Description of problem: SELinux is preventing /usr/bin/dbus-launch from 'write' accesses on the file /var/lib/sddm/.dbus/session-bus/c5b7de15f3c24e0a9eb37f4427130ae7-0. ***** Plugin catchall_labels (83.8 confidence) suggests ******************* If you want to allow dbus-launch to have write access on the c5b7de15f3c24e0a9eb37f4427130ae7-0 file Then e' necessario modificare l'etichetta su /var/lib/sddm/.dbus/session-bus/c5b7de15f3c24e0a9eb37f4427130ae7-0 Do # semanage fcontext -a -t TIPO_FILE '/var/lib/sddm/.dbus/session-bus/c5b7de15f3c24e0a9eb37f4427130ae7-0' dove TIPO_FILE è uno dei seguenti: abrt_var_cache_t, afs_cache_t, anon_inodefs_t, auth_cache_t, auth_home_t, cache_home_t, cgroup_t, config_home_t, data_home_t, dbus_home_t, etc_runtime_t, faillog_t, fonts_cache_t, gconf_home_t, gkeyringd_gnome_home_t, gkeyringd_tmp_t, gnome_home_t, gstreamer_home_t, icc_data_home_t, initrc_tmp_t, initrc_var_run_t, krb5_host_rcache_t, lastlog_t, locale_t, mozilla_plugin_tmp_t, mozilla_plugin_tmpfs_t, pam_var_console_t, pam_var_run_t, puppet_tmp_t, security_t, sysfs_t, systemd_passwd_var_run_t, user_cron_spool_t, user_fonts_t, user_tmp_t, var_auth_t, wtmp_t, xauth_home_t, xdm_home_t, xdm_lock_t, xdm_log_t, xdm_rw_etc_t, xdm_spool_t, xdm_tmpfs_t, xdm_var_lib_t, xdm_var_run_t, xkb_var_lib_t, xserver_log_t, xserver_tmpfs_t. Quindi eseguire: restorecon -v '/var/lib/sddm/.dbus/session-bus/c5b7de15f3c24e0a9eb37f4427130ae7-0' ***** Plugin catchall (17.1 confidence) suggests ************************** If si crede che dbus-launch dovrebbe avere possibilità di accesso write sui c5b7de15f3c24e0a9eb37f4427130ae7-0 file in modo predefinito. Then si dovrebbe riportare il problema come bug. E' possibile generare un modulo di politica locale per consentire questo accesso. Do consentire questo accesso per il momento eseguendo: # grep dbus-launch /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context system_u:system_r:xdm_t:s0-s0:c0.c1023 Target Context system_u:object_r:var_lib_t:s0 Target Objects /var/lib/sddm/.dbus/session- bus/c5b7de15f3c24e0a9eb37f4427130ae7-0 [ file ] Source dbus-launch Source Path /usr/bin/dbus-launch Port <Unknown> Host (removed) Source RPM Packages dbus-x11-1.8.6-3.fc21.x86_64 Target RPM Packages Policy RPM selinux-policy-3.13.1-99.fc21.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 3.17.6-300.fc21.x86_64 #1 SMP Mon Dec 8 22:29:32 UTC 2014 x86_64 x86_64 Alert Count 5 First Seen 2014-12-13 17:43:31 CET Last Seen 2014-12-17 11:55:37 CET Local ID 06fd5d02-6f35-4c6d-b810-897592dd1f00 Raw Audit Messages type=AVC msg=audit(1418813737.609:333): avc: denied { write } for pid=1222 comm="dbus-launch" name="c5b7de15f3c24e0a9eb37f4427130ae7-0" dev="sda5" ino=2643353 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_lib_t:s0 tclass=file permissive=0 type=SYSCALL msg=audit(1418813737.609:333): arch=x86_64 syscall=open success=no exit=EACCES a0=7fd33b9437b0 a1=241 a2=1b6 a3=241 items=0 ppid=1219 pid=1222 auid=4294967295 uid=980 gid=971 euid=980 suid=980 fsuid=980 egid=971 sgid=971 fsgid=971 tty=(none) ses=4294967295 comm=dbus-launch exe=/usr/bin/dbus-launch subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 key=(null) Hash: dbus-launch,xdm_t,var_lib_t,file,write Version-Release number of selected component: selinux-policy-3.13.1-99.fc21.noarch Additional info: reporter: libreport-2.3.0 hashmarkername: setroubleshoot kernel: 3.17.6-300.fc21.x86_64 type: libreport
4a3ac5c69db733a56710e85e14d686ade7f62560 fixes this in git.
Description of problem: Don't know how this happened, but I believe that dbus should not try to touch this file so it looks to me like a bug in the application ... Version-Release number of selected component: selinux-policy-3.13.1-103.fc21.noarch Additional info: reporter: libreport-2.3.0 hashmarkername: setroubleshoot kernel: 3.17.8-300.fc21.x86_64 type: libreport
ahem, I really don't understand why I got a duplicate - in my case, dbus-launch tried to write /var/lib/sddm/state.conf which I believe is error in dbus-launch and not a thing to be fixed by selinux-policy ... SELinux is preventing /usr/bin/dbus-launch from write access on the file /var/lib/sddm/state.conf. ***** Plugin catchall_labels (83.8 confidence) suggests ******************* If you want to allow dbus-launch to have write access on the state.conf file Then you need to change the label on /var/lib/sddm/state.conf Do # semanage fcontext -a -t FILE_TYPE '/var/lib/sddm/state.conf' where FILE_TYPE is one of the following: abrt_var_cache_t, afs_cache_t, anon_inodefs_t, auth_cache_t, auth_home_t, cache_home_t, cgroup_t, config_home_t, data_home_t, dbus_home_t, etc_runtime_t, faillog_t, fonts_cache_t, gconf_home_t, gkeyringd_gnome_home_t, gkeyringd_tmp_t, gnome_home_t, gstreamer_home_t, icc_data_home_t, initrc_tmp_t, initrc_var_run_t, krb5_host_rcache_t, lastlog_t, locale_t, mnt_t, mozilla_plugin_tmp_t, mozilla_plugin_tmpfs_t, pam_var_console_t, pam_var_run_t, puppet_tmp_t, security_t, sysfs_t, systemd_passwd_var_run_t, tmp_t, user_cron_spool_t, user_fonts_t, user_tmp_t, var_auth_t, wtmp_t, xauth_home_t, xdm_home_t, xdm_lock_t, xdm_log_t, xdm_rw_etc_t, xdm_spool_t, xdm_tmpfs_t, xdm_var_lib_t, xdm_var_run_t, xkb_var_lib_t, xserver_log_t, xserver_tmpfs_t. Then execute: restorecon -v '/var/lib/sddm/state.conf' ***** Plugin catchall (17.1 confidence) suggests ************************** If you believe that dbus-launch should be allowed write access on the state.conf file by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # grep dbus-launch /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context system_u:system_r:xdm_t:s0-s0:c0.c1023 Target Context system_u:object_r:var_lib_t:s0 Target Objects /var/lib/sddm/state.conf [ file ] Source dbus-launch Source Path /usr/bin/dbus-launch Port <Unknown> Host (removed) Source RPM Packages sddm-0.10.0-2.fc21.x86_64 Target RPM Packages Policy RPM selinux-policy-3.13.1-103.fc21.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux kvolny.brq.redhat.com 3.17.8-300.fc21.x86_64 #1 SMP Thu Jan 8 23:32:49 UTC 2015 x86_64 x86_64 Alert Count 6 First Seen 2014-12-24 14:17:08 CET Last Seen 2015-01-15 00:30:01 CET Local ID 8a998df0-6f1f-4d76-82b5-8133eb208914 Raw Audit Messages type=AVC msg=audit(1421278201.806:59): avc: denied { write } for pid=1014 comm="sddm" name="state.conf" dev="dm-0" ino=5373953 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_lib_t:s0 tclass=file permissive=0 type=SYSCALL msg=audit(1421278201.806:59): arch=x86_64 syscall=open success=no exit=EACCES a0=7f838afc9f48 a1=80241 a2=1b6 a3=0 items=0 ppid=1 pid=1014 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=sddm exe=/usr/bin/sddm subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 key=(null) Hash: dbus-launch,xdm_t,var_lib_t,file,write
selinux-policy-3.13.1-105.fc21 has been submitted as an update for Fedora 21. https://admin.fedoraproject.org/updates/selinux-policy-3.13.1-105.fc21
Package selinux-policy-3.13.1-105.fc21: * should fix your issue, * was pushed to the Fedora 21 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing selinux-policy-3.13.1-105.fc21' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2015-1337/selinux-policy-3.13.1-105.fc21 then log in and leave karma (feedback).
selinux-policy-3.13.1-105.fc21 has been pushed to the Fedora 21 stable repository. If problems still persist, please make note of it in this bug report.