Description of problem: install sougou from fedora.org but it can't work after install completed. SELinux is preventing sogou-qimpanel from using the 'fsetid' capabilities. ***** Plugin catchall (100. confidence) suggests ************************** If 您确定 sogou-qimpanel 应默认有 fsetid 功能。 Then 您应该将这个情况作为 bug 报告。 您可以生成本地策略模块允许这个访问。 Do 请执行以下命令此时允许这个访问: # grep sogou-qimpanel /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context unconfined_u:unconfined_r:sogou_t:s0-s0:c0.c1023 Target Context unconfined_u:unconfined_r:sogou_t:s0-s0:c0.c1023 Target Objects Unknown [ capability ] Source sogou-qimpanel Source Path sogou-qimpanel Port <Unknown> Host (removed) Source RPM Packages Target RPM Packages Policy RPM selinux-policy-3.13.1-158.fc23.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 4.2.8-300.fc23.x86_64 #1 SMP Tue Dec 15 16:49:06 UTC 2015 x86_64 x86_64 Alert Count 3 First Seen 2016-01-02 01:26:13 CST Last Seen 2016-01-02 01:29:50 CST Local ID b85d0af9-7aec-41e6-8af1-418e7a1cd7d6 Raw Audit Messages type=AVC msg=audit(1451669390.855:669): avc: denied { fsetid } for pid=5107 comm="sogou-qimpanel" capability=4 scontext=unconfined_u:unconfined_r:sogou_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:sogou_t:s0-s0:c0.c1023 tclass=capability permissive=0 Hash: sogou-qimpanel,sogou_t,sogou_t,capability,fsetid Version-Release number of selected component: selinux-policy-3.13.1-158.fc23.noarch Additional info: reporter: libreport-2.6.3 hashmarkername: setroubleshoot kernel: 4.2.8-300.fc23.x86_64 type: libreport
I don't believe this is a policy we ship. It must have come with the sogou product. Fedora does not seem to ship sogou-qimpanel So this is not a Fedora bug.