Bug 1294107 - SELinux is preventing ModemManager from 'read' accesses on the file /etc/passwd.
SELinux is preventing ModemManager from 'read' accesses on the file /etc/passwd.
Status: CLOSED ERRATA
Product: Fedora
Classification: Fedora
Component: selinux-policy (Show other bugs)
23
x86_64 Unspecified
medium Severity low
: ---
: ---
Assigned To: Miroslav Grepl
Fedora Extras Quality Assurance
abrt_hash:24bea2469ae8219f1fcc92eaadd...
:
: 1312733 (view as bug list)
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2015-12-24 17:36 EST by Frank Büttner
Modified: 2016-03-05 01:22 EST (History)
10 users (show)

See Also:
Fixed In Version: selinux-policy-3.13.1-158.7.fc23 selinux-policy-3.13.1-158.9.fc23
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2016-03-05 01:22:41 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Frank Büttner 2015-12-24 17:36:01 EST
Description of problem:
SELinux is preventing ModemManager from 'read' accesses on the file /etc/passwd.

*****  Plugin catchall (100. confidence) suggests   **************************

If sie denken, dass es ModemManager standardmässig erlaubt sein sollte, read Zugriff auf passwd file zu erhalten.
Then sie sollten dies als Fehler melden.
Um diesen Zugriff zu erlauben, können Sie ein lokales Richtlinien-Modul erstellen.
Do
zugriff jetzt erlauben, indem Sie die nachfolgenden Befehle ausführen:
# grep ModemManager /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp

Additional Information:
Source Context                system_u:system_r:modemmanager_t:s0
Target Context                system_u:object_r:passwd_file_t:s0
Target Objects                /etc/passwd [ file ]
Source                        ModemManager
Source Path                   ModemManager
Port                          <Unknown>
Host                          (removed)
Source RPM Packages           
Target RPM Packages           setup-2.9.8-2.fc23.noarch
Policy RPM                    selinux-policy-3.13.1-158.fc23.noarch
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Enforcing
Host Name                     (removed)
Platform                      Linux (removed) 4.2.8-300.fc23.x86_64 #1 SMP Tue
                              Dec 15 16:49:06 UTC 2015 x86_64 x86_64
Alert Count                   56
First Seen                    2015-12-01 20:36:19 CET
Last Seen                     2015-12-24 23:34:35 CET
Local ID                      5bfa4ec0-0064-4d37-9225-86c7c58a6d22

Raw Audit Messages
type=AVC msg=audit(1450996475.727:128): avc:  denied  { read } for  pid=1409 comm="mbim-proxy" name="passwd" dev="dm-1" ino=4327697 scontext=system_u:system_r:modemmanager_t:s0 tcontext=system_u:object_r:passwd_file_t:s0 tclass=file permissive=0


Hash: ModemManager,modemmanager_t,passwd_file_t,file,read

Version-Release number of selected component:
selinux-policy-3.13.1-158.fc23.noarch

Additional info:
reporter:       libreport-2.6.3
hashmarkername: setroubleshoot
kernel:         4.2.8-300.fc23.x86_64
type:           libreport
Comment 1 Dr. David Alan Gilbert 2016-01-13 07:43:41 EST
Description of problem:
I plugged in my phone to bring up adb/charge - when I plugged it in the se warnings appeared

Version-Release number of selected component:
selinux-policy-3.13.1-158.fc23.noarch

Additional info:
reporter:       libreport-2.6.3
hashmarkername: setroubleshoot
kernel:         4.3.3-300.fc23.x86_64
type:           libreport
Comment 2 Lukas Vrabec 2016-02-25 08:04:37 EST
commit 1136d4c013cd26287fb0efa45827957f856b6d3c
Author: Lukas Vrabec <lvrabec@redhat.com>
Date:   Thu Feb 25 13:37:20 2016 +0100

    Allow modemmanager to read /etc/passwd file.
Comment 3 Fedora Update System 2016-02-27 08:50:13 EST
selinux-policy-3.13.1-158.9.fc23 has been submitted as an update to Fedora 23. https://bodhi.fedoraproject.org/updates/FEDORA-2016-ffbae3a870
Comment 4 Fedora Update System 2016-02-28 08:54:06 EST
selinux-policy-3.13.1-158.9.fc23 has been pushed to the Fedora 23 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-ffbae3a870
Comment 5 Konrad Paumann 2016-02-29 01:40:57 EST
*** Bug 1312733 has been marked as a duplicate of this bug. ***
Comment 6 Stanislav Stipl 2016-02-29 12:24:45 EST
Description of problem:
SELinux problem ocurred after connecting Vodafone (Huawei) K5150 LTE USB modem

lsusb:
Bus 001 Device 005: ID 12d1:1f16 Huawei Technologies Co., Ltd. K5150 LTE modem (Mass Storage Mode)

dmesg:
[  955.200079] scsi 6:0:0:0: Direct-Access     Vodafone Storage(Huawei)  2.31 PQ: 0 ANSI: 2
[  955.202834] sd 6:0:0:0: Attached scsi generic sg1 type 0
[  955.277522] sd 6:0:0:0: [sdb] Attached SCSI removable disk

Version-Release number of selected component:
selinux-policy-3.13.1-158.7.fc23.noarch

Additional info:
reporter:       libreport-2.6.4
hashmarkername: setroubleshoot
kernel:         4.4.2-301.fc23.x86_64
type:           libreport
Comment 7 Fedora Update System 2016-03-05 01:21:48 EST
selinux-policy-3.13.1-158.9.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.