1294107 – SELinux is preventing ModemManager from 'read' accesses on the file /etc/passwd.

Bug 1294107 - SELinux is preventing ModemManager from 'read' accesses on the file /etc/passwd.

Summary: SELinux is preventing ModemManager from 'read' accesses on the file /etc/passwd.

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	selinux-policy
Sub Component:
Version:	23
Hardware:	x86_64
OS:	Unspecified
Priority:	medium
Severity:	low
Target Milestone:	---
Assignee:	Miroslav Grepl
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:	abrt_hash:24bea2469ae8219f1fcc92eaadd...
Duplicates (1):	1312733 (view as bug list)
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2015-12-24 22:36 UTC by Frank Büttner
Modified:	2016-03-05 06:22 UTC (History)
CC List:	10 users (show)
Fixed In Version:	selinux-policy-3.13.1-158.7.fc23 selinux-policy-3.13.1-158.9.fc23
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2016-03-05 06:22:41 UTC
Type:	---
Dependent Products:

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Frank Büttner 2015-12-24 22:36:01 UTC

Description of problem:
SELinux is preventing ModemManager from 'read' accesses on the file /etc/passwd.

*****  Plugin catchall (100. confidence) suggests   **************************

If sie denken, dass es ModemManager standardmässig erlaubt sein sollte, read Zugriff auf passwd file zu erhalten.
Then sie sollten dies als Fehler melden.
Um diesen Zugriff zu erlauben, können Sie ein lokales Richtlinien-Modul erstellen.
Do
zugriff jetzt erlauben, indem Sie die nachfolgenden Befehle ausführen:
# grep ModemManager /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp

Additional Information:
Source Context                system_u:system_r:modemmanager_t:s0
Target Context                system_u:object_r:passwd_file_t:s0
Target Objects                /etc/passwd [ file ]
Source                        ModemManager
Source Path                   ModemManager
Port                          <Unknown>
Host                          (removed)
Source RPM Packages           
Target RPM Packages           setup-2.9.8-2.fc23.noarch
Policy RPM                    selinux-policy-3.13.1-158.fc23.noarch
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Enforcing
Host Name                     (removed)
Platform                      Linux (removed) 4.2.8-300.fc23.x86_64 #1 SMP Tue
                              Dec 15 16:49:06 UTC 2015 x86_64 x86_64
Alert Count                   56
First Seen                    2015-12-01 20:36:19 CET
Last Seen                     2015-12-24 23:34:35 CET
Local ID                      5bfa4ec0-0064-4d37-9225-86c7c58a6d22

Raw Audit Messages
type=AVC msg=audit(1450996475.727:128): avc:  denied  { read } for  pid=1409 comm="mbim-proxy" name="passwd" dev="dm-1" ino=4327697 scontext=system_u:system_r:modemmanager_t:s0 tcontext=system_u:object_r:passwd_file_t:s0 tclass=file permissive=0


Hash: ModemManager,modemmanager_t,passwd_file_t,file,read

Version-Release number of selected component:
selinux-policy-3.13.1-158.fc23.noarch

Additional info:
reporter:       libreport-2.6.3
hashmarkername: setroubleshoot
kernel:         4.2.8-300.fc23.x86_64
type:           libreport

Comment 1 Dr. David Alan Gilbert 2016-01-13 12:43:41 UTC

Description of problem:
I plugged in my phone to bring up adb/charge - when I plugged it in the se warnings appeared

Version-Release number of selected component:
selinux-policy-3.13.1-158.fc23.noarch

Additional info:
reporter:       libreport-2.6.3
hashmarkername: setroubleshoot
kernel:         4.3.3-300.fc23.x86_64
type:           libreport

Comment 2 Lukas Vrabec 2016-02-25 13:04:37 UTC

commit 1136d4c013cd26287fb0efa45827957f856b6d3c
Author: Lukas Vrabec <lvrabec>
Date:   Thu Feb 25 13:37:20 2016 +0100

    Allow modemmanager to read /etc/passwd file.

Comment 3 Fedora Update System 2016-02-27 13:50:13 UTC

selinux-policy-3.13.1-158.9.fc23 has been submitted as an update to Fedora 23. https://bodhi.fedoraproject.org/updates/FEDORA-2016-ffbae3a870

Comment 4 Fedora Update System 2016-02-28 13:54:06 UTC

selinux-policy-3.13.1-158.9.fc23 has been pushed to the Fedora 23 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-ffbae3a870

Comment 5 Konrad Paumann 2016-02-29 06:40:57 UTC

*** Bug 1312733 has been marked as a duplicate of this bug. ***

Comment 6 Stanislav Stipl 2016-02-29 17:24:45 UTC

Description of problem:
SELinux problem ocurred after connecting Vodafone (Huawei) K5150 LTE USB modem

lsusb:
Bus 001 Device 005: ID 12d1:1f16 Huawei Technologies Co., Ltd. K5150 LTE modem (Mass Storage Mode)

dmesg:
[  955.200079] scsi 6:0:0:0: Direct-Access     Vodafone Storage(Huawei)  2.31 PQ: 0 ANSI: 2
[  955.202834] sd 6:0:0:0: Attached scsi generic sg1 type 0
[  955.277522] sd 6:0:0:0: [sdb] Attached SCSI removable disk

Version-Release number of selected component:
selinux-policy-3.13.1-158.7.fc23.noarch

Additional info:
reporter:       libreport-2.6.4
hashmarkername: setroubleshoot
kernel:         4.4.2-301.fc23.x86_64
type:           libreport

Comment 7 Fedora Update System 2016-03-05 06:21:48 UTC

selinux-policy-3.13.1-158.9.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.