1312463 – SELinux is preventing sogou-qimpanel- from 'setattr' accesses on the directory /var/cache/fontconfig.

Bug 1312463 - SELinux is preventing sogou-qimpanel- from 'setattr' accesses on the directory /var/cache/fontconfig.

Summary: SELinux is preventing sogou-qimpanel- from 'setattr' accesses on the director...

Keywords:
Status:	CLOSED WONTFIX
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	selinux-policy
Sub Component:
Version:	23
Hardware:	x86_64
OS:	Unspecified
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Lukas Vrabec
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:	abrt_hash:7d1c6630d95c8cfaae5911f4167...
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2016-02-26 18:40 UTC by dzqnyb
Modified:	2016-02-29 08:58 UTC (History)
CC List:	5 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2016-02-29 08:58:23 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description dzqnyb 2016-02-26 18:40:55 UTC

Description of problem:
SELinux is preventing sogou-qimpanel- from 'setattr' accesses on the directory /var/cache/fontconfig.

*****  Plugin catchall (100. confidence) suggests   **************************

If 您确定应默认允许 sogou-qimpanel- setattr 访问 fontconfig directory。
Then 您应该将这个情况作为 bug 报告。
您可以生成本地策略模块允许这个访问。
Do
请执行以下命令此时允许这个访问：
# grep sogou-qimpanel- /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp

Additional Information:
Source Context                unconfined_u:unconfined_r:sogou_t:s0-s0:c0.c1023
Target Context                system_u:object_r:fonts_cache_t:s0
Target Objects                /var/cache/fontconfig [ dir ]
Source                        sogou-qimpanel-
Source Path                   sogou-qimpanel-
Port                          <Unknown>
Host                          (removed)
Source RPM Packages           
Target RPM Packages           fontconfig-2.11.94-4.fc23.x86_64
                              fontconfig-2.11.94-4.fc23.i686
Policy RPM                    selinux-policy-3.13.1-158.6.fc23.noarch
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Enforcing
Host Name                     (removed)
Platform                      Linux (removed) 4.3.5-300.fc23.x86_64 #1 SMP Mon
                              Feb 1 03:18:41 UTC 2016 x86_64 x86_64
Alert Count                   6
First Seen                    2016-02-27 02:31:49 CST
Last Seen                     2016-02-27 02:31:56 CST
Local ID                      31838240-1441-4afa-b4a7-6614d2f20369

Raw Audit Messages
type=AVC msg=audit(1456511516.292:460): avc:  denied  { setattr } for  pid=7837 comm="sogou-qimpanel-" name="fontconfig" dev="sda5" ino=2101085 scontext=unconfined_u:unconfined_r:sogou_t:s0-s0:c0.c1023 tcontext=system_u:object_r:fonts_cache_t:s0 tclass=dir permissive=0


Hash: sogou-qimpanel-,sogou_t,fonts_cache_t,dir,setattr

Version-Release number of selected component:
selinux-policy-3.13.1-158.6.fc23.noarch

Additional info:
reporter:       libreport-2.6.4
hashmarkername: setroubleshoot
kernel:         4.3.5-300.fc23.x86_64
type:           libreport

Comment 1 Lukas Vrabec 2016-02-29 08:58:23 UTC

Hi, 
Looks like we don't ship sogou SELinux policy module. 

Where did this module come from?

Note You need to log in before you can comment on or make changes to this bug.