1107896 – 'sudo restorecon -R -F -v /' is BROKEN

Bug 1107896 - 'sudo restorecon -R -F -v /' is BROKEN

Summary: 'sudo restorecon -R -F -v /' is BROKEN

Keywords:
Status:	CLOSED EOL
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	selinux-policy
Sub Component:
Version:	20
Hardware:	x86_64
OS:	All
Priority:	urgent
Severity:	urgent
Target Milestone:	---
Assignee:	Miroslav Grepl
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:	abrt_hash:33e392d315b54b080d5e12309de...
Duplicates (3):	1099043 1100054 1107895 (view as bug list)
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2014-06-11 01:16 UTC by Moez Roy
Modified:	2015-06-29 21:03 UTC (History)
CC List:	6 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2015-06-29 21:03:35 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Moez Roy 2014-06-11 01:16:07 UTC

Description of problem:
SELinux is preventing /usr/bin/abrt-dump-oops from 'read' accesses on the file .

*****  Plugin catchall_labels (83.8 confidence) suggests   *******************

If you want to allow abrt-dump-oops to have read access on the  file
Then you need to change the label on $FIX_TARGET_PATH
Do
# semanage fcontext -a -t FILE_TYPE '$FIX_TARGET_PATH'
where FILE_TYPE is one of the following: NetworkManager_tmp_t, abrt_dump_oops_exec_t, abrt_etc_t, abrt_helper_exec_t, abrt_tmp_t, abrt_upload_watch_tmp_t, abrt_var_cache_t, abrt_var_run_t, admin_crontab_tmp_t, afs_cache_t, alsa_tmp_t, amanda_tmp_t, anon_inodefs_t, antivirus_tmp_t, apcupsd_tmp_t, apmd_tmp_t, arpwatch_tmp_t, asterisk_tmp_t, auditadm_sudo_tmp_t, automount_tmp_t, awstats_tmp_t, bin_t, bitlbee_tmp_t, bluetooth_helper_tmp_t, bluetooth_tmp_t, boinc_project_tmp_t, boinc_tmp_t, boot_t, bootloader_tmp_t, cardmgr_dev_t, ccs_tmp_t, cdcc_tmp_t, chrome_sandbox_tmp_t, cloud_init_tmp_t, cluster_tmp_t, cobbler_tmp_t, colord_tmp_t, comsat_tmp_t, condor_master_tmp_t, condor_schedd_tmp_t, condor_startd_tmp_t, couchdb_tmp_t, cpu_online_t, crack_tmp_t, crond_tmp_t, crontab_tmp_t, ctdbd_tmp_t, cups_pdf_tmp_t, cupsd_lpd_tmp_t, cupsd_tmp_t, cvs_tmp_t, cyphesis_tmp_t, cyrus_tmp_t, dbadm_sudo_tmp_t, dbskkd_tmp_t, dcc_client_tmp_t, dcc_dbclean_tmp_t, dccd_tmp_t, dccifd_tmp_t, dccm_tmp_t, ddclient_tmp_t, debugfs_t, deltacloudd_tmp_t, devicekit_tmp_t, dhcpc_tmp_t, dhcpd_tmp_t, dirsrv_tmp_t, dirsrvadmin_tmp_t, disk_munin_plugin_tmp_t, dkim_milter_tmp_t, docker_tmp_t, dovecot_auth_tmp_t, dovecot_deliver_tmp_t, dovecot_tmp_t, etc_runtime_t, etc_t, exim_tmp_t, fail2ban_tmp_t, fenced_tmp_t, firewalld_tmp_t, firewallgui_tmp_t, fsadm_tmp_t, fsdaemon_tmp_t, ftpd_tmp_t, ftpdctl_tmp_t, games_tmp_t, gconf_tmp_t, getty_tmp_t, gkeyringd_tmp_t, glance_registry_tmp_t, glance_tmp_t, glusterd_tmp_t, gpg_agent_tmp_t, gpg_pinentry_tmp_t, gpm_tmp_t, gssd_tmp_t, httpd_bugzilla_tmp_t, httpd_collectd_script_tmp_t, httpd_mojomojo_tmp_t, httpd_munin_script_tmp_t, httpd_php_tmp_t, httpd_suexec_tmp_t, httpd_tmp_t, httpd_w3c_validator_tmp_t, inetd_child_tmp_t, inetd_tmp_t, init_tmp_t, initrc_tmp_t, ipsec_tmp_t, iptables_tmp_t, iscsi_tmp_t, kadmind_tmp_t, kdumpctl_tmp_t, kdumpgui_tmp_t, keystone_tmp_t, kismet_tmp_t, kismet_tmpfs_t, klogd_tmp_t, krb5_host_rcache_t, krb5kdc_tmp_t, ktalkd_tmp_t, l2tpd_tmp_t, ld_so_cache_t, ld_so_t, ldconfig_tmp_t, lib_t, livecd_tmp_t, locale_t, logrotate_mail_tmp_t, logrotate_tmp_t, logwatch_mail_tmp_t, logwatch_tmp_t, lpd_tmp_t, lpr_tmp_t, lsassd_tmp_t, lsmd_plugin_tmp_t, lvm_tmp_t, machineid_t, mail_munin_plugin_tmp_t, mailman_cgi_tmp_t, mailman_mail_tmp_t, mailman_queue_tmp_t, man_cache_t, man_t, mandb_cache_t, mdadm_tmp_t, mock_tmp_t, mongod_tmp_t, mount_tmp_t, mozilla_plugin_tmp_t, mozilla_tmp_t, mpd_tmp_t, mscan_tmp_t, munin_tmp_t, mysqld_tmp_t, nagios_eventhandler_plugin_tmp_t, nagios_openshift_plugin_tmp_t, nagios_system_plugin_tmp_t, nagios_tmp_t, named_tmp_t, netutils_tmp_t, neutron_tmp_t, nova_ajax_tmp_t, nova_api_tmp_t, nova_cert_tmp_t, nova_compute_tmp_t, nova_console_tmp_t, nova_direct_tmp_t, nova_network_tmp_t, nova_objectstore_tmp_t, nova_scheduler_tmp_t, nova_vncproxy_tmp_t, nova_volume_tmp_t, ntop_tmp_t, ntpd_tmp_t, nx_server_tmp_t, openshift_cgroup_read_tmp_t, openshift_cron_tmp_t, openshift_initrc_tmp_t, openshift_tmp_t, openvpn_tmp_t, openvswitch_tmp_t, openwsman_tmp_t, pam_timestamp_tmp_t, passenger_tmp_t, pcp_tmp_t, pegasus_openlmi_storage_tmp_t, pegasus_tmp_t, piranha_web_tmp_t, pkcsslotd_tmp_t, pki_tomcat_tmp_t, podsleuth_tmp_t, policykit_tmp_t, portmap_tmp_t, postfix_bounce_tmp_t, postfix_cleanup_tmp_t, postfix_local_tmp_t, postfix_map_tmp_t, postfix_pickup_tmp_t, postfix_pipe_tmp_t, postfix_qmgr_tmp_t, postfix_smtp_tmp_t, postfix_smtpd_tmp_t, postfix_virtual_tmp_t, postgresql_tmp_t, pppd_tmp_t, prelink_exec_t, prelink_tmp_t, prelude_lml_tmp_t, proc_t, procmail_tmp_t, psad_tmp_t, puppet_tmp_t, puppetmaster_tmp_t, qpidd_tmp_t, racoon_tmp_t, realmd_tmp_t, rhev_agentd_tmp_t, ricci_tmp_t, rlogind_tmp_t, rpm_script_tmp_t, rpm_tmp_t, rsync_tmp_t, rtas_errd_tmp_t, samba_net_tmp_t, sblim_tmp_t, secadm_sudo_tmp_t, sectool_tmp_t, selinux_munin_plugin_tmp_t, semanage_tmp_t, sendmail_tmp_t, services_munin_plugin_tmp_t, session_dbusd_tmp_t, sge_tmp_t, shell_exec_t, shorewall_tmp_t, slapd_tmp_t, smbd_tmp_t, smoltclient_tmp_t, smsd_tmp_t, snort_tmp_t, sosreport_tmp_t, soundd_tmp_t, spamc_tmp_t, spamd_tmp_t, speech-dispatcher_tmp_t, squid_tmp_t, squirrelmail_spool_t, src_t, ssh_agent_tmp_t, ssh_keygen_tmp_t, staff_sudo_tmp_t, stapserver_tmp_t, stunnel_tmp_t, svirt_tmp_t, svnserve_tmp_t, swat_tmp_t, swift_tmp_t, sysadm_passwd_tmp_t, sysadm_sudo_tmp_t, syslogd_tmp_t, system_conf_t, system_cronjob_tmp_t, system_db_t, system_dbusd_tmp_t, system_mail_tmp_t, system_munin_plugin_tmp_t, tcpd_tmp_t, telepathy_gabble_tmp_t, telepathy_idle_tmp_t, telepathy_logger_tmp_t, telepathy_mission_control_tmp_t, telepathy_msn_tmp_t, telepathy_salut_tmp_t, telepathy_sofiasip_tmp_t, telepathy_stream_engine_tmp_t, telepathy_sunshine_tmp_t, telnetd_tmp_t, tetex_data_t, textrel_shlib_t, tgtd_tmp_t, thumb_tmp_t, tmp_t, tomcat_tmp_t, tuned_tmp_t, tvtime_tmp_t, udev_tmp_t, uml_tmp_t, unconfined_munin_plugin_tmp_t, update_modules_tmp_t, user_cron_spool_t, user_fonts_t, user_mail_tmp_t, user_tmp_t, usr_t, uucpd_tmp_t, var_log_t, var_spool_t, varnishd_tmp_t, virt_qemu_ga_tmp_t, virt_tmp_t, vmtools_tmp_t, vmware_host_tmp_t, vmware_tmp_t, vpnc_tmp_t, webadm_tmp_t, webalizer_tmp_t, wireshark_tmp_t, xauth_tmp_t, xdm_tmp_t, xend_tmp_t, xenstored_tmp_t, ypbind_tmp_t, ypserv_tmp_t, zabbix_tmp_t, zarafa_deliver_tmp_t, zarafa_indexer_tmp_t, zarafa_server_tmp_t, zarafa_var_lib_t, zebra_tmp_t. 
Then execute: 
restorecon -v '$FIX_TARGET_PATH'


*****  Plugin catchall (17.1 confidence) suggests   **************************

If you believe that abrt-dump-oops should be allowed read access on the  file by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# grep abrt-dump-oops /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp

Additional Information:
Source Context                system_u:system_r:abrt_dump_oops_t:s0
Target Context                system_u:object_r:unlabeled_t:s0
Target Objects                 [ file ]
Source                        abrt-dump-oops
Source Path                   /usr/bin/abrt-dump-oops
Port                          <Unknown>
Host                          (removed)
Source RPM Packages           abrt-addon-kerneloops-2.2.1-2.fc20.x86_64
Target RPM Packages           
Policy RPM                    selinux-policy-3.12.1-166.fc20.noarch
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Enforcing
Host Name                     (removed)
Platform                      Linux (removed) 3.14.5-200.fc20.x86_64 #1 SMP Mon
                              Jun 2 14:26:34 UTC 2014 x86_64 x86_64
Alert Count                   1
First Seen                    2014-06-10 18:15:57 PDT
Last Seen                     2014-06-10 18:15:57 PDT
Local ID                      af98dad5-15c7-47ba-bb8e-fee318c885a7

Raw Audit Messages
type=AVC msg=audit(1402449357.899:27): avc:  denied  { read } for  pid=967 comm="abrt-dump-oops" name="libaugeas.so.0" dev="dm-0" ino=149012 scontext=system_u:system_r:abrt_dump_oops_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=file


type=SYSCALL msg=audit(1402449357.899:27): arch=x86_64 syscall=open success=no exit=EACCES a0=7f6170ab0981 a1=80000 a2=7f6170a9a4e0 a3=7f616feb3c0d items=0 ppid=965 pid=967 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=abrt-dump-oops exe=/usr/bin/abrt-dump-oops subj=system_u:system_r:abrt_dump_oops_t:s0 key=(null)

Hash: abrt-dump-oops,abrt_dump_oops_t,unlabeled_t,file,read

Additional info:
reporter:       libreport-2.2.2
hashmarkername: setroubleshoot
kernel:         3.14.5-200.fc20.x86_64
type:           libreport

Comment 1 Moez Roy 2014-06-11 01:21:45 UTC

[user@localhost ~]$ ls -Z /usr/share/abrt/conf.d/*
-rw-r--r--. root root system_u:object_r:usr_t:s0       /usr/share/abrt/conf.d/abrt-action-save-package-data.conf
-rw-r--r--. root root system_u:object_r:usr_t:s0       /usr/share/abrt/conf.d/abrt.conf
-rw-r--r--. root root system_u:object_r:usr_t:s0       /usr/share/abrt/conf.d/gpg_keys.conf

/usr/share/abrt/conf.d/plugins:
-rw-r--r--. root root system_u:object_r:usr_t:s0       CCpp.conf
-rw-r--r--. root root system_u:object_r:usr_t:s0       java.conf
-rw-r--r--. root root system_u:object_r:usr_t:s0       oops.conf
-rw-r--r--. root root system_u:object_r:usr_t:s0       python3.conf
-rw-r--r--. root root system_u:object_r:usr_t:s0       python.conf
-rw-r--r--. root root system_u:object_r:usr_t:s0       vmcore.conf
-rw-r--r--. root root system_u:object_r:usr_t:s0       xorg.conf
[user@localhost ~]$

Comment 2 Daniel Walsh 2014-06-11 12:18:19 UTC

Did this happen during the update?

Comment 3 Moez Roy 2014-06-12 01:08:50 UTC

(In reply to Daniel Walsh from comment #2)
> Did this happen during the update?

The AVC's are not popping up if thats what you are asking.

I have to manually open up Setroubleshoot to see the AVCs.

---------------

SCAP Workbench...Using the Fedora profile it told me to change some permissions...I also selected the Online Remediation box so it probably changed permissions on it own too. 

[user@localhost ~]$ sudo yum list installed | grep scap
[sudo] password for user: 
openscap.x86_64                1.0.8-1.fc20         @updates                    
openscap-utils.x86_64          1.0.8-1.fc20         @updates
scap-security-guide.noarch     0.1.5-1.fc20         @updates                    
scap-workbench.x86_64          0.8.8-1.fc20         @updates                    
[user@localhost ~]$

-----------

I am not exactly sure why my system becomes unlabeled after a few weeks.

---------

Right now: 


I did sudo yum reinstall selinux-policy-targeted.

and I also ran sudo restorecon -R -F -v  /

Comment 4 Moez Roy 2014-06-12 01:21:37 UTC

*** Bug 1099043 has been marked as a duplicate of this bug. ***

Comment 5 Moez Roy 2014-06-12 01:22:07 UTC

*** Bug 1100054 has been marked as a duplicate of this bug. ***

Comment 6 Moez Roy 2014-06-12 01:22:36 UTC

*** Bug 1107895 has been marked as a duplicate of this bug. ***

Comment 7 Moez Roy 2014-06-12 13:42:21 UTC

restorecon:  Warning no default label for /dev/mqueue
restorecon:  Warning no default label for /dev/pts/0
restorecon:  Warning no default label for /dev/pts/ptmx
restorecon:  Warning no default label for /run/lvmetad.pid
restorecon:  Warning no default label for /run/lock/subsys
restorecon:  Warning no default label for /run/initramfs
restorecon:  Warning no default label for /run/initramfs/rwtab
restorecon:  Warning no default label for /run/initramfs/state
restorecon:  Warning no default label for /run/initramfs/state/var
restorecon:  Warning no default label for /run/initramfs/state/var/lib
restorecon:  Warning no default label for /run/initramfs/state/var/lib/dhclient
restorecon:  Warning no default label for /run/initramfs/state/etc
restorecon:  Warning no default label for /run/initramfs/state/etc/sysconfig
restorecon:  Warning no default label for /run/initramfs/state/etc/sysconfig/network-scripts
restorecon:  Warning no default label for /mnt/sysimage/home
restorecon:  Warning no default label for /tmp/(lots of stuff)
restorecon:  Warning no default label for /var/tmp/(lots of stuff)

========

Latest AVC:

Additional Information:
Source Context                system_u:system_r:abrt_dump_oops_t:s0
Target Context                system_u:object_r:unlabeled_t:s0
Target Objects                 [ file ]
Source                        abrt-dump-oops
Source Path                   /usr/bin/abrt-dump-oops
Port                          <Unknown>
Host                          (removed)
Source RPM Packages           abrt-addon-kerneloops-2.2.1-2.fc20.x86_64
Target RPM Packages           
Policy RPM                    selinux-policy-3.12.1-166.fc20.noarch
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Enforcing
Host Name                     (removed)
Platform                      Linux (removed) 3.14.6-200.fc20.x86_64 #1 SMP Sun
                              Jun 8 01:21:56 UTC 2014 x86_64 x86_64
Alert Count                   1
First Seen                    2014-06-12 06:09:49 PDT
Last Seen                     2014-06-12 06:09:49 PDT
Local ID                      1a6e9dc2-26b9-4e97-b217-b557f06c2cc4

Raw Audit Messages
type=AVC msg=audit(1402578589.884:33): avc:  denied  { read } for  pid=1079 comm="abrt-dump-oops" name="libpopt.so.0" dev="dm-0" ino=118333 scontext=system_u:system_r:abrt_dump_oops_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=file


type=SYSCALL msg=audit(1402578589.884:33): arch=x86_64 syscall=open success=no exit=EACCES a0=7fcfc3a70b10 a1=80000 a2=7fcfc3a5d4d0 a3=7fcfc095e5d2 items=0 ppid=1077 pid=1079 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=abrt-dump-oops exe=/usr/bin/abrt-dump-oops subj=system_u:system_r:abrt_dump_oops_t:s0 key=(null)

Hash: abrt-dump-oops,abrt_dump_oops_t,unlabeled_t,file,read

-----------------

[user@localhost ~]$ ls -lZ /usr/lib64/libpopt.so.0
lrwxrwxrwx. root root system_u:object_r:lib_t:s0       /usr/lib64/libpopt.so.0 -> libpopt.so.0.0.0
[user@localhost ~]$ 

[user@localhost ~]$ ls -lZ /usr/bin/abrt-dump-oops
-rwxr-xr-x. root root system_u:object_r:abrt_dump_oops_exec_t:s0 /usr/bin/abrt-dump-oops
[user@localhost ~]$ 

----------

[user@localhost ~]$ sudo yum reinstall popt abrt-addon-kerneloops

-----------

Then running sudo restorecon -R -F -v  /

also gives me:

restorecon reset /etc/ld.so.cache context unconfined_u:object_r:ld_so_cache_t:s0->system_u:object_r:ld_so_cache_t:s0

...

restorecon reset /var/cache/ldconfig/aux-cache context unconfined_u:object_r:ldconfig_cache_t:s0->system_u:object_r:ldconfig_cache_t:s0
restorecon reset /var/cache/yum/x86_64/20/timedhosts context unconfined_u:object_r:rpm_var_cache_t:s0->system_u:object_r:rpm_var_cache_t:s0
restorecon reset /var/lib/rpm/__db.001 context unconfined_u:object_r:rpm_var_lib_t:s0->system_u:object_r:rpm_var_lib_t:s0
restorecon reset /var/lib/rpm/__db.002 context unconfined_u:object_r:rpm_var_lib_t:s0->system_u:object_r:rpm_var_lib_t:s0
restorecon reset /var/lib/rpm/__db.003 context unconfined_u:object_r:rpm_var_lib_t:s0->system_u:object_r:rpm_var_lib_t:s0
restorecon reset /var/lib/yum/history/2014-04-08/93 context unconfined_u:object_r:rpm_var_lib_t:s0->system_u:object_r:rpm_var_lib_t:s0
restorecon reset /var/lib/yum/history/2014-04-08/93/config-main context unconfined_u:object_r:rpm_var_lib_t:s0->system_u:object_r:rpm_var_lib_t:s0
restorecon reset /var/lib/yum/history/2014-04-08/93/config-repos context unconfined_u:object_r:rpm_var_lib_t:s0->system_u:object_r:rpm_var_lib_t:s0
restorecon reset /var/lib/yum/history/2014-04-08/93/saved_tx context unconfined_u:object_r:rpm_var_lib_t:s0->system_u:object_r:rpm_var_lib_t:s0
restorecon reset /var/lib/yum/rpmdb-indexes/conflicts context unconfined_u:object_r:rpm_var_lib_t:s0->system_u:object_r:rpm_var_lib_t:s0
restorecon reset /var/lib/yum/rpmdb-indexes/obsoletes context unconfined_u:object_r:rpm_var_lib_t:s0->system_u:object_r:rpm_var_lib_t:s0
restorecon reset /var/lib/yum/rpmdb-indexes/file-requires context unconfined_u:object_r:rpm_var_lib_t:s0->system_u:object_r:rpm_var_lib_t:s0
restorecon reset /var/lib/yum/rpmdb-indexes/pkgtups-checksums context unconfined_u:object_r:rpm_var_lib_t:s0->system_u:object_r:rpm_var_lib_t:s0
restorecon reset /var/lib/yum/rpmdb-indexes/version context unconfined_u:object_r:rpm_var_lib_t:s0->system_u:object_r:rpm_var_lib_t:s0
restorecon reset /var/lib/yum/yumdb/a/749f956b2075f045abc128f22c83ff029ecefec4-abrt-addon-kerneloops-2.2.1-2.fc20-x86_64/from_repo context unconfined_u:object_r:rpm_var_lib_t:s0->system_u:object_r:rpm_var_lib_t:s0
restorecon reset /var/lib/yum/yumdb/a/749f956b2075f045abc128f22c83ff029ecefec4-abrt-addon-kerneloops-2.2.1-2.fc20-x86_64/reason context unconfined_u:object_r:rpm_var_lib_t:s0->system_u:object_r:rpm_var_lib_t:s0
restorecon reset /var/lib/yum/yumdb/a/749f956b2075f045abc128f22c83ff029ecefec4-abrt-addon-kerneloops-2.2.1-2.fc20-x86_64/command_line context unconfined_u:object_r:rpm_var_lib_t:s0->system_u:object_r:rpm_var_lib_t:s0
restorecon reset /var/lib/yum/yumdb/a/749f956b2075f045abc128f22c83ff029ecefec4-abrt-addon-kerneloops-2.2.1-2.fc20-x86_64/checksum_type context unconfined_u:object_r:rpm_var_lib_t:s0->system_u:object_r:rpm_var_lib_t:s0
restorecon reset /var/lib/yum/yumdb/a/749f956b2075f045abc128f22c83ff029ecefec4-abrt-addon-kerneloops-2.2.1-2.fc20-x86_64/checksum_data context unconfined_u:object_r:rpm_var_lib_t:s0->system_u:object_r:rpm_var_lib_t:s0
restorecon reset /var/lib/yum/yumdb/a/749f956b2075f045abc128f22c83ff029ecefec4-abrt-addon-kerneloops-2.2.1-2.fc20-x86_64/origin_url context unconfined_u:object_r:rpm_var_lib_t:s0->system_u:object_r:rpm_var_lib_t:s0
restorecon reset /var/lib/yum/yumdb/a/749f956b2075f045abc128f22c83ff029ecefec4-abrt-addon-kerneloops-2.2.1-2.fc20-x86_64/from_repo_revision context unconfined_u:object_r:rpm_var_lib_t:s0->system_u:object_r:rpm_var_lib_t:s0
restorecon reset /var/lib/yum/yumdb/a/749f956b2075f045abc128f22c83ff029ecefec4-abrt-addon-kerneloops-2.2.1-2.fc20-x86_64/from_repo_timestamp context unconfined_u:object_r:rpm_var_lib_t:s0->system_u:object_r:rpm_var_lib_t:s0
restorecon reset /var/lib/yum/yumdb/a/749f956b2075f045abc128f22c83ff029ecefec4-abrt-addon-kerneloops-2.2.1-2.fc20-x86_64/installed_by context unconfined_u:object_r:rpm_var_lib_t:s0->system_u:object_r:rpm_var_lib_t:s0
restorecon reset /var/lib/yum/yumdb/p/f9119e48ba6fad7ad0ec66e3c8808c447c7d8858-popt-1.16-2.fc20-x86_64/checksum_data context unconfined_u:object_r:rpm_var_lib_t:s0->system_u:object_r:rpm_var_lib_t:s0
restorecon reset /var/lib/yum/yumdb/p/f9119e48ba6fad7ad0ec66e3c8808c447c7d8858-popt-1.16-2.fc20-x86_64/origin_url context unconfined_u:object_r:rpm_var_lib_t:s0->system_u:object_r:rpm_var_lib_t:s0
restorecon reset /var/lib/yum/yumdb/p/f9119e48ba6fad7ad0ec66e3c8808c447c7d8858-popt-1.16-2.fc20-x86_64/installed_by context unconfined_u:object_r:rpm_var_lib_t:s0->system_u:object_r:rpm_var_lib_t:s0

Comment 8 Moez Roy 2014-06-12 13:53:23 UTC

Just going to make another local policy module. 

[user@localhost ~]$ sudo sh -c 'grep abrt-dump-oops /var/log/audit/audit.log | audit2allow -M mypol2'
[sudo] password for user: 
******************** IMPORTANT ***********************
To make this policy package active, execute:

semodule -i mypol2.pp

[user@localhost ~]$ sudo semodule -i mypol2.pp
[user@localhost ~]$ 

========================================================

May 21 15:10 mypol.te:

module mypol 1.0;

require {
	type unlabeled_t;
	type abrt_t;
	class file { read getattr };
}

#============= abrt_t ==============
allow abrt_t unlabeled_t:file { read getattr };

========================================================


Jun 12 06:51 mypol2.te:

module mypol2 1.0;

require {
	type unlabeled_t;
	type lib_t;
	type abrt_dump_oops_t;
	class file { read getattr };
}

#============= abrt_dump_oops_t ==============

#!!!! This avc is allowed in the current policy
allow abrt_dump_oops_t lib_t:file read;
allow abrt_dump_oops_t unlabeled_t:file { read getattr };



========================================================

Comment 9 Miroslav Grepl 2014-06-12 14:11:31 UTC

Well I would try to use

# auserach -m avc -ts recent

after a reboot without these local modules.

Comment 10 Moez Roy 2014-07-28 22:32:26 UTC

Description of problem:
I have been running sudo restorecon -R -F -v  /
every now and then...

Additional info:
reporter:       libreport-2.2.3
hashmarkername: setroubleshoot
kernel:         3.15.6-200.fc20.x86_64
type:           libreport

Comment 11 Moez Roy 2014-07-28 23:14:29 UTC

----
time->Sat Jul 26 21:04:01 2014
type=PROCTITLE msg=audit(1406433841.161:35): proctitle=2F7573722F62696E2F707974686F6E002D4573002F7573722F7362696E2F6669726577616C6C64002D2D6E6F666F726B002D2D6E6F706964
type=SYSCALL msg=audit(1406433841.161:35): arch=c000003e syscall=2 success=no exit=-13 a0=1dc9370 a1=0 a2=1b6 a3=1 items=0 ppid=1 pid=951 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="firewalld" exe="/usr/bin/python2.7" subj=system_u:system_r:firewalld_t:s0 key=(null)
type=AVC msg=audit(1406433841.161:35): avc:  denied  { read } for  pid=951 comm="firewalld" name="GObject.pyc" dev="dm-0" ino=25499 scontext=system_u:system_r:firewalld_t:s0 tcontext=system_u:object_r:lib_t:s0 tclass=file
----
time->Sat Jul 26 21:04:01 2014
type=PROCTITLE msg=audit(1406433841.180:36): proctitle=2F7573722F62696E2F707974686F6E002D4573002F7573722F7362696E2F6669726577616C6C64002D2D6E6F666F726B002D2D6E6F706964
type=SYSCALL msg=audit(1406433841.180:36): arch=c000003e syscall=87 success=no exit=-13 a0=1dc9370 a1=31100 a2=81a4 a3=7fffbcb214f0 items=0 ppid=1 pid=951 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="firewalld" exe="/usr/bin/python2.7" subj=system_u:system_r:firewalld_t:s0 key=(null)
type=AVC msg=audit(1406433841.180:36): avc:  denied  { write } for  pid=951 comm="firewalld" name="overrides" dev="dm-0" ino=24682 scontext=system_u:system_r:firewalld_t:s0 tcontext=system_u:object_r:lib_t:s0 tclass=dir
----
time->Sat Jul 26 21:04:01 2014
type=PROCTITLE msg=audit(1406433841.375:37): proctitle=2F7573722F62696E2F707974686F6E002D4573002F7573722F7362696E2F6669726577616C6C64002D2D6E6F666F726B002D2D6E6F706964
type=SYSCALL msg=audit(1406433841.375:37): arch=c000003e syscall=2 success=no exit=-13 a0=1eeb190 a1=0 a2=1b6 a3=1 items=0 ppid=1 pid=951 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="firewalld" exe="/usr/bin/python2.7" subj=system_u:system_r:firewalld_t:s0 key=(null)
type=AVC msg=audit(1406433841.375:37): avc:  denied  { read } for  pid=951 comm="firewalld" name="fw.pyc" dev="dm-0" ino=483069 scontext=system_u:system_r:firewalld_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=file
----
time->Sat Jul 26 21:04:01 2014
type=PROCTITLE msg=audit(1406433841.394:38): proctitle=2F7573722F62696E2F707974686F6E002D4573002F7573722F7362696E2F6669726577616C6C64002D2D6E6F666F726B002D2D6E6F706964
type=SYSCALL msg=audit(1406433841.394:38): arch=c000003e syscall=87 success=no exit=-13 a0=1eeb190 a1=15bd0 a2=81a4 a3=7f7ca7be45d0 items=0 ppid=1 pid=951 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="firewalld" exe="/usr/bin/python2.7" subj=system_u:system_r:firewalld_t:s0 key=(null)
type=AVC msg=audit(1406433841.394:38): avc:  denied  { write } for  pid=951 comm="firewalld" name="core" dev="dm-0" ino=13948 scontext=system_u:system_r:firewalld_t:s0 tcontext=system_u:object_r:lib_t:s0 tclass=dir
----
time->Sun Jul 27 07:53:41 2014
type=AVC msg=audit(1406472821.578:30): avc:  denied  { read } for  pid=635 comm="systemd-readahe" name="org.freedesktop.locale1.service" dev="dm-0" ino=762136 scontext=system_u:system_r:readahead_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=file
----
time->Sun Jul 27 17:24:43 2014
type=PROCTITLE msg=audit(1406507083.824:315): proctitle=2F62696E2F646275732D6461656D6F6E002D2D666F726B002D2D7072696E742D7069640034002D2D7072696E742D616464726573730036002D2D73657373696F6E
type=SYSCALL msg=audit(1406507083.824:315): arch=c000003e syscall=4 success=no exit=-13 a0=7fc07827fea0 a1=7fff3475ee20 a2=7fff3475ee20 a3=3 items=0 ppid=1310 pid=1311 auid=4294967295 uid=42 gid=42 euid=42 suid=42 fsuid=42 egid=42 sgid=42 fsgid=42 tty=(none) ses=4294967295 comm="dbus-daemon" exe="/usr/bin/dbus-daemon" subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1406507083.824:315): avc:  denied  { getattr } for  pid=1311 comm="dbus-daemon" path="/usr/share/dbus-1/services/org.gnome.Nautilus.SearchProvider.service" dev="dm-0" ino=225005 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:unlabeled_t:s0 tclass=file
----
time->Sun Jul 27 17:50:39 2014
type=PROCTITLE msg=audit(1406508639.649:34): proctitle=2F7573722F7362696E2F6162727464002D64002D73
type=SYSCALL msg=audit(1406508639.649:34): arch=c000003e syscall=6 success=no exit=-13 a0=7fff0c73b390 a1=7fff0c73b230 a2=7fff0c73b230 a3=9 items=0 ppid=1 pid=1251 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="abrtd" exe="/usr/sbin/abrtd" subj=system_u:system_r:abrt_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1406508639.649:34): avc:  denied  { 0x800000 } for  pid=1251 comm="abrtd" name="abrt" dev="dm-0" ino=298 scontext=system_u:system_r:abrt_t:s0-s0:c0.c1023 tcontext=system_u:object_r:unlabeled_t:s0 tclass=file
----
time->Mon Jul 28 14:52:07 2014
type=PROCTITLE msg=audit(1406584327.276:575): proctitle=2F7573722F6C69622F73797374656D642F73797374656D64002D2D75736572
type=SYSCALL msg=audit(1406584327.276:575): arch=c000003e syscall=2 success=no exit=-13 a0=7f2447cf0f60 a1=a0100 a2=0 a3=7f244470af90 items=0 ppid=1 pid=2830 auid=4294967295 uid=1001 gid=1000 euid=1001 suid=1001 fsuid=1001 egid=1000 sgid=1000 fsgid=1000 tty=(none) ses=4294967295 comm="systemd" exe="/usr/lib/systemd/systemd" subj=system_u:system_r:init_t:s0 key=(null)
type=AVC msg=audit(1406584327.276:575): avc:  denied  { 0x800000 } for  pid=2830 comm="systemd" name="user" dev="dm-0" ino=1293 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=file
----
time->Mon Jul 28 15:26:12 2014
type=PROCTITLE msg=audit(1406586372.958:25): proctitle="/usr/libexec/accounts-daemon"
type=SYSCALL msg=audit(1406586372.958:25): arch=c000003e syscall=2 success=no exit=-13 a0=7f843bbc2820 a1=80000 a2=7f843bbcb168 a3=7f843bbcf8ac items=0 ppid=1 pid=1145 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="accounts-daemon" exe="/usr/libexec/accounts-daemon" subj=system_u:system_r:accountsd_t:s0 key=(null)
type=AVC msg=audit(1406586372.958:25): avc:  denied  { read } for  pid=1145 comm="accounts-daemon" name="libgobject-2.0.so.0" dev="dm-0" ino=364004 scontext=system_u:system_r:accountsd_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=file
----
time->Mon Jul 28 15:26:14 2014
type=AVC msg=audit(1406586374.520:32): avc:  denied  { read } for  pid=810 comm="systemd-readahe" name="org.freedesktop.Accounts.service" dev="dm-0" ino=151752 scontext=system_u:system_r:readahead_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=file
----
time->Mon Jul 28 15:26:19 2014
type=AVC msg=audit(1406586379.228:35): avc:  denied  { read } for  pid=810 comm="systemd-readahe" name="six.pyc" dev="dm-0" ino=293781 scontext=system_u:system_r:readahead_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=file

Comment 12 Moez Roy 2014-08-04 15:01:32 UTC

----
time->Wed Jul 30 18:58:16 2014
type=PROCTITLE msg=audit(1406771896.557:36): proctitle=2F7573722F62696E2F707974686F6E002D4573002F7573722F7362696E2F6669726577616C6C64002D2D6E6F666F726B002D2D6E6F706964
type=SYSCALL msg=audit(1406771896.557:36): arch=c000003e syscall=2 success=no exit=-13 a0=dca770 a1=0 a2=1b6 a3=2 items=0 ppid=1 pid=953 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="firewalld" exe="/usr/bin/python2.7" subj=system_u:system_r:firewalld_t:s0 key=(null)
type=AVC msg=audit(1406771896.557:36): avc:  denied  { read } for  pid=953 comm="firewalld" name="six.pyc" dev="dm-0" ino=293781 scontext=system_u:system_r:firewalld_t:s0 tcontext=system_u:object_r:lib_t:s0 tclass=file
----
time->Wed Jul 30 18:58:16 2014
type=PROCTITLE msg=audit(1406771896.576:37): proctitle=2F7573722F62696E2F707974686F6E002D4573002F7573722F7362696E2F6669726577616C6C64002D2D6E6F666F726B002D2D6E6F706964
type=SYSCALL msg=audit(1406771896.576:37): arch=c000003e syscall=87 success=no exit=-13 a0=dca770 a1=d678 a2=81a4 a3=7fffdf223380 items=0 ppid=1 pid=953 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="firewalld" exe="/usr/bin/python2.7" subj=system_u:system_r:firewalld_t:s0 key=(null)
type=AVC msg=audit(1406771896.576:37): avc:  denied  { write } for  pid=953 comm="firewalld" name="site-packages" dev="dm-0" ino=13395 scontext=system_u:system_r:firewalld_t:s0 tcontext=system_u:object_r:lib_t:s0 tclass=dir
----
time->Sat Aug  2 00:07:44 2014
type=PROCTITLE msg=audit(1406963264.411:30): proctitle=2F7573722F62696E2F707974686F6E002D4573002F7573722F7362696E2F6669726577616C6C64002D2D6E6F666F726B002D2D6E6F706964
type=SYSCALL msg=audit(1406963264.411:30): arch=c000003e syscall=2 success=no exit=-13 a0=bb9220 a1=0 a2=1b6 a3=1 items=0 ppid=1 pid=950 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="firewalld" exe="/usr/bin/python2.7" subj=system_u:system_r:firewalld_t:s0 key=(null)
type=AVC msg=audit(1406963264.411:30): avc:  denied  { read } for  pid=950 comm="firewalld" name="__init__.pyc" dev="dm-0" ino=593192 scontext=system_u:system_r:firewalld_t:s0 tcontext=system_u:object_r:lib_t:s0 tclass=file
----
time->Sat Aug  2 00:07:45 2014
type=PROCTITLE msg=audit(1406963265.218:31): proctitle=2F7573722F62696E2F707974686F6E002D4573002F7573722F7362696E2F6669726577616C6C64002D2D6E6F666F726B002D2D6E6F706964
type=SYSCALL msg=audit(1406963265.218:31): arch=c000003e syscall=87 success=no exit=-13 a0=bb9220 a1=1cd08 a2=81a4 a3=7fff0e3923d0 items=0 ppid=1 pid=950 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="firewalld" exe="/usr/bin/python2.7" subj=system_u:system_r:firewalld_t:s0 key=(null)
type=AVC msg=audit(1406963265.218:31): avc:  denied  { write } for  pid=950 comm="firewalld" name="parsers" dev="dm-0" ino=25523 scontext=system_u:system_r:firewalld_t:s0 tcontext=system_u:object_r:lib_t:s0 tclass=dir
----
time->Sun Aug  3 06:13:28 2014
type=PROCTITLE msg=audit(1407071608.065:34): proctitle=2F62696E2F646275732D6461656D6F6E002D2D73797374656D002D2D616464726573733D73797374656D643A002D2D6E6F666F726B002D2D6E6F70696466696C65002D2D73797374656D642D61637469766174696F6E
type=SYSCALL msg=audit(1407071608.065:34): arch=c000003e syscall=4 success=no exit=-13 a0=7fa62239cb50 a1=7fffd94c7e80 a2=7fffd94c7e80 a3=6 items=0 ppid=1 pid=1403 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="dbus-daemon" exe="/usr/bin/dbus-daemon" subj=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1407071608.065:34): avc:  denied  { getattr } for  pid=1403 comm="dbus-daemon" path="/usr/share/dbus-1/system-services/org.freedesktop.locale1.service" dev="dm-0" ino=794803 scontext=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:unlabeled_t:s0 tclass=file
----
time->Sun Aug  3 06:13:31 2014
type=AVC msg=audit(1407071611.184:38): avc:  denied  { read } for  pid=1046 comm="systemd-readahe" name="GObject.pyc" dev="dm-0" ino=25499 scontext=system_u:system_r:readahead_t:s0 tcontext=system_u:object_r:lib_t:s0 tclass=file

Comment 13 Moez Roy 2014-08-04 21:01:18 UTC

----
time->Mon Aug  4 09:12:55 2014
type=PROCTITLE msg=audit(1407168775.093:37): proctitle=2F7573722F62696E2F707974686F6E002D4573002F7573722F7362696E2F6669726577616C6C64002D2D6E6F666F726B002D2D6E6F706964
type=SYSCALL msg=audit(1407168775.093:37): arch=c000003e syscall=87 success=no exit=-13 a0=244c770 a1=d678 a2=81a4 a3=7ffff773c860 items=0 ppid=1 pid=951 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="firewalld" exe="/usr/bin/python2.7" subj=system_u:system_r:firewalld_t:s0 key=(null)
type=AVC msg=audit(1407168775.093:37): avc:  denied  { write } for  pid=951 comm="firewalld" name="site-packages" dev="dm-0" ino=13395 scontext=system_u:system_r:firewalld_t:s0 tcontext=system_u:object_r:lib_t:s0 tclass=dir
----
time->Mon Aug  4 09:12:55 2014
type=PROCTITLE msg=audit(1407168775.072:36): proctitle=2F7573722F62696E2F707974686F6E002D4573002F7573722F7362696E2F6669726577616C6C64002D2D6E6F666F726B002D2D6E6F706964
type=SYSCALL msg=audit(1407168775.072:36): arch=c000003e syscall=2 success=no exit=-13 a0=244c770 a1=0 a2=1b6 a3=2 items=0 ppid=1 pid=951 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="firewalld" exe="/usr/bin/python2.7" subj=system_u:system_r:firewalld_t:s0 key=(null)
type=AVC msg=audit(1407168775.072:36): avc:  denied  { read } for  pid=951 comm="firewalld" name="six.pyc" dev="dm-0" ino=293781 scontext=system_u:system_r:firewalld_t:s0 tcontext=system_u:object_r:lib_t:s0 tclass=file
----
time->Mon Aug  4 11:00:09 2014
type=AVC msg=audit(1407175209.564:32): avc:  denied  { read } for  pid=590 comm="systemd-readahe" name="_abcoll.pyc" dev="dm-0" ino=592686 scontext=system_u:system_r:readahead_t:s0 tcontext=system_u:object_r:lib_t:s0 tclass=file
----
time->Mon Aug  4 11:00:13 2014
type=PROCTITLE msg=audit(1407175213.997:35): proctitle=2F7573722F62696E2F707974686F6E002D4573002F7573722F7362696E2F6669726577616C6C64002D2D6E6F666F726B002D2D6E6F706964
type=SYSCALL msg=audit(1407175213.997:35): arch=c000003e syscall=87 success=no exit=-13 a0=1067760 a1=1a5d0 a2=81a4 a3=7fff1cc5da00 items=0 ppid=1 pid=929 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="firewalld" exe="/usr/bin/python2.7" subj=system_u:system_r:firewalld_t:s0 key=(null)
type=AVC msg=audit(1407175213.997:35): avc:  denied  { write } for  pid=929 comm="firewalld" name="site-packages" dev="dm-0" ino=13395 scontext=system_u:system_r:firewalld_t:s0 tcontext=system_u:object_r:lib_t:s0 tclass=dir
----
time->Mon Aug  4 11:00:13 2014
type=PROCTITLE msg=audit(1407175213.978:34): proctitle=2F7573722F62696E2F707974686F6E002D4573002F7573722F7362696E2F6669726577616C6C64002D2D6E6F666F726B002D2D6E6F706964
type=SYSCALL msg=audit(1407175213.978:34): arch=c000003e syscall=2 success=no exit=-13 a0=1067760 a1=0 a2=1b6 a3=1 items=0 ppid=1 pid=929 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="firewalld" exe="/usr/bin/python2.7" subj=system_u:system_r:firewalld_t:s0 key=(null)
type=AVC msg=audit(1407175213.978:34): avc:  denied  { read } for  pid=929 comm="firewalld" name="decorator.pyc" dev="dm-0" ino=14300 scontext=system_u:system_r:firewalld_t:s0 tcontext=system_u:object_r:lib_t:s0 tclass=file
----
time->Mon Aug  4 12:00:17 2014
type=PROCTITLE msg=audit(1407178817.862:436): proctitle=2F7573722F6C6962657865632F67656F636C7565002D740035
type=SYSCALL msg=audit(1407178817.862:436): arch=c000003e syscall=59 success=yes exit=0 a0=7fc432ae67e0 a1=7fc432ae6680 a2=7fc432ae5010 a3=0 items=0 ppid=21898 pid=21899 auid=4294967295 uid=997 gid=996 euid=997 suid=997 fsuid=997 egid=996 sgid=996 fsgid=996 tty=(none) ses=4294967295 comm="geoclue" exe="/usr/libexec/geoclue" subj=system_u:system_r:geoclue_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1407178817.862:436): avc:  denied  { read } for  pid=21899 comm="geoclue" path="/proc/sys/kernel/cap_last_cap" dev="proc" ino=19653 scontext=system_u:system_r:geoclue_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysctl_kernel_t:s0 tclass=file
----
time->Mon Aug  4 12:00:20 2014
type=PROCTITLE msg=audit(1407178820.114:437): proctitle=2F7573722F6C6962657865632F67656F636C7565002D740035
type=SYSCALL msg=audit(1407178820.114:437): arch=c000003e syscall=4 success=yes exit=0 a0=7f5a6eb51e60 a1=7fff7ef469f0 a2=7fff7ef469f0 a3=7fff7ef467a0 items=0 ppid=1 pid=21899 auid=4294967295 uid=997 gid=996 euid=997 suid=997 fsuid=997 egid=996 sgid=996 fsgid=996 tty=(none) ses=4294967295 comm="geoclue" exe="/usr/libexec/geoclue" subj=system_u:system_r:geoclue_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1407178820.114:437): avc:  denied  { getattr } for  pid=21899 comm="geoclue" path="/run/pcscd/pcscd.comm" dev="tmpfs" ino=17256 scontext=system_u:system_r:geoclue_t:s0-s0:c0.c1023 tcontext=system_u:object_r:pcscd_var_run_t:s0 tclass=sock_file
----
time->Mon Aug  4 12:00:20 2014
type=PROCTITLE msg=audit(1407178820.114:438): proctitle=2F7573722F6C6962657865632F67656F636C7565002D740035
type=SYSCALL msg=audit(1407178820.114:438): arch=c000003e syscall=42 success=yes exit=0 a0=b a1=7fff7ef469f0 a2=1c a3=7fff7ef467a0 items=0 ppid=1 pid=21899 auid=4294967295 uid=997 gid=996 euid=997 suid=997 fsuid=997 egid=996 sgid=996 fsgid=996 tty=(none) ses=4294967295 comm="geoclue" exe="/usr/libexec/geoclue" subj=system_u:system_r:geoclue_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1407178820.114:438): avc:  denied  { connectto } for  pid=21899 comm="geoclue" path="/run/pcscd/pcscd.comm" scontext=system_u:system_r:geoclue_t:s0-s0:c0.c1023 tcontext=system_u:system_r:pcscd_t:s0 tclass=unix_stream_socket
type=AVC msg=audit(1407178820.114:438): avc:  denied  { write } for  pid=21899 comm="geoclue" name="pcscd.comm" dev="tmpfs" ino=17256 scontext=system_u:system_r:geoclue_t:s0-s0:c0.c1023 tcontext=system_u:object_r:pcscd_var_run_t:s0 tclass=sock_file

Comment 14 Moez Roy 2014-08-14 18:42:37 UTC

*** Bug 1114607 has been marked as a duplicate of this bug. ***

Comment 15 Fedora End Of Life 2015-05-29 12:04:59 UTC

This message is a reminder that Fedora 20 is nearing its end of life.
Approximately 4 (four) weeks from now Fedora will stop maintaining
and issuing updates for Fedora 20. It is Fedora's policy to close all
bug reports from releases that are no longer maintained. At that time
this bug will be closed as EOL if it remains open with a Fedora  'version'
of '20'.

Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained version, simply change the 'version' 
to a later Fedora version.

Thank you for reporting this issue and we are sorry that we were not 
able to fix it before Fedora 20 is end of life. If you would still like 
to see this bug fixed and are able to reproduce it against a later version 
of Fedora, you are encouraged  change the 'version' to a later Fedora 
version prior this bug is closed as described in the policy above.

Although we aim to fix as many bugs as possible during every release's 
lifetime, sometimes those efforts are overtaken by events. Often a 
more recent Fedora release includes newer upstream software that fixes 
bugs or makes them obsolete.

Comment 16 Fedora End Of Life 2015-06-29 21:03:35 UTC

Fedora 20 changed to end-of-life (EOL) status on 2015-06-23. Fedora 20 is
no longer maintained, which means that it will not receive any further
security or bug fix updates. As a result we are closing this bug.

If you can reproduce this bug against a currently maintained version of
Fedora please feel free to reopen this bug against that version. If you
are unable to reopen this bug, please file a new report against the
current release. If you experience problems, please add a comment to this
bug.

Thank you for reporting this bug and we are sorry it could not be fixed.

Note You need to log in before you can comment on or make changes to this bug.