Description of problem: I am attempting to get sensord.service running properly. SELinux is preventing /usr/sbin/sensord from using the 'signal' accesses on a process. ***** Plugin catchall (100. confidence) suggests *************************** If you believe that sensord should be allowed signal access on processes labeled sensord_t by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # grep sensord /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context system_u:system_r:sensord_t:s0 Target Context system_u:system_r:sensord_t:s0 Target Objects [ process ] Source sensord Source Path /usr/sbin/sensord Port <Unknown> Host (removed) Source RPM Packages lm_sensors-sensord-3.3.3-3.fc19.i686 Target RPM Packages Policy RPM selinux-policy-3.12.1-74.26.fc19.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 3.14.8-100.fc19.i686.PAE #1 SMP Mon Jun 16 22:06:57 UTC 2014 i686 i686 Alert Count 1 First Seen 2014-07-24 15:04:50 PDT Last Seen 2014-07-24 15:04:50 PDT Local ID 96a907a6-c922-469f-b376-c29de2474053 Raw Audit Messages type=AVC msg=audit(1406239490.804:2399): avc: denied { signal } for pid=22840 comm="sensord" scontext=system_u:system_r:sensord_t:s0 tcontext=system_u:system_r:sensord_t:s0 tclass=process type=SYSCALL msg=audit(1406239490.804:2399): arch=i386 syscall=tgkill success=no exit=EACCES a0=5938 a1=5938 a2=22 a3=2 items=0 ppid=1 pid=22840 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=sensord exe=/usr/sbin/sensord subj=system_u:system_r:sensord_t:s0 key=(null) Hash: sensord,sensord_t,sensord_t,process,signal I have created the policy because it seems reasonable that sensord should have this kind of access. Additional info: reporter: libreport-2.2.2 hashmarkername: setroubleshoot kernel: 3.14.8-100.fc19.i686.PAE type: libreport
Hi Joe, Do you know when this happen? What exactly you did?
I don't see a reason to block it. commit ac7c746e59b5852dccaf30741f869b4eb295a36f Author: Miroslav Grepl <mgrepl> Date: Fri Jul 25 11:40:13 2014 +0200 Allow sensord to send a signal. https://github.com/selinux-policy/selinux-policy/commit/ac7c746e59b5852dccaf30741f869b4eb295a36f Lukas, could you back port it.
I've had a few spontaneous reboots, and I'm hoping that if they're hardware related they'll leave a trail in /var/log/messages, so I installed lm_sensors and sensord. I got this SELinux alert, then another one that I've also reported. Frankly, I'm astonished that it wasn't reported sooner.
[f19-contrib f1f597d] Allow sensord to send a signal. Author: Miroslav Grepl <mgrepl> 1 file changed, 2 insertions(+) https://github.com/selinux-policy/selinux-policy/commit/f1f597d42e113b2920523604a9b32209af0ad3c3 Back ported.
selinux-policy-3.12.1-74.29.fc19 has been submitted as an update for Fedora 19. https://admin.fedoraproject.org/updates/selinux-policy-3.12.1-74.29.fc19
Package selinux-policy-3.12.1-74.29.fc19: * should fix your issue, * was pushed to the Fedora 19 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing selinux-policy-3.12.1-74.29.fc19' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2014-9432/selinux-policy-3.12.1-74.29.fc19 then log in and leave karma (feedback).
selinux-policy-3.12.1-74.30.fc19 has been submitted as an update for Fedora 19. https://admin.fedoraproject.org/updates/selinux-policy-3.12.1-74.30.fc19
selinux-policy-3.12.1-74.30.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report.