-6.0.fc20.x86_64: erase skipped warning: %postun(libldb-1.1.16-3.fc20.x86_64) scriptlet failed, exit status 127 Non-fatal POSTUN scriptlet failure in rpm package libldb-1.1.16-3.fc20.x86_64 Verifying : libldb-1.1.16-4.fc20.x86_64 1/18 Verifying : 32:bind-license-9.9.4-11.P2.fc20.noarch 2/18 Verifying : 32:bind-utils-9.9.4-11.P2.fc20.x86_64 3/18 Verifying : 32:bind-libs-lite-9.9.4-11.P2.fc20.x86_64 4/18 Verifying : 32:bind-libs-9.9.4-11.P2.fc20.x86_64 5/18 Verifying : 32:bind-libs-9.9.4-8.fc20.x86_64 6/18 Verifying : 1:nfs-utils-1.2.9-2.1.fc20.x86_64 7/18 Verifying : selinux-policy-targeted-3.12.1-117.fc20.noarch 8/18 Verifying : 32:bind-utils-9.9.4-8.fc20.x86_64 9/18 Verifying : 32:bind-license-9.9.4-8.fc20.noarch 10/18 Verifying : libldb-1.1.16-3.fc20.x86_64 11/18 selinux-policy-targeted-3.12.1-116.fc20.noarch was supposed to be removed but is not! Verifying : selinux-policy-targeted-3.12.1-116.fc20.noarch 12/18 initscripts-9.50-1.fc20.x86_64 was supposed to be removed but is not! Verifying : initscripts-9.50-1.fc20.x86_64 13/18 Verifying : 32:bind-libs-lite-9.9.4-8.fc20.x86_64 14/18 Verifying : initscripts-9.51-1.fc20.x86_64 15/18 1:nfs-utils-1.2.8-6.0.fc20.x86_64 was supposed to be removed but is not! Verifying : 1:nfs-utils-1.2.8-6.0.fc20.x86_64 16/18 14:tcpdump-4.5.0-1.20131108gitb07944a.fc20.x86_64 was supposed to be removed but is not! Verifying : 14:tcpdump-4.5.0-1.20131108gitb07944a.fc20.x86_64 17/18 Verifying : 14:tcpdump-4.5.1-1.fc20.x86_64 18/18 Updated: bind-libs.x86_64 32:9.9.4-11.P2.fc20 bind-libs-lite.x86_64 32:9.9.4-11.P2.fc20 bind-license.noarch 32:9.9.4-11.P2.fc20 bind-utils.x86_64 32:9.9.4-11.P2.fc20 libldb.x86_64 0:1.1.16-4.fc20 Failed: initscripts.x86_64 0:9.50-1.fc20 initscripts.x86_64 0:9.51-1.fc20 nfs-utils.x86_64 1:1.2.8-6.0.fc20 nfs-utils.x86_64 1:1.2.9-2.1.fc20 selinux-policy-targeted.noarch 0:3.12.1-116.fc20 selinux-policy-targeted.noarch 0:3.12.1-117.fc20 tcpdump.x86_64 14:4.5.0-1.20131108gitb07944a.fc20 tcpdump.x86_64 14:4.5.1-1.fc20 Complete! Additional info: reporter: libreport-2.1.11 hashmarkername: setroubleshoot kernel: 3.12.7-300.fc20.x86_64 type: libreport
(In reply to sunkins from comment #20) This is bug 1054350, see that for workaround.
Description of problem: Error appeared after startup Additional info: reporter: libreport-2.1.11 hashmarkername: setroubleshoot kernel: 3.12.7-300.fc20.x86_64 type: libreport
Description of problem: yum update and reboot Additional info: reporter: libreport-2.1.11 hashmarkername: setroubleshoot kernel: 3.12.7-300.fc20.x86_64 type: libreport
Description of problem: yum update, reboot and then it happens. Additional info: reporter: libreport-2.1.11 hashmarkername: setroubleshoot kernel: 3.12.7-300.fc20.x86_64 type: libreport
Description of problem: I received this alert on initiating an OpenVPN connection, and again on closing the connection. Additional info: reporter: libreport-2.1.11 hashmarkername: setroubleshoot kernel: 3.12.8-300.fc20.x86_64 type: libreport
Description of problem: Restore from suspend. Additional info: reporter: libreport-2.1.11 hashmarkername: setroubleshoot kernel: 3.12.7-300.fc20.x86_64 type: libreport
selinux-policy-3.12.1-119.fc20 has been submitted as an update for Fedora 20. https://admin.fedoraproject.org/updates/selinux-policy-3.12.1-119.fc20
Description of problem: I don't really know why this happened, when my laptop resumed from suspension it showed the selinux popup message Additional info: reporter: libreport-2.1.11 hashmarkername: setroubleshoot kernel: 3.12.7-300.fc20.x86_64 type: libreport
Description of problem: I do nothing. This trouble being after booting fedora. Additional info: reporter: libreport-2.1.11 hashmarkername: setroubleshoot kernel: 3.12.7-300.fc20.x86_64 type: libreport
Same here (FC20/x86_64 with all updates). I use KDE and have configured network (WLAN) over "kde-plasma-nm". I get many, many errors in my logs. I will attach output of the following command here: # journalctl -b | grep "NetworkManager\|firewalld"
Created attachment 853414 [details] output of: journalctl -b | grep "NetworkManager\|firewalld"
Package selinux-policy-3.12.1-119.fc20: * should fix your issue, * was pushed to the Fedora 20 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing selinux-policy-3.12.1-119.fc20' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2014-1249/selinux-policy-3.12.1-119.fc20 then log in and leave karma (feedback).
*** Bug 1056495 has been marked as a duplicate of this bug. ***
Description of problem: I just connected to my home wifi network. Additional info: reporter: libreport-2.1.11 hashmarkername: setroubleshoot kernel: 3.12.7-300.fc20.x86_64 type: libreport
Description of problem: Browsing internet. My wireless connection regularly cuts out because i am on a shared network with bad signal. Probably related. Additional info: reporter: libreport-2.1.11 hashmarkername: setroubleshoot kernel: 3.12.7-300.fc20.x86_64 type: libreport
Description of problem: Just update NetworkManager and rebooted. Additional info: reporter: libreport-2.1.11 hashmarkername: setroubleshoot kernel: 3.12.8-300.fc20.x86_64 type: libreport
Description of problem: resume from suspend Additional info: reporter: libreport-2.1.11 hashmarkername: setroubleshoot kernel: 3.12.7-300.fc20.x86_64 type: libreport
selinux-policy-3.12.1-119.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report.