Description of problem: I was lauching a wine program through primusrun SELinux is preventing /usr/sbin/bumblebeed from 'write' accesses on the file bbswitch. ***** Plugin catchall (100. confidence) suggests ************************** If you believe that bumblebeed should be allowed write access on the bbswitch file by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # grep bumblebeed /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context system_u:system_r:bumblebee_t:s0 Target Context system_u:object_r:proc_t:s0 Target Objects bbswitch [ file ] Source bumblebeed Source Path /usr/sbin/bumblebeed Port <Unknown> Host (removed) Source RPM Packages Target RPM Packages Policy RPM selinux-policy-3.13.1-82.fc21.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 3.16.3-302.fc21.x86_64 #1 SMP Fri Sep 26 14:27:20 UTC 2014 x86_64 x86_64 Alert Count 2 First Seen 2014-09-27 18:30:41 CDT Last Seen 2014-09-27 20:01:35 CDT Local ID bba58b52-ceb4-4aa2-898a-9a5a2a102b72 Raw Audit Messages type=AVC msg=audit(1411866095.723:439): avc: denied { write } for pid=900 comm="bumblebeed" name="bbswitch" dev="proc" ino=4026532316 scontext=system_u:system_r:bumblebee_t:s0 tcontext=system_u:object_r:proc_t:s0 tclass=file permissive=0 Hash: bumblebeed,bumblebee_t,proc_t,file,write Version-Release number of selected component: selinux-policy-3.13.1-82.fc21.noarch Additional info: reporter: libreport-2.2.3 hashmarkername: setroubleshoot kernel: 3.16.3-302.fc21.x86_64 type: libreport Potential duplicate: bug 1039336
We have also this issue in F20. Did you seen just this alert or it's broken something? Did anyone know why bumblebee needs write to proc_t ?
https://github.com/Bumblebee-Project/bbswitch We don't want to allow bumblebee to generic proc_t.
It seems to function just fine - but I figured it shouldn't be firing off a selinux alert one way or the other.
commit fc647e471e1cbd5902dd5078f580dedff33f8403 Author: Lukas Vrabec <lvrabec> Date: Tue Oct 21 16:11:17 2014 +0200 Dontaudit bumblebee can write to proc_t files. BZ (1147184)
selinux-policy-3.13.1-88.fc21 has been submitted as an update for Fedora 21. https://admin.fedoraproject.org/updates/selinux-policy-3.13.1-88.fc21
Package selinux-policy-3.13.1-88.fc21: * should fix your issue, * was pushed to the Fedora 21 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing selinux-policy-3.13.1-88.fc21' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2014-13454/selinux-policy-3.13.1-88.fc21 then log in and leave karma (feedback).
Package selinux-policy-3.13.1-90.fc21: * should fix your issue, * was pushed to the Fedora 21 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing selinux-policy-3.13.1-90.fc21' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2014-13454/selinux-policy-3.13.1-90.fc21 then log in and leave karma (feedback).
selinux-policy-3.13.1-90.fc21 has been pushed to the Fedora 21 stable repository. If problems still persist, please make note of it in this bug report.