Bug 1121317 - SELinux is preventing /usr/lib/systemd/systemd-logind from 'destroy' accesses on the semaphore Unknown.
Summary: SELinux is preventing /usr/lib/systemd/systemd-logind from 'destroy' accesses...
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy
Version: 21
Hardware: x86_64
OS: Unspecified
Target Milestone: ---
Assignee: Miroslav Grepl
QA Contact: Fedora Extras Quality Assurance
Whiteboard: abrt_hash:29ec83082254097a9fa8699bd6c...
Depends On:
TreeView+ depends on / blocked
Reported: 2014-07-19 04:24 UTC by Jared Smith
Modified: 2014-12-18 06:04 UTC (History)
9 users (show)

Fixed In Version: selinux-policy-3.13.1-103.fc21
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2014-12-18 06:04:39 UTC

Attachments (Terms of Use)

Description Jared Smith 2014-07-19 04:24:06 UTC
Description of problem:
SELinux is preventing /usr/lib/systemd/systemd-logind from 'destroy' accesses on the semaphore Unknown.

*****  Plugin catchall (100. confidence) suggests   **************************

If you believe that systemd-logind should be allowed destroy access on the Unknown sem by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
allow this access for now by executing:
# grep systemd-logind /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp

Additional Information:
Source Context                system_u:system_r:systemd_logind_t:s0
Target Context                unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c
Target Objects                Unknown [ sem ]
Source                        systemd-logind
Source Path                   /usr/lib/systemd/systemd-logind
Port                          <Unknown>
Host                          (removed)
Source RPM Packages           systemd-215-3.fc21.x86_64
Target RPM Packages           
Policy RPM                    selinux-policy-3.13.1-64.fc21.noarch
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Enforcing
Host Name                     (removed)
Platform                      Linux (removed) 3.16.0-0.rc4.git3.1.fc21.x86_64 #1
                              SMP Fri Jul 11 17:13:44 UTC 2014 x86_64 x86_64
Alert Count                   1
First Seen                    2014-07-17 18:17:54 PDT
Last Seen                     2014-07-17 18:17:54 PDT
Local ID                      201e0d7d-a6a7-425b-a302-e0d1e68c9612

Raw Audit Messages
type=AVC msg=audit(1405646274.916:1608): avc:  denied  { destroy } for  pid=915 comm="systemd-logind" key=1881097292  scontext=system_u:system_r:systemd_logind_t:s0 tcontext=unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c0.c1023 tclass=sem permissive=0

type=SYSCALL msg=audit(1405646274.916:1608): arch=x86_64 syscall=semctl success=no exit=EACCES a0=c800d a1=0 a2=0 a3=7fffd60d91f0 items=0 ppid=1 pid=915 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=systemd-logind exe=/usr/lib/systemd/systemd-logind subj=system_u:system_r:systemd_logind_t:s0 key=(null)

Hash: systemd-logind,systemd_logind_t,mozilla_plugin_t,sem,destroy

Version-Release number of selected component:

Additional info:
reporter:       libreport-2.2.3
hashmarkername: setroubleshoot
kernel:         3.16.0-0.rc4.git3.1.fc21.x86_64
type:           libreport

Potential duplicate: bug 1116520

Comment 1 Miroslav Grepl 2014-07-21 09:56:31 UTC
Do you know what you were doing when this happened?

Comment 2 Daniel Walsh 2014-08-06 22:52:15 UTC
Does this happen at loginout?  Killing a session?

Comment 3 Jared Smith 2014-08-07 07:29:16 UTC
Yes, this was happening during login if I remember correctly.  Luckily, I haven't seen it happen in a week or two.  (That being said, I don't log in/out very often.)

Comment 4 Daniel Walsh 2014-08-18 13:08:47 UTC
I guess systemd-logind is killing all sessions and perhaps cleaning up semaphores.

Comment 5 Vedran Miletić 2014-09-21 14:34:00 UTC
Description of problem:
Upon upgrading from F20 to F21, with DNF, screen got locked by GNOME. But after logind got upgraded I couldn't login back to my existing session.

Version-Release number of selected component:

Additional info:
reporter:       libreport-2.2.3
hashmarkername: setroubleshoot
kernel:         3.16.1-301.fc21.i686
type:           libreport

Comment 6 Daniel Walsh 2014-10-27 22:50:26 UTC
a5bfe7725accc5c7e0de532c7470414027944494 in git allows systemd_logind to destroy all semaphores.

Comment 7 Lukas Vrabec 2014-10-29 09:06:10 UTC
$ git push

Comment 8 arturpolak1 2014-10-30 20:52:39 UTC
Description of problem:
I installed some packages...

Version-Release number of selected component:

Additional info:
reporter:       libreport-2.3.0
hashmarkername: setroubleshoot
kernel:         3.17.1-304.fc21.i686
type:           libreport

Comment 9 Lukas Vrabec 2014-12-11 17:03:39 UTC
commit edf0a87846d574dee9549f7e7208542179091e95
Author: Dan Walsh <dwalsh@redhat.com>
Date:   Mon Oct 27 18:49:33 2014 -0400

    When systemd_logind kills sessions it also destroys semaphores

Comment 10 Fedora Update System 2014-12-15 13:04:40 UTC
selinux-policy-3.13.1-103.fc21 has been submitted as an update for Fedora 21.

Comment 11 Fedora Update System 2014-12-17 04:40:25 UTC
Package selinux-policy-3.13.1-103.fc21:
* should fix your issue,
* was pushed to the Fedora 21 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing selinux-policy-3.13.1-103.fc21'
as soon as you are able to.
Please go to the following url:
then log in and leave karma (feedback).

Comment 12 Fedora Update System 2014-12-18 06:04:39 UTC
selinux-policy-3.13.1-103.fc21 has been pushed to the Fedora 21 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.