Description of problem: By itself, got SElinux denial popup SELinux is preventing speech-dispatch from 'append' accesses on the file speech-dispatcher.log. ***** Plugin catchall (100. confidence) suggests ************************** If you believe that speech-dispatch should be allowed append access on the speech-dispatcher.log file by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # grep speech-dispatch /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context system_u:system_r:speech-dispatcher_t:s0 Target Context system_u:object_r:cache_home_t:s0 Target Objects speech-dispatcher.log [ file ] Source speech-dispatch Source Path speech-dispatch Port <Unknown> Host (removed) Source RPM Packages Target RPM Packages Policy RPM selinux-policy-3.13.1-158.6.fc23.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Permissive Host Name (removed) Platform Linux (removed) 4.3.5-300.fc23.x86_64 #1 SMP Mon Feb 1 03:18:41 UTC 2016 x86_64 x86_64 Alert Count 4 First Seen 2016-02-25 13:00:49 CET Last Seen 2016-02-25 19:09:03 CET Local ID f29b598d-3787-43e6-a31b-fa4afa45dca9 Raw Audit Messages type=AVC msg=audit(1456423743.748:148): avc: denied { append } for pid=867 comm="speech-dispatch" name="speech-dispatcher.log" dev="dm-0" ino=131086 scontext=system_u:system_r:speech-dispatcher_t:s0 tcontext=system_u:object_r:cache_home_t:s0 tclass=file permissive=1 Hash: speech-dispatch,speech-dispatcher_t,cache_home_t,file,append Version-Release number of selected component: selinux-policy-3.13.1-158.6.fc23.noarch Additional info: reporter: libreport-2.6.4 hashmarkername: setroubleshoot kernel: 4.3.5-300.fc23.x86_64 type: libreport
Is it possible to store log files in "/var/log/" ?
(In reply to Lukas Vrabec from comment #1) > Is it possible to store log files in "/var/log/" ? it runs per user?
This message is a reminder that Fedora 23 is nearing its end of life. Approximately 4 (four) weeks from now Fedora will stop maintaining and issuing updates for Fedora 23. It is Fedora's policy to close all bug reports from releases that are no longer maintained. At that time this bug will be closed as EOL if it remains open with a Fedora 'version' of '23'. Package Maintainer: If you wish for this bug to remain open because you plan to fix it in a currently maintained version, simply change the 'version' to a later Fedora version. Thank you for reporting this issue and we are sorry that we were not able to fix it before Fedora 23 is end of life. If you would still like to see this bug fixed and are able to reproduce it against a later version of Fedora, you are encouraged change the 'version' to a later Fedora version prior this bug is closed as described in the policy above. Although we aim to fix as many bugs as possible during every release's lifetime, sometimes those efforts are overtaken by events. Often a more recent Fedora release includes newer upstream software that fixes bugs or makes them obsolete.
Still an issue in newer releases?
Fedora 23 changed to end-of-life (EOL) status on 2016-12-20. Fedora 23 is no longer maintained, which means that it will not receive any further security or bug fix updates. As a result we are closing this bug. If you can reproduce this bug against a currently maintained version of Fedora please feel free to reopen this bug against that version. If you are unable to reopen this bug, please file a new report against the current release. If you experience problems, please add a comment to this bug. Thank you for reporting this bug and we are sorry it could not be fixed.
Yes, this is still an issue in fc38. Generating local policy modules does not fix it because it's creating new directories to error out on. SELinux is preventing sd_espeak-ng-mb from add_name access on the directory e6f5e9d96eee4b16be3621a62ac12241-runtime. ***** Plugin catchall (100. confidence) suggests ************************** If you believe that sd_espeak-ng-mb should be allowed add_name access on the e6f5e9d96eee4b16be3621a62ac12241-runtime directory by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # ausearch -c 'sd_espeak-ng-mb' --raw | audit2allow -M my-sdespeakngmb # semodule -X 300 -i my-sdespeakngmb.pp Additional Information: Source Context system_u:system_r:speech_dispatcher_t:s0 Target Context system_u:object_r:pulseaudio_home_t:s0 Target Objects e6f5e9d96eee4b16be3621a62ac12241-runtime [ dir ] Source sd_espeak-ng-mb Source Path sd_espeak-ng-mb Port <Unknown> Host k Source RPM Packages Target RPM Packages SELinux Policy RPM selinux-policy-targeted-38.30-1.fc38.noarch Local Policy RPM selinux-policy-targeted-38.30-1.fc38.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name k Platform Linux k 6.6.2-101.fc38.x86_64 #1 SMP PREEMPT_DYNAMIC Wed Nov 22 21:31:13 UTC 2023 x86_64 Alert Count 3 First Seen 2023-12-03 23:47:39 AKST Last Seen 2023-12-03 23:47:40 AKST Local ID 1c2e2b38-ca10-41e1-a443-55a9bc8980e3 Raw Audit Messages type=AVC msg=audit(1701679660.715:805): avc: denied { add_name } for pid=8833 comm="sd_dummy" name="e6f5e9d96eee4b16be3621a62ac12241-runtime" scontext=system_u:system_r:speech_dispatcher_t:s0 tcontext=system_u:object_r:pulseaudio_home_t:s0 tclass=dir permissive=0 Hash: sd_espeak-ng-mb,speech_dispatcher_t,pulseaudio_home_t,dir,add_name $ got speech speech-dispatcher-espeak-ng-0.11.5-1.fc38.x86_64 speech-dispatcher-0.11.5-1.fc38.x86_64 python3-speechd-0.11.5-1.fc38.x86_64 speech-dispatcher-utils-0.11.5-1.fc38.x86_64 qt6-qtspeech-speechd-6.6.0-1.fc38.x86_64 qt6-qtspeech-6.6.0-1.fc38.x86_64 qt6-qtspeech-flite-6.6.0-1.fc38.x86_64 qt5-qtspeech-speechd-5.15.11-1.fc38.x86_64 qt5-qtspeech-5.15.11-1.fc38.x86_64