Fedora Account System
Red Hat Associate
Red Hat Customer
Description of problem: Build blueman from git and started blueman-applet afterwards SELinux is preventing /usr/bin/python2.7 from using the 'dac_override' capabilities. ***** Plugin dac_override (91.4 confidence) suggests ********************** If sie überprüfen wollen, ob Domäne diesen Zugriff benötigt oder Sie eine Datei mit den falschen Berechtigungen auf Ihrem System haben Then aktivieren Sie die vollständige Audit-Funktion, um die Pfad-Information der problematischen Datei zu erhalten. Dann reproduzieren Sie den Fehler erneut. Do Volle Audit-Funktion aktivieren # auditctl -w /etc/shadow -p w Versuchen Sie AVC zu reproduzieren. Führen Sie dann folgendes aus # ausearch -m avc -ts recent Falls PATH record ersichtlich ist, überprüfen Sie Eigentümer/ Berechtigungen der Datei und korrigieren Sie dies, anderenfalls melden Sie dies an Bugzilla. ***** Plugin catchall (9.59 confidence) suggests ************************** If sie denken, dass python2.7 standardmäßig dac_override Berechtigung haben sollten. Then sie sollten dies als Fehler melden. Um diesen Zugriff zu erlauben, können Sie ein lokales Richtlinien-Modul erstellen. Do zugriff jetzt erlauben, indem Sie die nachfolgenden Befehle ausführen: # grep python /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context system_u:system_r:blueman_t:s0-s0:c0.c1023 Target Context system_u:system_r:blueman_t:s0-s0:c0.c1023 Target Objects Unknown [ capability ] Source python Source Path /usr/bin/python2.7 Port <Unknown> Host (removed) Source RPM Packages python-2.7.8-7.fc21.x86_64 Target RPM Packages Policy RPM selinux-policy-3.13.1-105.3.fc21.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 3.18.7-200.fc21.x86_64 #1 SMP Wed Feb 11 21:53:17 UTC 2015 x86_64 x86_64 Alert Count 1 First Seen 2015-03-04 07:40:27 CET Last Seen 2015-03-04 07:40:27 CET Local ID 20531542-3759-454d-aa55-849a577fc1ed Raw Audit Messages type=AVC msg=audit(1425451227.461:498): avc: denied { dac_override } for pid=2133 comm="python" capability=1 scontext=system_u:system_r:blueman_t:s0-s0:c0.c1023 tcontext=system_u:system_r:blueman_t:s0-s0:c0.c1023 tclass=capability permissive=0 type=SYSCALL msg=audit(1425451227.461:498): arch=x86_64 syscall=access success=no exit=EACCES a0=7fff23c8aa67 a1=2 a2=0 a3=7fff23c8a021 items=0 ppid=2132 pid=2133 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=python exe=/usr/bin/python2.7 subj=system_u:system_r:blueman_t:s0-s0:c0.c1023 key=(null) Hash: python,blueman_t,blueman_t,capability,dac_override Version-Release number of selected component: selinux-policy-3.13.1-105.3.fc21.noarch Additional info: reporter: libreport-2.3.0 hashmarkername: setroubleshoot kernel: 3.18.7-200.fc21.x86_64 type: libreport
Volle Audit-Funktion aktivieren # auditctl -w /etc/shadow -p w Versuchen Sie AVC zu reproduzieren. Führen Sie dann folgendes aus # ausearch -m avc -ts recent Falls PATH record ersichtlich ist, überprüfen Sie Eigentümer/ Berechtigungen der Datei und korrigieren Sie dies, anderenfalls melden Sie dies an Bugzilla.
I recently updated my system to Fedora 22 and the problem is no longer reproduceable there. So it seems to be fixed in fc22
Description of problem: Using the blueman-applet from https://admin.fedoraproject.org/updates/blueman-2.0-5.fc21. Version-Release number of selected component: selinux-policy-3.13.1-105.6.fc21.noarch Additional info: reporter: libreport-2.3.0 hashmarkername: setroubleshoot kernel: 3.19.1-201.fc21.x86_64 type: libreport
Description of problem: starting blueman configuration gui but bluez daemon wasn't active Version-Release number of selected component: selinux-policy-3.13.1-105.13.fc21.noarch Additional info: reporter: libreport-2.3.0 hashmarkername: setroubleshoot kernel: 3.19.5-200.fc21.i686 type: libreport
Description of problem: blueman installed and started. immediately this and 3 other problems reported by selinux alert browser Version-Release number of selected component: selinux-policy-3.13.1-105.13.fc21.noarch Additional info: reporter: libreport-2.3.0 hashmarkername: setroubleshoot kernel: 4.0.4-202.fc21.x86_64 type: libreport
Description of problem: SELinux is preventing python from using the dac_override capability. Plugin: catchall you want to allow python to have dac_override access on the Unknown capabilitySe Si pensa che python dovrebbe avere funzionalità dac_override in modo predefinito. Si dovrebbe riportare il problema come bug. E' possibile generare un modulo di politica locale per consentire questo accesso. Consentire questo accesso per il momento eseguendo: # grep python /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Version-Release number of selected component: selinux-policy-3.13.1-105.13.fc21.noarch Additional info: reporter: libreport-2.3.0 hashmarkername: setroubleshoot kernel: 4.0.4-202.fc21.i686 type: libreport
Description of problem: It happens every time I restart. Version-Release number of selected component: selinux-policy-3.13.1-105.13.fc21.noarch Additional info: reporter: libreport-2.3.0 hashmarkername: setroubleshoot kernel: 4.0.6-200.fc21.i686 type: libreport
Description of problem: This issue started with an error message that I got after I installed: - wayland - weston and - cinnamon-desktop logged out and then logged in again with: - gnome on wayland What happened was: - these error messages - unable to use my admin-user password in the GUI package-installer - BUT was able to use yum in the terminal with the same admin-user password - some crazy stuff, suddenly being logged out Version-Release number of selected component: selinux-policy-3.13.1-105.19.fc21.noarch Additional info: reporter: libreport-2.3.0 hashmarkername: setroubleshoot kernel: 4.1.4-100.fc21.x86_64 type: libreport
Hi, Please, turn on full auditing: # echo "-w /etc/shadow -p w" >> /etc/audit/audit.rules # service auditd restart Reproduce this issue and attach AVCs. Thank you.
Description of problem: After login from USB Version-Release number of selected component: selinux-policy-3.13.1-105.20.fc21.noarch Additional info: reporter: libreport-2.3.0 hashmarkername: setroubleshoot kernel: 4.0.4-201.fc21.x86_64 type: libreport
I've had this problem on an HP laptop. After following the steps in Comment 9 I find that these changes to selinux policy fix the problem: module myblueman 1.0; require { type blueman_t; type configfs_t; type blueman_var_run_t; class dir write; class file execute; } #============= blueman_t ============== # https://bugzilla.redhat.com/show_bug.cgi?id=1198448 allow blueman_t blueman_var_run_t:file execute; allow blueman_t configfs_t:dir write;