Description of problem: SELinux is preventing systemd-logind from 'getattr' accesses on the file /dev/shm/lttng-ust-wait-5. ***** Plugin catchall (100. confidence) suggests ************************** If cree que de manera predeterminada, systemd-logind debería permitir acceso getattr sobre lttng-ust-wait-5 file. Then debería reportar esto como un error. Puede generar un módulo de política local para permitir este acceso. Do permita el acceso momentáneamente executando: # grep systemd-logind /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context system_u:system_r:systemd_logind_t:s0 Target Context system_u:object_r:tmpfs_t:s0 Target Objects /dev/shm/lttng-ust-wait-5 [ file ] Source systemd-logind Source Path systemd-logind Port <Unknown> Host (removed) Source RPM Packages Target RPM Packages Policy RPM selinux-policy-3.13.1-126.fc22.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 4.0.3-300.fc22.x86_64 #1 SMP Wed May 13 18:43:52 UTC 2015 x86_64 x86_64 Alert Count 1 First Seen 2015-05-15 23:10:48 CEST Last Seen 2015-05-15 23:10:48 CEST Local ID 36203268-1b83-4e79-8efb-b239120ffb5e Raw Audit Messages type=AVC msg=audit(1431724248.950:1003): avc: denied { getattr } for pid=768 comm="systemd-logind" path="/dev/shm/lttng-ust-wait-5" dev="tmpfs" ino=25832 scontext=system_u:system_r:systemd_logind_t:s0 tcontext=system_u:object_r:tmpfs_t:s0 tclass=file permissive=0 Hash: systemd-logind,systemd_logind_t,tmpfs_t,file,getattr Version-Release number of selected component: selinux-policy-3.13.1-126.fc22.noarch Additional info: reporter: libreport-2.5.1 hashmarkername: setroubleshoot kernel: 4.0.3-300.fc22.x86_64 type: libreport Potential duplicate: bug 1190461
Did you setup lttng?
I don't know what that thing is. It's probably related to #1221945, which I'm also experiencing while using virtual machines.
Yes I see it now what's going on here. We need to add SELinux support for lttng-sessiond which creates -rw-rw-r--. 1 root root system_u:object_r:tmpfs_t:s0 4096 May 18 11:44 lttng-ust-wait-5
Description of problem: F22 installation, created a new user, happened shortly after logging in. Version-Release number of selected component: selinux-policy-3.13.1-126.fc22.noarch Additional info: reporter: libreport-2.5.1 hashmarkername: setroubleshoot kernel: 4.0.3-300.fc22.x86_64 type: libreport
Description of problem: ssh from the virtual machine to host Version-Release number of selected component: selinux-policy-3.13.1-126.fc22.noarch Additional info: reporter: libreport-2.5.1 hashmarkername: setroubleshoot kernel: 4.0.4-301.fc22.x86_64 type: libreport
*** This bug has been marked as a duplicate of bug 1278662 ***
Description of problem: gnome-session breaks whenever I attempt to log out. I think it's triggered by SELinux breaking logind. * If an application (say, gedit with any unsaved text) has an inhibitor, nothing will happen after selecting log out. About a minute later, some timeout will expire and I will then get logged out. * If no session inhibitor exists, logout works immediately. After that, it's no longer possible to log in, because gdm doesn't have permission to open /dev/tty2. I figure gnome-session was probably supposed to release something, but didn't get around to it, because it broke. There's definitely a gnome-session bug here: Dec 27 13:06:08 victory-road gnome-session[2206]: gnome-session-binary[2206]: GLib-GObject-CRITICAL: g_object_unref: assertion 'G_IS_OBJECT (object)' failed Dec 27 13:06:08 victory-road gnome-session[2206]: gnome-session-binary[2206]: GLib-GObject-CRITICAL: g_object_unref: assertion 'G_IS_OBJECT (object)' failed Dec 27 13:06:08 victory-road gnome-session-binary[2206]: GLib-GObject-CRITICAL: g_object_unref: assertion 'G_IS_OBJECT (object)' failed Dec 27 13:06:08 victory-road gnome-session-binary[2206]: GLib-GObject-CRITICAL: g_object_unref: assertion 'G_IS_OBJECT (object)' failed Dec 27 13:06:08 victory-road gnome-session-binary[2206]: GLib-GObject-CRITICAL: g_object_unref: assertion 'G_IS_OBJECT (object)' failed Dec 27 13:06:08 victory-road gnome-session-binary[2206]: GLib-GObject-CRITICAL: g_object_unref: assertion 'G_IS_OBJECT (object)' failed Dec 27 13:06:08 victory-road gnome-session[2206]: gnome-session-binary[2206]: GLib-GObject-CRITICAL: g_object_unref: assertion 'G_IS_OBJECT (object)' failed Dec 27 13:06:08 victory-road gnome-session[2206]: gnome-session-binary[2206]: GLib-GObject-CRITICAL: g_object_unref: assertion 'G_IS_OBJECT (object)' failed Dec 27 13:06:11 victory-road gnome-session-binary[2206]: Entering running state Unfortunately, when I turn on fatal-criticals, the backtrace is mostly useless: Dec 27 17:14:52 victory-road systemd-coredump[2983]: Process 2219 (gnome-session-b) of user 1000 dumped core. Stack trace of thread 2219: #0 0x00007fa1c6f8e81b _g_log_abort (libglib-2.0.so.0) #1 0x00007fa1c6f8e98f g_log (libglib-2.0.so.0) #2 0x00007fa1c6f84938 g_source_callback_unref (libglib-2.0.so.0) #3 0x00007fa1c6f860f6 g_source_destroy_internal (libglib-2.0.so.0) #4 0x00007fa1c6f87ed0 g_main_dispatch (libglib-2.0.so.0) #5 0x00007fa1c6f881d0 g_main_context_iterate (libglib-2.0.so.0) #6 0x00007fa1c6f884f2 g_main_loop_run (libglib-2.0.so.0) #7 0x000055c797ec673b main (gnome-session-binary) #8 0x00007fa1c6b9d580 __libc_start_main (libc.so.6) #9 0x000055c797ec6ab9 _start (gnome-session-binary) But this is an SELinux bug report, so let's not worry more about gnome-session here, but rather the SELinux bug that I suspect is exposing the gnome-session bug. Here's what I see in my journal when logging out, which is clearly an SELinux-related issue: Dec 27 17:14:50 victory-road systemd-logind[1052]: Removed session 1. Dec 27 17:14:50 victory-road systemd[1]: Stopping User Manager for UID 1000... Dec 27 17:14:50 victory-road audit[1]: USER_AVC pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='Unknown permission stop for class system exe="/usr/lib/systemd/systemd" sauid=0 ho Dec 27 17:14:50 victory-road audit[1]: USER_AVC pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='Unknown permission stop for class system exe="/usr/lib/systemd/systemd" sauid=0 ho Dec 27 17:14:50 victory-road systemd[2010]: Stopped target Default. Dec 27 17:14:50 victory-road systemd[2010]: Stopping Default. Dec 27 17:14:50 victory-road systemd[2010]: Stopped target Basic System. Dec 27 17:14:50 victory-road systemd[2010]: Stopping Basic System. Dec 27 17:14:50 victory-road systemd[2010]: Stopped target Sockets. Dec 27 17:14:50 victory-road systemd[2010]: Stopping Sockets. Dec 27 17:14:50 victory-road systemd[2010]: Stopped target Paths. Dec 27 17:14:50 victory-road systemd[2010]: Stopping Paths. Dec 27 17:14:50 victory-road systemd[2010]: Reached target Shutdown. Dec 27 17:14:50 victory-road systemd[2010]: Starting Shutdown. Dec 27 17:14:50 victory-road systemd[2010]: Starting Exit the Session... Dec 27 17:14:50 victory-road systemd[2010]: Stopped target Timers. Dec 27 17:14:50 victory-road systemd[2010]: Stopping Timers. Dec 27 17:14:50 victory-road systemd[2010]: Received SIGRTMIN+24 from PID 3075 (kill). Dec 27 17:14:50 victory-road systemd[2015]: pam_unix(systemd-user:session): session closed for user mcatanzaro Dec 27 17:14:50 victory-road systemd[1]: Stopped User Manager for UID 1000. Dec 27 17:14:50 victory-road audit[1]: SERVICE_STOP pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=user@1000 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? Dec 27 17:14:50 victory-road systemd[1]: Removed slice user-1000.slice. Dec 27 17:14:50 victory-road audit[1052]: AVC avc: denied { getattr } for pid=1052 comm="systemd-logind" path="/dev/shm/lldpad.state" dev="tmpfs" ino=15450 scontext=system_u:system_r:systemd_logind_t:s0 tcont Dec 27 17:14:50 victory-road systemd[1]: Stopping user-1000.slice. Dec 27 17:14:50 victory-road systemd-logind[1052]: Failed to stat() POSIX shared memory segment lldpad.state: Permission denied Version-Release number of selected component: selinux-policy-3.13.1-158.fc23.noarch Additional info: reporter: libreport-2.6.3 hashmarkername: setroubleshoot kernel: 4.2.8-300.fc23.x86_64 type: libreport
Description of problem: It happens whenever I try to log in just after logging out from my own or any other user's graphical session. Version-Release number of selected component: selinux-policy-3.13.1-158.fc23.noarch Additional info: reporter: libreport-2.6.3 hashmarkername: setroubleshoot kernel: 4.2.8-300.fc23.x86_64 type: libreport
Description of problem: tried to auto-relabel with touch /.relabel Version-Release number of selected component: selinux-policy-3.13.1-158.2.fc23.noarch Additional info: reporter: libreport-2.6.4 hashmarkername: setroubleshoot kernel: 4.3.4-300.fc23.x86_64 type: libreport
*** Bug 1305984 has been marked as a duplicate of this bug. ***
*** Bug 1306993 has been marked as a duplicate of this bug. ***
Added to rawhide. https://github.com/fedora-selinux/selinux-policy/commit/153cf86f9212cf84950b7ab502dc3738a8d25198
selinux-policy-3.13.1-158.9.fc23 has been submitted as an update to Fedora 23. https://bodhi.fedoraproject.org/updates/FEDORA-2016-ffbae3a870
selinux-policy-3.13.1-158.9.fc23 has been pushed to the Fedora 23 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-ffbae3a870
*** Bug 1312658 has been marked as a duplicate of this bug. ***
Description of problem: this happened after a reboot with no user intervention. Version-Release number of selected component: selinux-policy-3.13.1-158.4.fc23.noarch Additional info: reporter: libreport-2.6.4 hashmarkername: setroubleshoot kernel: 4.4.2-301.fc23.x86_64 type: libreport
selinux-policy-3.13.1-158.9.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.
Description of problem: /dev/shm/lldpad.state is bad labeled on each boot Version-Release number of selected component: selinux-policy-3.13.1-158.14.fc23.noarch Additional info: reporter: libreport-2.6.4 hashmarkername: setroubleshoot kernel: 4.4.7-300.fc23.x86_64 type: libreport
*** Bug 1331234 has been marked as a duplicate of this bug. ***
*** Bug 1333474 has been marked as a duplicate of this bug. ***
*** Bug 1338959 has been marked as a duplicate of this bug. ***
*** Bug 1340597 has been marked as a duplicate of this bug. ***