Description of problem: Logging into Bugzilla at https://bugzilla.redhat.com Invalid password or login. SELinux is preventing /usr/sbin/sstpc from 'block_suspend' accesses on the capability2 . ***** Plugin catchall (100. confidence) suggests ************************** If you believe that sstpc should be allowed block_suspend access on the capability2 by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # grep sstpc /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context system_u:system_r:pppd_t:s0 Target Context system_u:system_r:pppd_t:s0 Target Objects [ capability2 ] Source sstpc Source Path /usr/sbin/sstpc Port <Unknown> Host (removed) Source RPM Packages sstp-client-1.0.9-4.fc20.x86_64 Target RPM Packages Policy RPM selinux-policy-3.12.1-182.fc20.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 3.15.10-201.fc20.x86_64 #1 SMP Wed Aug 27 21:10:06 UTC 2014 x86_64 x86_64 Alert Count 1546 First Seen 2014-08-29 11:08:25 CEST Last Seen 2014-09-03 00:13:36 CEST Local ID b70a7a1e-ae4f-48bf-8d7e-a5d8052831af Raw Audit Messages type=AVC msg=audit(1409696016.592:2277): avc: denied { block_suspend } for pid=17470 comm="sstpc" capability=36 scontext=system_u:system_r:pppd_t:s0 tcontext=system_u:system_r:pppd_t:s0 tclass=capability2 type=SYSCALL msg=audit(1409696016.592:2277): arch=x86_64 syscall=epoll_ctl success=yes exit=0 a0=4 a1=2 a2=8 a3=7fff4233fb10 items=0 ppid=17468 pid=17470 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=sstpc exe=/usr/sbin/sstpc subj=system_u:system_r:pppd_t:s0 key=(null) Hash: sstpc,pppd_t,pppd_t,capability2,block_suspend Additional info: reporter: libreport-2.2.3 hashmarkername: setroubleshoot kernel: 3.15.10-201.fc20.x86_64 type: libreport
cd296f74bf6bc049f1fe653d421f006262619037 dontaudits this in git, this is a kernel bug. https://patchwork.kernel.org/patch/4745311/
*** Bug 857628 has been marked as a duplicate of this bug. ***
commit 495d04264aefab08780d924acf6a5af72f1d9d75 Author: Dan Walsh <dwalsh> Date: Wed Sep 3 05:40:28 2014 -0400 Kernel is reporting random block_suspends, we should dontaudit these until the kernel is fixed in Rawhide https://github.com/selinux-policy/selinux-policy/commit/495d04264aefab08780d924acf6a5af72f1d9d75
(In reply to Daniel Walsh from comment #1) > cd296f74bf6bc049f1fe653d421f006262619037 dontaudits this in git, this is a > kernel bug. > > https://patchwork.kernel.org/patch/4745311/ Al, have you had a chance to review this patch? Seems to fix the issue, but I don't see it queued in your tree or Linus'.
This is fixed in the 3.17 and 3.16.y kernels.