Bug 1232748 - SELinux is preventing /usr/bin/bash from 'getattr' accesses on the file /usr/sbin/ldconfig.
Summary: SELinux is preventing /usr/bin/bash from 'getattr' accesses on the file /usr/...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy
Version: 22
Hardware: x86_64
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Miroslav Grepl
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard: abrt_hash:3dcda9740382993fa9320d28109...
: 1259576 (view as bug list)
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2015-06-17 12:29 UTC by Bas Mevissen
Modified: 2015-09-11 10:19 UTC (History)
53 users (show)

Fixed In Version: selinux-policy-3.13.1-128.4.fc22
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2015-07-10 19:15:06 UTC


Attachments (Terms of Use)

Description Bas Mevissen 2015-06-17 12:29:59 UTC
Description of problem:
I restarted the iptables firewall (service).
SELinux is preventing /usr/bin/bash from 'getattr' accesses on the file /usr/sbin/ldconfig.

*****  Plugin catchall (100. confidence) suggests   **************************

If you believe that bash should be allowed getattr access on the ldconfig file by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# grep sh /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp

Additional Information:
Source Context                system_u:system_r:firewalld_t:s0
Target Context                system_u:object_r:ldconfig_exec_t:s0
Target Objects                /usr/sbin/ldconfig [ file ]
Source                        sh
Source Path                   /usr/bin/bash
Port                          <Unknown>
Host                          (removed)
Source RPM Packages           bash-4.3.39-1.fc22.x86_64
Target RPM Packages           glibc-2.21-5.fc22.x86_64
Policy RPM                    selinux-policy-3.13.1-128.1.fc22.noarch
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Enforcing
Host Name                     (removed)
Platform                      Linux (removed) 4.0.5-300.fc22.x86_64 #1 SMP Mon
                              Jun 8 16:15:26 UTC 2015 x86_64 x86_64
Alert Count                   1
First Seen                    2015-06-17 14:19:05 CEST
Last Seen                     2015-06-17 14:19:05 CEST
Local ID                      2fca935e-55c2-4257-bfc4-c7fbfe29dd50

Raw Audit Messages
type=AVC msg=audit(1434543545.594:2625): avc:  denied  { getattr } for  pid=20500 comm="sh" path="/usr/sbin/ldconfig" dev="dm-0" ino=19792115 scontext=system_u:system_r:firewalld_t:s0 tcontext=system_u:object_r:ldconfig_exec_t:s0 tclass=file permissive=0


type=SYSCALL msg=audit(1434543545.594:2625): arch=x86_64 syscall=stat success=no exit=EACCES a0=7f1677508b00 a1=7ffef96d9980 a2=7ffef96d9980 a3=7ffef96d9900 items=0 ppid=20499 pid=20500 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=sh exe=/usr/bin/bash subj=system_u:system_r:firewalld_t:s0 key=(null)

Hash: sh,firewalld_t,ldconfig_exec_t,file,getattr

Version-Release number of selected component:
selinux-policy-3.13.1-128.1.fc22.noarch

Additional info:
reporter:       libreport-2.6.0
hashmarkername: setroubleshoot
kernel:         4.0.5-300.fc22.x86_64
type:           libreport

Comment 1 M. Edward (Ed) Borasky 2015-06-21 22:30:04 UTC
Description of problem:
Updating a laptop with dnf on wireless in a coffee shop

Version-Release number of selected component:
selinux-policy-3.13.1-128.1.fc22.noarch
selinux-policy-3.13.1-128.2.fc22.noarch

Additional info:
reporter:       libreport-2.6.0
hashmarkername: setroubleshoot
kernel:         4.0.4-303.fc22.x86_64
type:           libreport

Comment 2 Kamil Páral 2015-06-24 14:24:37 UTC
Description of problem:
This happened on a cleanly installed F22 while removing some packages using dnf.

Version-Release number of selected component:
selinux-policy-3.13.1-128.1.fc22.noarch

Additional info:
reporter:       libreport-2.6.0
hashmarkername: setroubleshoot
kernel:         4.0.5-300.fc22.x86_64
type:           libreport

Comment 3 bztdlinux 2015-06-24 16:59:23 UTC
Description of problem:
This happened while running "dnf update".

Version-Release number of selected component:
selinux-policy-3.13.1-128.1.fc22.noarch
selinux-policy-3.13.1-128.2.fc22.noarch

Additional info:
reporter:       libreport-2.6.0
hashmarkername: setroubleshoot
kernel:         4.0.5-300.fc22.x86_64
type:           libreport

Comment 4 吴晗 2015-06-25 02:36:18 UTC
Description of problem:
just "dnf update"

Version-Release number of selected component:
selinux-policy-3.13.1-128.1.fc22.noarch

Additional info:
reporter:       libreport-2.6.0
hashmarkername: setroubleshoot
kernel:         4.0.4-303.fc22.x86_64
type:           libreport

Comment 5 Milan Kerslager 2015-06-25 06:19:31 UTC
Description of problem:
Just work in the desktop.

Version-Release number of selected component:
selinux-policy-3.13.1-128.1.fc22.noarch

Additional info:
reporter:       libreport-2.6.0
hashmarkername: setroubleshoot
kernel:         4.0.4-303.fc22.x86_64
type:           libreport

Comment 6 Heiko Adams 2015-06-25 07:21:02 UTC
Description of problem:
Updating the system with dnf

Version-Release number of selected component:
selinux-policy-3.13.1-128.1.fc22.noarch

Additional info:
reporter:       libreport-2.6.0
hashmarkername: setroubleshoot
kernel:         4.0.5-300.fc22.x86_64
type:           libreport

Comment 7 chris 2015-06-25 11:48:13 UTC
Description of problem:
During
sudo dnf update -y

Version-Release number of selected component:
selinux-policy-3.13.1-128.1.fc22.noarch

Additional info:
reporter:       libreport-2.6.0
hashmarkername: setroubleshoot
kernel:         4.0.5-300.fc22.x86_64
type:           libreport

Comment 8 Francisco de la Peña 2015-06-25 13:07:41 UTC
Description of problem:
Related: 1234087

Version-Release number of selected component:
selinux-policy-3.13.1-128.1.fc22.noarch

Additional info:
reporter:       libreport-2.6.0
hashmarkername: setroubleshoot
kernel:         4.0.4-libre.303.fc22.gnu.x86_64
type:           libreport

Comment 9 John Cosgrove 2015-06-25 13:23:59 UTC
Description of problem:
dnf update

Version-Release number of selected component:
selinux-policy-3.13.1-128.1.fc22.noarch

Additional info:
reporter:       libreport-2.6.0
hashmarkername: setroubleshoot
kernel:         4.0.4-303.fc22.x86_64
type:           libreport

Comment 10 leigh scott 2015-06-25 13:48:09 UTC
Description of problem:
running dnf update

Version-Release number of selected component:
selinux-policy-3.13.1-128.1.fc22.noarch

Additional info:
reporter:       libreport-2.6.0
hashmarkername: setroubleshoot
kernel:         4.0.5-300.fc22.x86_64
type:           libreport

Comment 11 Dawid Zamirski 2015-06-25 14:06:38 UTC
Description of problem:
The system was installing today updates with dnf update - not sure which specific package triggered this.

Version-Release number of selected component:
selinux-policy-3.13.1-128.1.fc22.noarch

Additional info:
reporter:       libreport-2.6.0
hashmarkername: setroubleshoot
kernel:         4.0.5-300.fc22.x86_64
type:           libreport

Comment 12 Stephen Haffly 2015-06-25 15:02:49 UTC
Description of problem:
This happened during dnf update.

Version-Release number of selected component:
selinux-policy-3.13.1-128.1.fc22.noarch

Additional info:
reporter:       libreport-2.6.0
hashmarkername: setroubleshoot
kernel:         4.0.5-300.fc22.x86_64
type:           libreport

Comment 13 Andreas Balg 2015-06-25 15:08:43 UTC
Description of problem:
dnf update
Last metadata expiration check performed 1:18:42 ago on Thu Jun 25 15:48:43 2015.
Transaktions-ID : 50
Anfangszeit : Thu Jun 25 17:00:35 2015
Anfang rpmdb    : 2276:2e250558f3a7b7f9e30e7ecf72389c9f4fd20506
Endzeit :            17:00:39 2015 (4 Sekunden)
Ende rpmdb      : 2276:4711a5d9c9c8fc71602a76b8010ba007cc573f93
Benutzer : Andreas Balg <andy>
Rückgabe-Code    : Erfolg
Befehlszeile   : update
Transaktion ausgeführt mit:
    Installiert       dnf-1.0.1-2.fc22.noarch     @updates-testing
    Installiert       rpm-4.12.0.1-10.fc22.x86_64 @updates-testing
Veränderte Pakete:
    Aktualisiert  curl-7.40.0-3.fc22.x86_64                   (unknown)
    Aktualisieren      7.40.0-5.fc22.x86_64                   @updates
    Aktualisiert  firewalld-0.3.14.1-1.fc22.noarch            @updates
    Aktualisieren           0.3.14.2-2.fc22.noarch            @updates
    Aktualisiert  firewalld-filesystem-0.3.14.1-1.fc22.noarch @updates
    Aktualisieren                      0.3.14.2-2.fc22.noarch @updates
    Aktualisiert  gnupg-1.4.19-1.fc22.x86_64                  (unknown)
    Aktualisieren       1.4.19-2.fc22.x86_64                  @updates
    Aktualisiert  libcurl-7.40.0-3.fc22.x86_64                (unknown)
    Aktualisieren         7.40.0-5.fc22.x86_64                @updates
    Aktualisiert  python-blivet-1:1.0.9-1.fc22.noarch         (unknown)
    Aktualisieren               1:1.0.10-1.fc22.noarch        @updates
    Aktualisiert  python-firewall-0.3.14.1-1.fc22.noarch      @updates
    Aktualisieren                 0.3.14.2-2.fc22.noarch      @updates

Version-Release number of selected component:
selinux-policy-3.13.1-128.1.fc22.noarch

Additional info:
reporter:       libreport-2.6.0
hashmarkername: setroubleshoot
kernel:         4.0.5-300.fc22.x86_64
type:           libreport

Comment 14 bluexpres 2015-06-25 17:11:45 UTC
Description of problem:
i get this error after last update.
these are last updates ;

 Verifying   : curl-7.40.0-5.fc22.i686                                   1/126 
  Verifying   : libcurl-7.40.0-5.fc22.i686                                2/126 
  Verifying   : dracut-041-14.fc22.i686                                   3/126 
  Verifying   : dracut-network-041-14.fc22.i686                           4/126 
  Verifying   : dracut-config-rescue-041-14.fc22.i686                     5/126 
  Verifying   : evince-3.16.1-2.fc22.i686                                 6/126 
  Verifying   : evince-libs-3.16.1-2.fc22.i686                            7/126 
  Verifying   : evince-nautilus-3.16.1-2.fc22.i686                        8/126 
  Verifying   : evince-browser-plugin-3.16.1-2.fc22.i686                  9/126 
  Verifying   : file-5.22-4.fc22.i686                                    10/126 
  Verifying   : file-libs-5.22-4.fc22.i686                               11/126 
  Verifying   : firewall-config-0.3.14.2-2.fc22.noarch                   12/126 
  Verifying   : firewalld-0.3.14.2-2.fc22.noarch                         13/126 
  Verifying   : python-firewall-0.3.14.2-2.fc22.noarch                   14/126 
  Verifying   : firewalld-filesystem-0.3.14.2-2.fc22.noarch              15/126 
  Verifying   : gdb-7.9.1-16.fc22.i686                                   16/126 
  Verifying   : gnome-abrt-1.2.0-2.fc22.i686                             17/126 
  Verifying   : gnome-menus-3.13.3-3.fc22.i686                           18/126 
  Verifying   : gnupg-1.4.19-2.fc22.i686                                 19/126 
  Verifying   : gnupg2-2.1.5-1.fc22.i686                                 20/126 
  Verifying   : gstreamer1-plugins-bad-free-1.4.5-3.fc22.i686            21/126 
  Verifying   : hpijs-1:3.15.6-1.fc22.i686                               22/126 
  Verifying   : hplip-libs-3.15.6-1.fc22.i686                            23/126 
  Verifying   : hplip-common-3.15.6-1.fc22.i686                          24/126 
  Verifying   : hplip-3.15.6-1.fc22.i686                                 25/126 
  Verifying   : hplip-compat-libs-3.15.6-1.fc22.i686                     26/126 
  Verifying   : libsane-hpaio-3.15.6-1.fc22.i686                         27/126 
  Verifying   : libetonyek-0.1.2-3.fc22.i686                             28/126 
  Verifying   : libfreehand-0.1.1-1.fc22.i686                            29/126 
  Verifying   : mesa-dri-drivers-10.6.0-1.fc22.i686                      30/126 
  Verifying   : mesa-filesystem-10.6.0-1.fc22.i686                       31/126 
  Verifying   : mesa-libEGL-10.6.0-1.fc22.i686                           32/126 
  Verifying   : mesa-libGL-10.6.0-1.fc22.i686                            33/126 
  Verifying   : mesa-libGLES-10.6.0-1.fc22.i686                          34/126 
  Verifying   : mesa-libOSMesa-10.6.0-1.fc22.i686                        35/126 
  Verifying   : mesa-libgbm-10.6.0-1.fc22.i686                           36/126 
  Verifying   : mesa-libglapi-10.6.0-1.fc22.i686                         37/126 
  Verifying   : mesa-libwayland-egl-10.6.0-1.fc22.i686                   38/126 
  Verifying   : mesa-libxatracker-10.6.0-1.fc22.i686                     39/126 
  Verifying   : nss-3.19.2-1.0.fc22.i686                                 40/126 
  Verifying   : nss-util-3.19.2-1.0.fc22.i686                            41/126 
  Verifying   : nss-softokn-3.19.2-1.0.fc22.i686                         42/126 
  Verifying   : nss-softokn-freebl-3.19.2-1.0.fc22.i686                  43/126 
  Verifying   : nss-tools-3.19.2-1.0.fc22.i686                           44/126 
  Verifying   : nss-sysinit-3.19.2-1.0.fc22.i686                         45/126 
  Verifying   : numad-0.5-19.20150602git.fc22.i686                       46/126 
  Verifying   : perl-Encode-Locale-1.05-1.fc22.noarch                    47/126 
  Verifying   : poppler-data-0.4.7-4.fc22.noarch                         48/126 
  Verifying   : python-blivet-1:1.0.10-1.fc22.noarch                     49/126 
  Verifying   : rpm-4.12.0.1-11.fc22.i686                                50/126 
  Verifying   : rpm-python3-4.12.0.1-11.fc22.i686                        51/126 
  Verifying   : rpm-python-4.12.0.1-11.fc22.i686                         52/126 
  Verifying   : rpm-libs-4.12.0.1-11.fc22.i686                           53/126 
  Verifying   : rpm-plugin-selinux-4.12.0.1-11.fc22.i686                 54/126 
  Verifying   : rpm-plugin-systemd-inhibit-4.12.0.1-11.fc22.i686         55/126 
  Verifying   : rpm-build-libs-4.12.0.1-11.fc22.i686                     56/126 
  Verifying   : sane-backends-1.0.24-14.fc22.i686                        57/126 
  Verifying   : sane-backends-libs-1.0.24-14.fc22.i686                   58/126 
  Verifying   : sane-backends-drivers-scanners-1.0.24-14.fc22.i686       59/126 
  Verifying   : tigervnc-license-1.4.3-7.fc22.noarch                     60/126 
  Verifying   : tigervnc-server-minimal-1.4.3-7.fc22.i686                61/126 
  Verifying   : xen-libs-4.5.0-11.fc22.i686                              62/126 
  Verifying   : xen-licenses-4.5.0-11.fc22.i686                          63/126 
  Verifying   : gstreamer1-plugins-bad-free-1.4.5-2.fc22.i686            64/126 
  Verifying   : rpm-plugin-systemd-inhibit-4.12.0.1-10.fc22.i686         65/126 
  Verifying   : xen-libs-4.5.0-10.fc22.i686                              66/126 
  Verifying   : xen-licenses-4.5.0-10.fc22.i686                          67/126 
  Verifying   : dracut-041-10.fc22.1.i686                                68/126 
  Verifying   : dracut-config-rescue-041-10.fc22.1.i686                  69/126 
  Verifying   : dracut-network-041-10.fc22.1.i686                        70/126 
  Verifying   : rpm-python3-4.12.0.1-10.fc22.i686                        71/126 
  Verifying   : libetonyek-0.1.2-2.fc22.i686                             72/126 
  Verifying   : python-blivet-1:1.0.9-1.fc22.noarch                      73/126 
  Verifying   : nss-3.19.1-1.0.fc22.i686                                 74/126 
  Verifying   : nss-softokn-3.19.1-1.0.fc22.i686                         75/126 
  Verifying   : libfreehand-0.1.0-3.fc22.i686                            76/126 
  Verifying   : nss-sysinit-3.19.1-1.0.fc22.i686                         77/126 
  Verifying   : nss-tools-3.19.1-1.0.fc22.i686                           78/126 
  Verifying   : nss-util-3.19.1-1.0.fc22.i686                            79/126 
  Verifying   : evince-3.16.1-1.fc22.i686                                80/126 
  Verifying   : evince-browser-plugin-3.16.1-1.fc22.i686                 81/126 
  Verifying   : evince-libs-3.16.1-1.fc22.i686                           82/126 
  Verifying   : evince-nautilus-3.16.1-1.fc22.i686                       83/126 
  Verifying   : rpm-build-libs-4.12.0.1-10.fc22.i686                     84/126 
  Verifying   : rpm-libs-4.12.0.1-10.fc22.i686                           85/126 
  Verifying   : rpm-plugin-selinux-4.12.0.1-10.fc22.i686                 86/126 
  Verifying   : tigervnc-server-minimal-1.4.3-4.fc22.i686                87/126 
  Verifying   : rpm-python-4.12.0.1-10.fc22.i686                         88/126 
  Verifying   : hpijs-1:3.15.2-9.fc22.i686                               89/126 
  Verifying   : hplip-3.15.2-9.fc22.i686                                 90/126 
  Verifying   : hplip-common-3.15.2-9.fc22.i686                          91/126 
  Verifying   : hplip-compat-libs-3.15.2-9.fc22.i686                     92/126 
  Verifying   : hplip-libs-3.15.2-9.fc22.i686                            93/126 
  Verifying   : gnome-menus-3.13.3-2.fc22.i686                           94/126 
  Verifying   : mesa-libGLES-10.5.4-1.20150505.fc22.i686                 95/126 
  Verifying   : sane-backends-1.0.24-13.fc22.i686                        96/126 
  Verifying   : sane-backends-drivers-scanners-1.0.24-13.fc22.i686       97/126 
  Verifying   : sane-backends-libs-1.0.24-13.fc22.i686                   98/126 
  Verifying   : nss-softokn-freebl-3.19.1-1.0.fc22.i686                  99/126 
  Verifying   : curl-7.40.0-3.fc22.i686                                 100/126 
  Verifying   : file-5.22-3.fc22.i686                                   101/126 
  Verifying   : file-libs-5.22-3.fc22.i686                              102/126 
  Verifying   : libsane-hpaio-3.15.2-9.fc22.i686                        103/126 
  Verifying   : rpm-4.12.0.1-10.fc22.i686                               104/126 
  Verifying   : firewall-config-0.3.14.1-1.fc22.noarch                  105/126 
  Verifying   : firewalld-0.3.14.1-1.fc22.noarch                        106/126 
  Verifying   : firewalld-filesystem-0.3.14.1-1.fc22.noarch             107/126 
  Verifying   : gnupg-1.4.19-1.fc22.i686                                108/126 
  Verifying   : gnupg2-2.1.4-1.fc22.i686                                109/126 
  Verifying   : python-firewall-0.3.14.1-1.fc22.noarch                  110/126 
  Verifying   : mesa-dri-drivers-10.5.4-1.20150505.fc22.i686            111/126 
  Verifying   : mesa-filesystem-10.5.4-1.20150505.fc22.i686             112/126 
  Verifying   : mesa-libEGL-10.5.4-1.20150505.fc22.i686                 113/126 
  Verifying   : mesa-libGL-10.5.4-1.20150505.fc22.i686                  114/126 
  Verifying   : numad-0.5-18.20140620git.fc22.i686                      115/126 
  Verifying   : mesa-libOSMesa-10.5.4-1.20150505.fc22.i686              116/126 
  Verifying   : mesa-libgbm-10.5.4-1.20150505.fc22.i686                 117/126 
  Verifying   : mesa-libglapi-10.5.4-1.20150505.fc22.i686               118/126 
  Verifying   : mesa-libwayland-egl-10.5.4-1.20150505.fc22.i686         119/126 
  Verifying   : mesa-libxatracker-10.5.4-1.20150505.fc22.i686           120/126 
  Verifying   : poppler-data-0.4.7-3.fc22.noarch                        121/126 
  Verifying   : gdb-7.9.1-13.fc22.i686                                  122/126 
  Verifying   : perl-Encode-Locale-1.04-1.fc22.noarch                   123/126 
  Verifying   : libcurl-7.40.0-3.fc22.i686                              124/126 
  Verifying   : gnome-abrt-1.2.0-1.fc22.i686                            125/126 
  Verifying   : tigervnc-license-1.4.3-4.fc22.noarch                    126/126 

[root@weblen ~]# uname -a
Linux weblen 4.0.5-300.fc22.i686 #1 SMP Mon Jun 8 16:53:51 UTC 2015 i686 i686 i386 GNU/Linux

Version-Release number of selected component:
selinux-policy-3.13.1-128.1.fc22.noarch

Additional info:
reporter:       libreport-2.6.0
hashmarkername: setroubleshoot
kernel:         4.0.5-300.fc22.i686
type:           libreport

Comment 15 Johannes Pfrang 2015-06-25 17:16:48 UTC
Description of problem:
Executed 'sudo dnf update -y' -> SELinux Alert in Cleanup-Phase

Version-Release number of selected component:
selinux-policy-3.13.1-128.1.fc22.noarch

Additional info:
reporter:       libreport-2.6.0
hashmarkername: setroubleshoot
kernel:         4.0.5-300.fc22.x86_64
type:           libreport

Comment 16 Michal Nowak 2015-06-25 20:26:32 UTC
Description of problem:
"dnf upgrade" was running, so some RPM package mangling happened

Version-Release number of selected component:
selinux-policy-3.13.1-128.1.fc22.noarch

Additional info:
reporter:       libreport-2.6.0
hashmarkername: setroubleshoot
kernel:         4.0.5-300.fc22.x86_64
type:           libreport

Comment 17 Dr. David Alan Gilbert 2015-06-26 11:15:28 UTC
Description of problem:
I kicked off a:
  sudo yum upgrade

in a terminal just to get the days updates;   and it appeared as that was happening.  There's no apparent failur other than the se log message.

Version-Release number of selected component:
selinux-policy-3.13.1-128.1.fc22.noarch

Additional info:
reporter:       libreport-2.6.0
hashmarkername: setroubleshoot
kernel:         4.0.5-300.fc22.x86_64
type:           libreport

Comment 18 Elad Alfassa 2015-06-26 12:54:14 UTC
Description of problem:
I was running a regular dnf update when this alert popped up.

Version-Release number of selected component:
selinux-policy-3.13.1-128.1.fc22.noarch

Additional info:
reporter:       libreport-2.6.0
hashmarkername: setroubleshoot
kernel:         4.0.5-300.fc22.x86_64
type:           libreport

Comment 19 Laurent Wandrebeck 2015-06-26 17:50:11 UTC
Description of problem:
Got this message after a resume after suspend on my netbook.

Version-Release number of selected component:
selinux-policy-3.13.1-128.1.fc22.noarch

Additional info:
reporter:       libreport-2.6.0
hashmarkername: setroubleshoot
kernel:         4.1.0-1.fc23.x86_64
type:           libreport

Comment 20 jan 2015-06-26 17:52:21 UTC
Description of problem:
Running dnf update, a rather large list of packages were updated, and I'm guessing in one of them an ldconfig was triggered.

Version-Release number of selected component:
selinux-policy-3.13.1-128.1.fc22.noarch

Additional info:
reporter:       libreport-2.6.0
hashmarkername: setroubleshoot
kernel:         4.0.4-303.fc22.x86_64
type:           libreport

Comment 21 Matthew Saltzman 2015-06-26 18:48:30 UTC
Description of problem:
Appears to have happened during a dnf update run.  Not sure which pacakge triggered the alert.

Version-Release number of selected component:
selinux-policy-3.13.1-128.1.fc22.noarch

Additional info:
reporter:       libreport-2.6.0
hashmarkername: setroubleshoot
kernel:         4.0.5-300.fc22.x86_64
type:           libreport

Comment 22 amredhat 2015-06-26 20:23:18 UTC
Description of problem:
Installing or upgrading the 'Google-chrome-stable' package from the Google repository.

[google-chrome]
name=google-chrome
baseurl=http://dl.google.com/linux/chrome/rpm/stable/x86_64
enabled=1
gpgcheck=1

Version-Release number of selected component:
selinux-policy-3.13.1-128.1.fc22.noarch

Additional info:
reporter:       libreport-2.6.0
hashmarkername: setroubleshoot
kernel:         4.0.4-303.fc22.x86_64
type:           libreport

Comment 23 james.crace 2015-06-27 07:46:24 UTC
Description of problem:
After running sudo dnf update, SELinux Troubleshooter reported this error. I'm a new user to Fedora and since the "Plugin catchall" said 100% confidence and suggested reporting it as a bug that's what I did.

Version-Release number of selected component:
selinux-policy-3.13.1-128.1.fc22.noarch

Additional info:
reporter:       libreport-2.6.0
hashmarkername: setroubleshoot
kernel:         4.0.5-300.fc22.x86_64
type:           libreport

Comment 24 Simon 2015-06-27 14:15:17 UTC
Description of problem:
While system update, google chrome package

Version-Release number of selected component:
selinux-policy-3.13.1-128.1.fc22.noarch

Additional info:
reporter:       libreport-2.6.0
hashmarkername: setroubleshoot
kernel:         4.0.5-300.fc22.x86_64
type:           libreport

Comment 25 David Spurek 2015-06-28 11:34:29 UTC
Description of problem:
avc appeared during packages updates (sudo dnf update)

Version-Release number of selected component:
selinux-policy-3.13.1-128.1.fc22.noarch
selinux-policy-3.13.1-128.2.fc22.noarch

Additional info:
reporter:       libreport-2.6.0
hashmarkername: setroubleshoot
kernel:         4.0.5-300.fc22.x86_64
type:           libreport

Comment 26 Carl Morris 2015-06-28 16:56:14 UTC
Description of problem:
I ran 'sudo dnf update'. The following updates packages were affected:

Installed:
  kernel.x86_64 4.0.6-300.fc22                                            
  kernel-core.x86_64 4.0.6-300.fc22                                       
  kernel-debug-devel.x86_64 4.0.6-300.fc22                                
  kernel-devel.x86_64 4.0.6-300.fc22                                      
  kernel-modules.x86_64 4.0.6-300.fc22                                    

Upgraded:
  autocorr-en.noarch 1:4.4.4.2-3.fc22                                     
  avahi.x86_64 0.6.31-31.fc22                                             
  avahi-autoipd.x86_64 0.6.31-31.fc22                                     
  avahi-glib.x86_64 0.6.31-31.fc22                                        
  avahi-gobject.x86_64 0.6.31-31.fc22                                     
  avahi-libs.x86_64 0.6.31-31.fc22                                        
  avahi-ui-gtk3.x86_64 0.6.31-31.fc22                                     
  btrfs-progs.x86_64 4.1-1.fc22                                           
  chrony.x86_64 2.1.1-1.fc22                                              
  cpp.x86_64 5.1.1-4.fc22                                                 
  curl.x86_64 7.40.0-5.fc22                                               
  dnf-plugins-core.noarch 0.1.9-1.fc22                                    
  dracut.x86_64 041-14.fc22                                               
  dracut-config-rescue.x86_64 041-14.fc22                                 
  dracut-network.x86_64 041-14.fc22                                       
  epiphany.x86_64 1:3.16.2-1.fc22                                         
  epiphany-runtime.x86_64 1:3.16.2-1.fc22                                 
  evince.x86_64 3.16.1-2.fc22                                             
  evince-browser-plugin.x86_64 3.16.1-2.fc22                              
  evince-libs.x86_64 3.16.1-2.fc22                                        
  evince-nautilus.x86_64 3.16.1-2.fc22                                    
  file.x86_64 5.22-4.fc22                                                 
  file-libs.x86_64 5.22-4.fc22                                            
  firewalld.noarch 0.3.14.2-2.fc22                                        
  firewalld-filesystem.noarch 0.3.14.2-2.fc22                             
  flash-plugin.x86_64 11.2.202.468-release                                
  gcc.x86_64 5.1.1-4.fc22                                                 
  gcc-c++.x86_64 5.1.1-4.fc22                                             
  gdb.x86_64 7.9.1-16.fc22                                                
  gdm.x86_64 1:3.16.1.1-2.fc22                                            
  git.x86_64 2.4.3-4.fc22                                                 
  gnome-abrt.x86_64 1.2.0-2.fc22                                          
  gnome-menus.x86_64 3.13.3-3.fc22                                        
  gnupg.x86_64 1.4.19-2.fc22                                              
  gnupg2.x86_64 2.1.5-1.fc22                                              
  gstreamer1-plugins-bad-free.x86_64 1.4.5-3.fc22                         
  hpijs.x86_64 1:3.15.6-1.fc22                                            
  hplip.x86_64 3.15.6-1.fc22                                              
  hplip-common.x86_64 3.15.6-1.fc22                                       
  hplip-compat-libs.x86_64 3.15.6-1.fc22                                  
  hplip-libs.x86_64 3.15.6-1.fc22                                         
  kernel-headers.x86_64 4.0.6-300.fc22                                    
  kmod.x86_64 21-1.fc22                                                   
  kmod-libs.x86_64 21-1.fc22                                              
  libcurl.x86_64 7.40.0-5.fc22                                            
  libetonyek.x86_64 0.1.2-3.fc22                                          
  libfreehand.x86_64 0.1.1-1.fc22                                         
  libgcc.x86_64 5.1.1-4.fc22                                              
  libgomp.x86_64 5.1.1-4.fc22                                             
  libinput.x86_64 0.18.0-3.fc22                                           
  libipa_hbac.x86_64 1.12.5-3.fc22                                        
  libreoffice-calc.x86_64 1:4.4.4.2-3.fc22                                
  libreoffice-core.x86_64 1:4.4.4.2-3.fc22                                
  libreoffice-draw.x86_64 1:4.4.4.2-3.fc22                                
  libreoffice-emailmerge.x86_64 1:4.4.4.2-3.fc22                          
  libreoffice-filters.x86_64 1:4.4.4.2-3.fc22                             
  libreoffice-graphicfilter.x86_64 1:4.4.4.2-3.fc22                       
  libreoffice-impress.x86_64 1:4.4.4.2-3.fc22                             
  libreoffice-math.x86_64 1:4.4.4.2-3.fc22                                
  libreoffice-opensymbol-fonts.noarch 1:4.4.4.2-3.fc22                    
  libreoffice-pdfimport.x86_64 1:4.4.4.2-3.fc22                           
  libreoffice-pyuno.x86_64 1:4.4.4.2-3.fc22                               
  libreoffice-ure.x86_64 1:4.4.4.2-3.fc22                                 
  libreoffice-writer.x86_64 1:4.4.4.2-3.fc22                              
  libreoffice-xsltfilter.x86_64 1:4.4.4.2-3.fc22                          
  libsane-hpaio.x86_64 3.15.6-1.fc22                                      
  libsmbclient.x86_64 2:4.2.2-1.fc22                                      
  libsolv.x86_64 0.6.11-1.fc22                                            
  libsss_idmap.x86_64 1.12.5-3.fc22                                       
  libsss_nss_idmap.x86_64 1.12.5-3.fc22                                   
  libstdc++.x86_64 5.1.1-4.fc22                                           
  libstdc++-devel.x86_64 5.1.1-4.fc22                                     
  libwbclient.x86_64 2:4.2.2-1.fc22                                       
  mesa-dri-drivers.x86_64 10.6.0-1.fc22                                   
  mesa-filesystem.x86_64 10.6.0-1.fc22                                    
  mesa-libEGL.x86_64 10.6.0-1.fc22                                        
  mesa-libGL.x86_64 10.6.0-1.fc22                                         
  mesa-libGLES.x86_64 10.6.0-1.fc22                                       
  mesa-libgbm.x86_64 10.6.0-1.fc22                                        
  mesa-libglapi.x86_64 10.6.0-1.fc22                                      
  mesa-libwayland-egl.x86_64 10.6.0-1.fc22                                
  mesa-libxatracker.x86_64 10.6.0-1.fc22                                  
  nss.x86_64 3.19.2-1.0.fc22                                              
  nss-softokn.x86_64 3.19.2-1.0.fc22                                      
  nss-softokn-freebl.x86_64 3.19.2-1.0.fc22                               
  nss-sysinit.x86_64 3.19.2-1.0.fc22                                      
  nss-tools.x86_64 3.19.2-1.0.fc22                                        
  nss-util.x86_64 3.19.2-1.0.fc22                                         
  numad.x86_64 0.5-19.20150602git.fc22                                    
  perl-Encode-Locale.noarch 1.05-1.fc22                                   
  perl-Git.noarch 2.4.3-4.fc22                                            
  poppler-data.noarch 0.4.7-4.fc22                                        
  python-dnf-plugins-core.noarch 0.1.9-1.fc22                             
  python-firewall.noarch 0.3.14.2-2.fc22                                  
  python-sssdconfig.noarch 1.12.5-3.fc22                                  
  python3-speechd.x86_64 0.8.3-1.fc22                                     
  python3-sssdconfig.noarch 1.12.5-3.fc22                                 
  qt-settings.noarch 22-11.fc22                                           
  rpm.x86_64 4.12.0.1-11.fc22                                             
  rpm-build-libs.x86_64 4.12.0.1-11.fc22                                  
  rpm-libs.x86_64 4.12.0.1-11.fc22                                        
  rpm-plugin-selinux.x86_64 4.12.0.1-11.fc22                              
  rpm-plugin-systemd-inhibit.x86_64 4.12.0.1-11.fc22                      
  rpm-python.x86_64 4.12.0.1-11.fc22                                      
  rpm-python3.x86_64 4.12.0.1-11.fc22                                     
  samba-client.x86_64 2:4.2.2-1.fc22                                      
  samba-client-libs.x86_64 2:4.2.2-1.fc22                                 
  samba-common.noarch 2:4.2.2-1.fc22                                      
  samba-common-libs.x86_64 2:4.2.2-1.fc22                                 
  sane-backends.x86_64 1.0.24-14.fc22                                     
  sane-backends-drivers-scanners.x86_64 1.0.24-14.fc22                    
  sane-backends-libs.x86_64 1.0.24-14.fc22                                
  selinux-policy.noarch 3.13.1-128.2.fc22                                 
  selinux-policy-targeted.noarch 3.13.1-128.2.fc22                        
  speech-dispatcher.x86_64 0.8.3-1.fc22                                   
  speech-dispatcher-espeak.x86_64 0.8.3-1.fc22                            
  sssd.x86_64 1.12.5-3.fc22                                               
  sssd-ad.x86_64 1.12.5-3.fc22                                            
  sssd-client.x86_64 1.12.5-3.fc22                                        
  sssd-common.x86_64 1.12.5-3.fc22                                        
  sssd-common-pac.x86_64 1.12.5-3.fc22                                    
  sssd-ipa.x86_64 1.12.5-3.fc22                                           
  sssd-krb5.x86_64 1.12.5-3.fc22                                          
  sssd-krb5-common.x86_64 1.12.5-3.fc22                                   
  sssd-ldap.x86_64 1.12.5-3.fc22                                          
  sssd-proxy.x86_64 1.12.5-3.fc22                                         
  subunit.x86_64 1.1.0-1.fc22                                             
  xen-libs.x86_64 4.5.0-11.fc22                                           
  xen-licenses.x86_64 4.5.0-11.fc22                                       
  xorg-x11-server-Xorg.x86_64 1.17.2-1.fc22                               
  xorg-x11-server-Xwayland.x86_64 1.17.2-1.fc22                           
  xorg-x11-server-common.x86_64 1.17.2-1.fc22    

I received the SELinux notification at some point during this action.

Version-Release number of selected component:
selinux-policy-3.13.1-128.1.fc22.noarch
selinux-policy-3.13.1-128.2.fc22.noarch

Additional info:
reporter:       libreport-2.6.0
hashmarkername: setroubleshoot
kernel:         4.0.5-300.fc22.x86_64
type:           libreport

Comment 27 Lukas Vrabec 2015-06-29 08:51:35 UTC
commit 06c8d58615312b9d5c166c8bbf4429f4cbdb163f
Author: Lukas Vrabec <lvrabec@redhat.com>
Date:   Mon Jun 29 10:50:33 2015 +0200

    Allow firewalld exec ldconfig. BZ(1232748)

Comment 28 Derek P. Moore 2015-06-29 15:29:38 UTC
Description of problem:
Got this violation when upgrading selinux-policy:

  Upgrading   : selinux-policy-3.13.1-128.2.fc22.noarch                   13/84 

Version-Release number of selected component:
selinux-policy-3.13.1-128.1.fc22.noarch

Additional info:
reporter:       libreport-2.6.0
hashmarkername: setroubleshoot
kernel:         4.1.0-0.rc8.git0.2.fc23.x86_64
type:           libreport

Comment 29 Fedora Update System 2015-06-30 07:33:50 UTC
selinux-policy-3.13.1-128.4.fc22 has been submitted as an update for Fedora 22.
https://admin.fedoraproject.org/updates/selinux-policy-3.13.1-128.4.fc22

Comment 30 Fedora Update System 2015-06-30 20:20:59 UTC
Package selinux-policy-3.13.1-128.4.fc22:
* should fix your issue,
* was pushed to the Fedora 22 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing selinux-policy-3.13.1-128.4.fc22'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2015-10974/selinux-policy-3.13.1-128.4.fc22
then log in and leave karma (feedback).

Comment 31 Alex 2015-07-05 10:19:12 UTC
Description of problem:
Just sudo yum update

Fnd in process SELinux show me allert.

Version-Release number of selected component:
selinux-policy-3.13.1-128.2.fc22.noarch

Additional info:
reporter:       libreport-2.6.0
hashmarkername: setroubleshoot
kernel:         4.0.4-303.fc22.x86_64
type:           libreport

Comment 32 Luke Carrier 2015-07-05 11:05:04 UTC
Description of problem:
During recent upgrade

Version-Release number of selected component:
selinux-policy-3.13.1-128.2.fc22.noarch

Additional info:
reporter:       libreport-2.6.0
hashmarkername: setroubleshoot
kernel:         4.0.6-300.fc22.x86_64
type:           libreport

Comment 33 Pratyush Sahay 2015-07-08 18:25:23 UTC
Description of problem:
installed d-feet and started from command line while debugging d-bus app.

Version-Release number of selected component:
selinux-policy-3.13.1-128.1.fc22.noarch

Additional info:
reporter:       libreport-2.6.0
hashmarkername: setroubleshoot
kernel:         4.0.6-300.fc22.i686
type:           libreport

Comment 34 Fedora Update System 2015-07-10 19:15:06 UTC
selinux-policy-3.13.1-128.4.fc22 has been pushed to the Fedora 22 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 35 atryad 2015-07-16 09:33:31 UTC
Description of problem:
hi
this error after run program bluefish and mozila

Version-Release number of selected component:
selinux-policy-3.13.1-128.1.fc22.noarch

Additional info:
reporter:       libreport-2.6.0
hashmarkername: setroubleshoot
kernel:         4.0.7-300.fc22.x86_64
type:           libreport

Comment 36 Ankur Sinha (FranciscoD) 2015-09-03 17:19:59 UTC
Description of problem:
ran ldd - no idea if this really is a bug or not.

Version-Release number of selected component:
selinux-policy-3.13.1-128.1.fc22.noarch
selinux-policy-3.13.1-128.2.fc22.noarch

Additional info:
reporter:       libreport-2.6.2
hashmarkername: setroubleshoot
kernel:         4.1.6-200.fc22.x86_64
type:           libreport

Comment 37 Simon Fonceca 2015-09-09 19:06:16 UTC
Description of problem:
happened on startup of kde

Version-Release number of selected component:
selinux-policy-3.13.1-128.1.fc22.noarch

Additional info:
reporter:       libreport-2.6.2
hashmarkername: setroubleshoot
kernel:         4.1.6-200.fc22.x86_64
type:           libreport

Comment 38 Miroslav Grepl 2015-09-11 10:19:09 UTC
*** Bug 1259576 has been marked as a duplicate of this bug. ***


Note You need to log in before you can comment on or make changes to this bug.