Description of problem: SELinux is preventing accounts-daemon from 'write' accesses on the directory /root. ***** Plugin catchall (100. confidence) suggests ************************** If you believe that accounts-daemon should be allowed write access on the root directory by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # grep accounts-daemon /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context system_u:system_r:accountsd_t:s0 Target Context system_u:object_r:admin_home_t:s0 Target Objects /root [ dir ] Source accounts-daemon Source Path accounts-daemon Port <Unknown> Host (removed) Source RPM Packages Target RPM Packages filesystem-3.2-37.fc24.x86_64 Policy RPM selinux-policy-3.13.1-179.fc24.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 4.5.0-0.rc7.git0.2.fc24.x86_64 #1 SMP Tue Mar 8 02:20:08 UTC 2016 x86_64 x86_64 Alert Count 1 First Seen 2016-03-20 11:09:19 CET Last Seen 2016-03-20 11:09:19 CET Local ID ece385de-d2dd-4c0d-8747-6c6d8d5b1f52 Raw Audit Messages type=AVC msg=audit(1458468559.774:106): avc: denied { write } for pid=939 comm="accounts-daemon" name="root" dev="dm-0" ino=262146 scontext=system_u:system_r:accountsd_t:s0 tcontext=system_u:object_r:admin_home_t:s0 tclass=dir permissive=0 Hash: accounts-daemon,accountsd_t,admin_home_t,dir,write Version-Release number of selected component: selinux-policy-3.13.1-179.fc24.noarch Additional info: reporter: libreport-2.6.4 hashmarkername: setroubleshoot kernel: 4.5.0-0.rc7.git0.2.fc24.x86_64 type: libreport
*** Bug 1325803 has been marked as a duplicate of this bug. ***
Description of problem: I launched a live of Fedora 24 Mate 20160419, opened SELinux Troubleshooter and then found this alert. Version-Release number of selected component: selinux-policy-3.13.1-180.fc24.noarch Additional info: reporter: libreport-2.7.0 hashmarkername: setroubleshoot kernel: 4.5.1-300.fc24.x86_64 reproducible: Not sure how to reproduce the problem type: libreport
*** Bug 1337748 has been marked as a duplicate of this bug. ***
Maybe, to create a new user account is a right way to fix it
*** Bug 1337955 has been marked as a duplicate of this bug. ***
*** Bug 1341543 has been marked as a duplicate of this bug. ***
*** Bug 1341911 has been marked as a duplicate of this bug. ***
This looks like the same bug as 1319459. I'm closing this, since the other has been proposed as blocker for F24 Final. Feel free to reopen this one if I'm wrong. *** This bug has been marked as a duplicate of bug 1331926 ***
*** Bug 1349374 has been marked as a duplicate of this bug. ***
*** Bug 1349595 has been marked as a duplicate of this bug. ***
*** Bug 1350052 has been marked as a duplicate of this bug. ***
*** Bug 1350956 has been marked as a duplicate of this bug. ***
As of accountsservice-0.6.40-4.fc24, directory /root/.cache does get created upon reboot every time it has been removed, and this action does trigger an AVC as reported in /var/log/audit/audit.log but currently -not- by the SELinux Troubleshooter utility. This behaviour contradicts the changelog of package accountsservice which states: * Tue May 31 2016 Ray Strode <rstrode redhat com> - 0.6.40-4 - Don't create /root/.cache at startup Resolves: #1331926
Description of problem: 1. Install F24 Cinammon Spin as a virtual machine in Parallels Version 11.2.0 (32581) on OSX 10.11.5 2. Boot said install 3. SELinux denial appears Version-Release number of selected component: selinux-policy-3.13.1-190.fc24.noarch Additional info: reporter: libreport-2.7.1 hashmarkername: setroubleshoot kernel: 4.5.5-300.fc24.x86_64 reproducible: Not sure how to reproduce the problem type: libreport
*** Bug 1352655 has been marked as a duplicate of this bug. ***
*** Bug 1353017 has been marked as a duplicate of this bug. ***
*** Bug 1354042 has been marked as a duplicate of this bug. ***
*** Bug 1357163 has been marked as a duplicate of this bug. ***
*** Bug 1357373 has been marked as a duplicate of this bug. ***
Description of problem: I'm not sure what caused the problem but it seems it ocurred 20 seconds into the first boot of the system Version-Release number of selected component: selinux-policy-3.13.1-190.fc24.noarch Additional info: reporter: libreport-2.7.1 hashmarkername: setroubleshoot kernel: 4.6.3-300.fc24.x86_64 reproducible: Not sure how to reproduce the problem type: libreport
Description of problem: Ho eseguito un update con dnf e al riavvio si è presentato questo errore notificato da SELinux Version-Release number of selected component: selinux-policy-3.13.1-190.fc24.noarch Additional info: reporter: libreport-2.7.1 hashmarkername: setroubleshoot kernel: 4.6.4-301.fc24.x86_64 reproducible: Not sure how to reproduce the problem type: libreport
*** Bug 1359895 has been marked as a duplicate of this bug. ***
*** Bug 1360942 has been marked as a duplicate of this bug. ***
*** Bug 1361260 has been marked as a duplicate of this bug. ***
*** Bug 1361370 has been marked as a duplicate of this bug. ***
*** Bug 1364548 has been marked as a duplicate of this bug. ***
*** Bug 1364589 has been marked as a duplicate of this bug. ***
*** Bug 1365084 has been marked as a duplicate of this bug. ***
Still a problem in Fedora 25 and appears when booting/autologin from Fedora-Workstation-Live-x86_64-25-20160810.n.0.iso in qemu-kvm VM. Target RPM Packages filesystem-3.2-37.fc24.x86_64 Policy RPM selinux-policy-3.13.1-207.fc25.noarch Platform Linux localhost 4.8.0-0.rc1.git0.1.fc25.x86_64 #1 time->Wed Aug 10 17:21:03 2016 type=AVC msg=audit(1470864063.941:101): avc: denied { write } for pid=972 comm="accounts-daemon" name="root" dev="dm-0" ino=262659 scontext=system_u:system_r:accountsd_t:s0 tcontext=system_u:object_r:admin_home_t:s0 tclass=dir permissive=0
*** Bug 1366192 has been marked as a duplicate of this bug. ***
*** Bug 1366407 has been marked as a duplicate of this bug. ***
*** Bug 1368794 has been marked as a duplicate of this bug. ***
*** Bug 1368802 has been marked as a duplicate of this bug. ***
*** Bug 1369200 has been marked as a duplicate of this bug. ***
AVC will be dontaudited
*** Bug 1370330 has been marked as a duplicate of this bug. ***
*** Bug 1370448 has been marked as a duplicate of this bug. ***
*** Bug 1370559 has been marked as a duplicate of this bug. ***
*** Bug 1372478 has been marked as a duplicate of this bug. ***
This is still a problem with the most recent Fedora 25 workstation nightly, 20160909.n.0, which has selinux-policy-3.13.1-208.fc25.noarch. SELinux is preventing accounts-daemon from write access on the directory root. ***** Plugin catchall (100. confidence) suggests ************************** If you believe that accounts-daemon should be allowed write access on the root directory by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # ausearch -c 'accounts-daemon' --raw | audit2allow -M my-accountsdaemon # semodule -X 300 -i my-accountsdaemon.pp Additional Information: Source Context system_u:system_r:accountsd_t:s0 Target Context system_u:object_r:admin_home_t:s0 Target Objects root [ dir ] Source accounts-daemon Source Path accounts-daemon Port <Unknown> Host localhost Source RPM Packages Target RPM Packages filesystem-3.2-37.fc24.x86_64 Policy RPM selinux-policy-3.13.1-208.fc25.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name localhost.localdomain Platform Linux localhost.localdomain 4.8.0-0.rc4.git0.1.fc25.x86_64 #1 SMP Mon Aug 29 19:28:01 UTC 2016 x86_64 x86_64 Alert Count 1 First Seen 2016-09-10 00:30:30 EDT Last Seen 2016-09-10 00:30:30 EDT Local ID f3507fe1-16bb-4700-bb8d-453926171505 Raw Audit Messages type=AVC msg=audit(1473481830.438:113): avc: denied { write } for pid=1152 comm="accounts-daemon" name="root" dev="dm-0" ino=12 scontext=system_u:system_r:accountsd_t:s0 tcontext=system_u:object_r:admin_home_t:s0 tclass=dir permissive=0 Hash: accounts-daemon,accountsd_t,admin_home_t,dir,write
*** Bug 1376553 has been marked as a duplicate of this bug. ***
selinux-policy-3.13.1-191.16.fc24 has been pushed to the Fedora 24 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-fe39b806b6
*** Bug 1376652 has been marked as a duplicate of this bug. ***
selinux-policy-3.13.1-191.16.fc24 has been pushed to the Fedora 24 stable repository. If problems still persist, please make note of it in this bug report.
*** Bug 1387228 has been marked as a duplicate of this bug. ***
*** Bug 1387930 has been marked as a duplicate of this bug. ***
*** Bug 1392211 has been marked as a duplicate of this bug. ***
*** Bug 1397445 has been marked as a duplicate of this bug. ***
*** Bug 1397855 has been marked as a duplicate of this bug. ***
*** Bug 1403544 has been marked as a duplicate of this bug. ***