1323359 – SELinux is preventing /usr/libexec/colord from read access on the file /etc/udev/hwdb.bin

Bug 1323359 - SELinux is preventing /usr/libexec/colord from read access on the file /etc/udev/hwdb.bin

Summary: SELinux is preventing /usr/libexec/colord from read access on the file /etc/u...

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	selinux-policy-targeted
Sub Component:
Version:	22
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Assignee:	Miroslav Grepl
QA Contact:	Ben Levenson
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2016-04-02 02:55 UTC by Garry T. Williams
Modified:	2016-04-04 12:12 UTC (History)
CC List:	2 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2016-04-04 12:12:21 UTC
Type:	Bug
Dependent Products:

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Garry T. Williams 2016-04-02 02:55:36 UTC

Description of problem:
avc on /usr/libexec/colord

Version-Release number of selected component (if applicable):
selinux-policy-3.13.1-158.11.fc23.noarch
selinux-policy-targeted-3.13.1-158.11.fc23.noarch
libselinux-2.4-4.fc23.x86_64

How reproducible:
Always

Steps to Reproduce:
1. Boot machine
2.
3.

Actual results:
avc

Expected results:
no avc

Additional info:
Additional Information:
Source Context                system_u:system_r:colord_t:s0
Target Context                unconfined_u:object_r:systemd_hwdb_etc_t:s0
Target Objects                /etc/udev/hwdb.bin [ file ]
Source                        colord
Source Path                   /usr/libexec/colord
Port                          <Unknown>
Host                          vfr
Source RPM Packages           colord-1.2.12-1.fc23.x86_64
Target RPM Packages           systemd-222-14.fc23.x86_64
Policy RPM                    selinux-policy-3.13.1-158.11.fc23.noarch
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Enforcing
Host Name                     vfr
Platform                      Linux vfr 4.4.6-300.fc23.x86_64 #1 SMP Wed Mar 16
                              22:10:37 UTC 2016 x86_64 x86_64
Alert Count                   2
First Seen                    2016-04-01 22:40:26 EDT
Last Seen                     2016-04-01 22:40:26 EDT
Local ID                      d220c2df-48b1-4a13-92df-f86ae0166f53

Raw Audit Messages
type=AVC msg=audit(1459564826.870:192): avc:  denied  { read } for  pid=1731 comm="colord" name="hwdb.bin" dev="md1" ino=2364393 scontext=system_u:system_r:colord_t:s0 tcontext=unconfined_u:object_r:systemd_hwdb_etc_t:s0 tclass=file permissive=0


type=SYSCALL msg=audit(1459564826.870:192): arch=x86_64 syscall=open success=no exit=EACCES a0=7fb6e9c41e1b a1=80000 a2=1b6 a3=80000 items=0 ppid=1 pid=1731 auid=4294967295 uid=997 gid=995 euid=997 suid=997 fsuid=997 egid=995 sgid=995 fsgid=995 tty=(none) ses=4294967295 comm=colord exe=/usr/libexec/colord subj=system_u:system_r:colord_t:s0 key=(null)

Hash: colord,colord_t,systemd_hwdb_etc_t,file,read

Note You need to log in before you can comment on or make changes to this bug.