Description of problem: Running a Docker guest - docker run -d -p 8787:8787 eddelbuettel/debian-rstudio. This puts an HTTP server on localhost:8787. As soon as I browsed to localhost:8787 the error popped up. SELinux is preventing ModemManager from 'connectto' accesses on the unix_stream_socket @qmi-proxy. ***** Plugin catchall_boolean (89.3 confidence) suggests ****************** If you want to allow daemons to enable cluster mode Then you must tell SELinux about this by enabling the 'daemons_enable_cluster_mode' boolean. You can read 'None' man page for more details. Do setsebool -P daemons_enable_cluster_mode 1 ***** Plugin catchall (11.6 confidence) suggests ************************** If you believe that ModemManager should be allowed connectto access on the @qmi-proxy unix_stream_socket by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # grep ModemManager /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context system_u:system_r:modemmanager_t:s0 Target Context system_u:system_r:modemmanager_t:s0 Target Objects @qmi-proxy [ unix_stream_socket ] Source ModemManager Source Path ModemManager Port <Unknown> Host (removed) Source RPM Packages Target RPM Packages Policy RPM selinux-policy-3.13.1-90.fc21.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 3.17.1-302.fc21.x86_64 #1 SMP Fri Oct 17 20:05:46 UTC 2014 x86_64 x86_64 Alert Count 10 First Seen 2014-10-24 23:29:37 PDT Last Seen 2014-10-24 23:29:38 PDT Local ID f18cf2b4-80fd-4a93-afa7-b26d9fd3f326 Raw Audit Messages type=AVC msg=audit(1414218578.99:2006): avc: denied { connectto } for pid=5897 comm="ModemManager" path=00716D692D70726F7879 scontext=system_u:system_r:modemmanager_t:s0 tcontext=system_u:system_r:modemmanager_t:s0 tclass=unix_stream_socket permissive=0 Hash: ModemManager,modemmanager_t,modemmanager_t,unix_stream_socket,connectto Version-Release number of selected component: selinux-policy-3.13.1-90.fc21.noarch Additional info: reporter: libreport-2.3.0 hashmarkername: setroubleshoot kernel: 3.17.1-302.fc21.x86_64 type: libreport
5ba54f3dd852dea537fb6c64fa63af7e2629fb12 fixes this in git.
commit a8bdded9dd75a4e646007ab6f8f017cfed3ba725 Author: Dan Walsh <dwalsh> Date: Sat Oct 25 06:52:23 2014 -0400 Allow modemmanger to connectto itself
selinux-policy-3.13.1-92.fc21 has been submitted as an update for Fedora 21. https://admin.fedoraproject.org/updates/selinux-policy-3.13.1-92.fc21
Package selinux-policy-3.13.1-92.fc21: * should fix your issue, * was pushed to the Fedora 21 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing selinux-policy-3.13.1-92.fc21' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2014-13975/selinux-policy-3.13.1-92.fc21 then log in and leave karma (feedback).
selinux-policy-3.13.1-92.fc21 has been pushed to the Fedora 21 stable repository. If problems still persist, please make note of it in this bug report.