Description of problem: Building blueman from git and starting blueman-applet afterwards SELinux is preventing /usr/bin/python2.7 from 'write' accesses on the directory /home. ***** Plugin catchall (100. confidence) suggests ************************** If sie denken, dass es python2.7 standardmässig erlaubt sein sollte, write Zugriff auf home directory zu erhalten. Then sie sollten dies als Fehler melden. Um diesen Zugriff zu erlauben, können Sie ein lokales Richtlinien-Modul erstellen. Do zugriff jetzt erlauben, indem Sie die nachfolgenden Befehle ausführen: # grep python /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context system_u:system_r:blueman_t:s0-s0:c0.c1023 Target Context system_u:object_r:home_root_t:s0 Target Objects /home [ dir ] Source python Source Path /usr/bin/python2.7 Port <Unknown> Host (removed) Source RPM Packages python-2.7.8-7.fc21.x86_64 Target RPM Packages filesystem-3.2-28.fc21.x86_64 Policy RPM selinux-policy-3.13.1-105.3.fc21.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 3.18.7-200.fc21.x86_64 #1 SMP Wed Feb 11 21:53:17 UTC 2015 x86_64 x86_64 Alert Count 4 First Seen 2015-03-03 18:12:50 CET Last Seen 2015-03-03 18:12:50 CET Local ID 143a9da4-81b1-4b60-b387-406a8575495e Raw Audit Messages type=AVC msg=audit(1425402770.561:729): avc: denied { write } for pid=8456 comm="python" name="/" dev="dm-2" ino=2 scontext=system_u:system_r:blueman_t:s0-s0:c0.c1023 tcontext=system_u:object_r:home_root_t:s0 tclass=dir permissive=0 type=SYSCALL msg=audit(1425402770.561:729): arch=x86_64 syscall=access success=no exit=EACCES a0=7fffd5232fed a1=2 a2=0 a3=0 items=0 ppid=1 pid=8456 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=python exe=/usr/bin/python2.7 subj=system_u:system_r:blueman_t:s0-s0:c0.c1023 key=(null) Hash: python,blueman_t,home_root_t,dir,write Version-Release number of selected component: selinux-policy-3.13.1-105.3.fc21.noarch Additional info: reporter: libreport-2.3.0 hashmarkername: setroubleshoot kernel: 3.18.7-200.fc21.x86_64 type: libreport
Hi, Did you login as root? It's not a good idea. Login as user.
No, I did not login as root. I just build a current git-snapshot of blueman using mock, installed the package and started blueman-applet.
Lukas, I see "access" check. We should dontaudit it.
commit a3ed9e61d5c66f625f31e5929a82ceaac7bc9f90 Author: Lukas Vrabec <lvrabec> Date: Fri Mar 20 14:12:42 2015 +0100 Dontaudit blueman_t write to all mountpoints. BZ(1198272)
selinux-policy-3.13.1-105.9.fc21 has been submitted as an update for Fedora 21. https://admin.fedoraproject.org/updates/selinux-policy-3.13.1-105.9.fc21
Package selinux-policy-3.13.1-105.9.fc21: * should fix your issue, * was pushed to the Fedora 21 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing selinux-policy-3.13.1-105.9.fc21' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2015-4492/selinux-policy-3.13.1-105.9.fc21 then log in and leave karma (feedback).
selinux-policy-3.13.1-105.9.fc21 has been pushed to the Fedora 21 stable repository. If problems still persist, please make note of it in this bug report.