Description of problem: Fresh install, problem with confined users perhpas SELinux is preventing /usr/libexec/kde4/polkit-kde-authentication-agent-1 from 'write' accesses on the directory /home/bodhi. ***** Plugin catchall (100. confidence) suggests ************************** If you believe that polkit-kde-authentication-agent-1 should be allowed write access on the bodhi directory by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # grep polkit-kde-auth /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context staff_u:staff_r:policykit_auth_t:s0 Target Context staff_u:object_r:user_home_dir_t:s0 Target Objects /home/bodhi [ dir ] Source polkit-kde-auth Source Path /usr/libexec/kde4/polkit-kde-authentication- agent-1 Port <Unknown> Host (removed) Source RPM Packages polkit-kde-0.99.1-4.20130311git.fc21.x86_64 Target RPM Packages Policy RPM selinux-policy-3.13.1-85.fc21.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 3.17.1-302.fc21.x86_64 #1 SMP Fri Oct 17 20:05:46 UTC 2014 x86_64 x86_64 Alert Count 2 First Seen 2014-10-26 11:47:01 MDT Last Seen 2014-10-26 11:47:01 MDT Local ID e022714b-7933-4ded-8506-9b508223c5df Raw Audit Messages type=AVC msg=audit(1414345621.533:404): avc: denied { write } for pid=1796 comm="polkit-kde-auth" name="bodhi" dev="dm-3" ino=7077889 scontext=staff_u:staff_r:policykit_auth_t:s0 tcontext=staff_u:object_r:user_home_dir_t:s0 tclass=dir permissive=0 type=SYSCALL msg=audit(1414345621.533:404): arch=x86_64 syscall=access success=no exit=EACCES a0=c5db08 a1=2 a2=200 a3=4 items=0 ppid=1781 pid=1796 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=(none) ses=1 comm=polkit-kde-auth exe=/usr/libexec/kde4/polkit-kde-authentication-agent-1 subj=staff_u:staff_r:policykit_auth_t:s0 key=(null) Hash: polkit-kde-auth,policykit_auth_t,user_home_dir_t,dir,write Version-Release number of selected component: selinux-policy-3.13.1-85.fc21.noarch Additional info: reporter: libreport-2.3.0 hashmarkername: setroubleshoot kernel: 3.17.1-302.fc21.x86_64 type: libreport
This is just access check.
commit 2e4c4c79692ff74fa6005aa87ca67a2d65e04f78 Author: Lukas Vrabec <lvrabec> Date: Fri Nov 7 22:33:39 2014 +0100 Dontaudit policykit_auth_t to write to user home dirs. BZ (1157256)
(In reply to Lukas Vrabec from comment #2) > commit 2e4c4c79692ff74fa6005aa87ca67a2d65e04f78 > Author: Lukas Vrabec <lvrabec> > Date: Fri Nov 7 22:33:39 2014 +0100 > > Dontaudit policykit_auth_t to write to user home dirs. BZ (1157256) Lukas, you want to dontaudit audit_acess. syscall=access
commit 65537985563f209294b7e1edc2a82b91d130d67b Author: Lukas Vrabec <lvrabec> Date: Mon Nov 10 11:34:33 2014 +0100 Dontaudit policykit_auth_t to access to user home dirs. BZ (1157256)
selinux-policy-3.13.1-99.fc21 has been submitted as an update for Fedora 21. https://admin.fedoraproject.org/updates/selinux-policy-3.13.1-99.fc21
selinux-policy-3.13.1-99.fc21 has been pushed to the Fedora 21 stable repository. If problems still persist, please make note of it in this bug report.