Bug 1323359 - SELinux is preventing /usr/libexec/colord from read access on the file /etc/udev/hwdb.bin
Summary: SELinux is preventing /usr/libexec/colord from read access on the file /etc/u...
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted
Version: 22
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Miroslav Grepl
QA Contact: Ben Levenson
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-04-02 02:55 UTC by Garry T. Williams
Modified: 2016-04-04 12:12 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2016-04-04 12:12:21 UTC
Type: Bug


Attachments (Terms of Use)

Description Garry T. Williams 2016-04-02 02:55:36 UTC
Description of problem:
avc on /usr/libexec/colord

Version-Release number of selected component (if applicable):
selinux-policy-3.13.1-158.11.fc23.noarch
selinux-policy-targeted-3.13.1-158.11.fc23.noarch
libselinux-2.4-4.fc23.x86_64

How reproducible:
Always

Steps to Reproduce:
1. Boot machine
2.
3.

Actual results:
avc

Expected results:
no avc

Additional info:
Additional Information:
Source Context                system_u:system_r:colord_t:s0
Target Context                unconfined_u:object_r:systemd_hwdb_etc_t:s0
Target Objects                /etc/udev/hwdb.bin [ file ]
Source                        colord
Source Path                   /usr/libexec/colord
Port                          <Unknown>
Host                          vfr
Source RPM Packages           colord-1.2.12-1.fc23.x86_64
Target RPM Packages           systemd-222-14.fc23.x86_64
Policy RPM                    selinux-policy-3.13.1-158.11.fc23.noarch
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Enforcing
Host Name                     vfr
Platform                      Linux vfr 4.4.6-300.fc23.x86_64 #1 SMP Wed Mar 16
                              22:10:37 UTC 2016 x86_64 x86_64
Alert Count                   2
First Seen                    2016-04-01 22:40:26 EDT
Last Seen                     2016-04-01 22:40:26 EDT
Local ID                      d220c2df-48b1-4a13-92df-f86ae0166f53

Raw Audit Messages
type=AVC msg=audit(1459564826.870:192): avc:  denied  { read } for  pid=1731 comm="colord" name="hwdb.bin" dev="md1" ino=2364393 scontext=system_u:system_r:colord_t:s0 tcontext=unconfined_u:object_r:systemd_hwdb_etc_t:s0 tclass=file permissive=0


type=SYSCALL msg=audit(1459564826.870:192): arch=x86_64 syscall=open success=no exit=EACCES a0=7fb6e9c41e1b a1=80000 a2=1b6 a3=80000 items=0 ppid=1 pid=1731 auid=4294967295 uid=997 gid=995 euid=997 suid=997 fsuid=997 egid=995 sgid=995 fsgid=995 tty=(none) ses=4294967295 comm=colord exe=/usr/libexec/colord subj=system_u:system_r:colord_t:s0 key=(null)

Hash: colord,colord_t,systemd_hwdb_etc_t,file,read


Note You need to log in before you can comment on or make changes to this bug.