Description of problem: Boinc 7.4+ requires access to /dev/input/event* to detect user activity SELinux is preventing boinc_client from 'getattr' accesses on the chr_file /dev/input/event9. ***** Plugin catchall (100. confidence) suggests ************************** If si crede che boinc_client dovrebbe avere possibilità di accesso getattr sui event9 chr_file in modo predefinito. Then si dovrebbe riportare il problema come bug. E' possibile generare un modulo di politica locale per consentire questo accesso. Do allow this access for now by executing: # ausearch -c 'boinc_client' --raw | audit2allow -M my-boincclient # semodule -X 300 -i my-boincclient.pp Additional Information: Source Context system_u:system_r:boinc_t:s0 Target Context system_u:object_r:event_device_t:s0 Target Objects /dev/input/event9 [ chr_file ] Source boinc_client Source Path boinc_client Port <Unknown> Host (removed) Source RPM Packages Target RPM Packages Policy RPM selinux-policy-3.13.1-185.fc24.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 4.5.4-300.fc24.x86_64 #1 SMP Wed May 11 17:57:16 UTC 2016 x86_64 x86_64 Alert Count 2609 First Seen 2016-05-19 17:17:08 CEST Last Seen 2016-05-19 17:21:28 CEST Local ID 14540e25-39ad-4bed-b534-60a6a43ec768 Raw Audit Messages type=AVC msg=audit(1463671288.613:3380): avc: denied { getattr } for pid=4752 comm="boinc_client" path="/dev/input/event9" dev="devtmpfs" ino=15816 scontext=system_u:system_r:boinc_t:s0 tcontext=system_u:object_r:event_device_t:s0 tclass=chr_file permissive=0 Hash: boinc_client,boinc_t,event_device_t,chr_file,getattr Version-Release number of selected component: selinux-policy-3.13.1-185.fc24.noarch Additional info: reporter: libreport-2.7.0 hashmarkername: setroubleshoot kernel: 4.5.4-300.fc24.x86_64 reproducible: Not sure how to reproduce the problem type: libreport
We need to discuss this action.
*** Bug 1340332 has been marked as a duplicate of this bug. ***
This also affects Fedora 23. $ sudo dnf history info 541 Contacting OpenClient Router for restricted repository information Added restricted repo: RHEL-7-x86_64-crashplan Added restricted repo: Fedora-23-x86_64-Licensed Transaction ID : 541 Begin time : Wed Jun 1 11:11:41 2016 Begin rpmdb : 2980:48ad35edd327c68e19f0c3b83283010696de65dc End time : 11:23:23 2016 (11 minutes) End rpmdb : 2982:5fccaf870886552f4812427c0f8a47473603bb02 User : Brandon J. Wyman <v2cib530> Return-Code : Success Command Line : update Transaction performed with: Upgraded dnf-1.1.9-1.fc23.noarch @updates Installed rpm-4.13.0-0.rc1.13.fc23.x86_64 @updates Packages Altered: Upgraded boinc-client-7.2.42-8.gitdd0d630.fc23.x86_64 (unknown) Upgrade 7.6.22-4.fc23.x86_64 @updates Upgraded boinc-manager-7.2.42-8.gitdd0d630.fc23.x86_64 (unknown) Upgrade 7.6.22-4.fc23.x86_64 @updates Upgraded dkms-2.2.0.3-31.git.7c3e7c5.fc23.noarch @@commandline Upgrade 2.2.0.3-34.git.9e0394d.fc23.noarch @updates Upgraded dnf-1.1.9-1.fc23.noarch @updates Upgrade 1.1.9-2.fc23.noarch @updates Upgraded dnf-conf-1.1.9-1.fc23.noarch @updates Upgrade 1.1.9-2.fc23.noarch @updates Upgraded dnf-plugins-core-0.1.21-1.fc23.noarch @updates Upgrade 0.1.21-2.fc23.noarch @updates Upgraded dnf-yum-1.1.9-1.fc23.noarch @updates Upgrade 1.1.9-2.fc23.noarch @updates Upgraded drpm-0.2.0-3.fc23.x86_64 @@commandline Upgrade 0.3.0-3.fc23.x86_64 @updates Upgraded ghdl-0.34dev-0.20160214gite7adf19.0.fc23.x86_64 @updates Upgrade 0.34dev-0.20160317gitf1ddf16.0.fc23.x86_64 @updates Upgraded ghdl-grt-0.34dev-0.20160214gite7adf19.0.fc23.x86_64 @updates Upgrade 0.34dev-0.20160317gitf1ddf16.0.fc23.x86_64 @updates Upgraded google-chrome-stable-50.0.2661.102-1.x86_64 @google-chrome-unstable Upgrade 51.0.2704.63-1.x86_64 @google-chrome-unstable Upgrade google-chrome-unstable-52.0.2743.19-1.x86_64 @google-chrome-unstable Upgraded google-chrome-unstable-52.0.2743.6-1.x86_64 @google-chrome Upgraded iwl100-firmware-39.31.5.1-64.fc23.noarch @updates Upgrade 39.31.5.1-65.fc23.noarch @updates Upgraded iwl105-firmware-18.168.6.1-64.fc23.noarch @updates Upgrade 18.168.6.1-65.fc23.noarch @updates Upgraded iwl135-firmware-18.168.6.1-64.fc23.noarch @updates Upgrade 18.168.6.1-65.fc23.noarch @updates Upgraded iwl2000-firmware-18.168.6.1-64.fc23.noarch @updates Upgrade 18.168.6.1-65.fc23.noarch @updates Upgraded iwl2030-firmware-18.168.6.1-64.fc23.noarch @updates Upgrade 18.168.6.1-65.fc23.noarch @updates Upgraded iwl3945-firmware-15.32.2.9-64.fc23.noarch @updates Upgrade 15.32.2.9-65.fc23.noarch @updates Upgraded iwl4965-firmware-228.61.2.24-64.fc23.noarch @updates Upgrade 228.61.2.24-65.fc23.noarch @updates Upgraded iwl5000-firmware-8.83.5.1_1-64.fc23.noarch @updates Upgrade 8.83.5.1_1-65.fc23.noarch @updates Upgraded iwl5150-firmware-8.24.2.2-64.fc23.noarch @updates Upgrade 8.24.2.2-65.fc23.noarch @updates Upgraded iwl6000-firmware-9.221.4.1-64.fc23.noarch @updates Upgrade 9.221.4.1-65.fc23.noarch @updates Upgraded iwl6000g2a-firmware-18.168.6.1-64.fc23.noarch @updates Upgrade 18.168.6.1-65.fc23.noarch @updates Upgraded iwl6000g2b-firmware-18.168.6.1-64.fc23.noarch @updates Upgrade 18.168.6.1-65.fc23.noarch @updates Upgraded iwl6050-firmware-41.28.5.1-64.fc23.noarch @updates Upgrade 41.28.5.1-65.fc23.noarch @updates Upgraded krb5-devel-1.14.1-5.fc23.x86_64 @updates Upgrade 1.14.1-6.fc23.x86_64 @updates Upgraded krb5-libs-1.14.1-5.fc23.i686 @updates Upgraded krb5-libs-1.14.1-5.fc23.x86_64 @updates Upgrade 1.14.1-6.fc23.i686 @updates Upgrade 1.14.1-6.fc23.x86_64 @updates Upgraded krb5-workstation-1.14.1-5.fc23.x86_64 @updates Upgrade 1.14.1-6.fc23.x86_64 @updates Upgraded libbluray-0.9.2-1.fc23.x86_64 @updates Upgrade 0.9.3-1.fc23.x86_64 @updates Upgraded libimobiledevice-1.2.0-5.fc23.x86_64 @updates Upgrade 1.2.0-7.fc23.x86_64 @updates Upgraded libinput-1.2.4-3.fc23.x86_64 @updates Upgrade 1.2.4-4.fc23.x86_64 @updates Upgraded libnice-0.1.13-2.fc23.x86_64 @@commandline Upgrade 0.1.13-4.fc23.x86_64 @updates Upgraded libnice-gstreamer1-0.1.13-2.fc23.x86_64 @@commandline Upgrade 0.1.13-4.fc23.x86_64 @updates Upgraded libteam-1.24-1.fc23.x86_64 @updates Upgrade 1.25-1.fc23.x86_64 @updates Upgraded libusbmuxd-1.0.10-3.fc23.x86_64 @@commandline Upgrade 1.0.10-5.fc23.x86_64 @updates Upgraded linux-firmware-20160505-64.git8afadbe5.fc23.noarch @updates Upgrade 20160526-65.git80d463be.fc23.noarch @updates Upgraded lshw-B.02.18-2.fc23.x86_64 @updates Upgrade B.02.18-3.fc23.x86_64 @updates Upgraded open-vm-tools-10.0.0-7.fc23.x86_64 @@commandline Upgrade 10.0.5-2.fc23.x86_64 @updates Upgraded open-vm-tools-desktop-10.0.0-7.fc23.x86_64 @@commandline Upgrade 10.0.5-2.fc23.x86_64 @updates Upgraded packagedb-cli-2.12-1.fc23.noarch @updates Upgrade 2.13-1.fc23.noarch @updates Upgraded parted-3.2-18.fc23.x86_64 @updates Upgrade 3.2-19.fc23.x86_64 @updates Upgraded perl-Thread-Queue-3.09-1.fc23.noarch @updates Upgrade 3.11-1.fc23.noarch @updates Upgraded python2-dnf-1.1.9-1.fc23.noarch @updates Upgrade 1.1.9-2.fc23.noarch @updates Upgraded python2-dnf-plugins-core-0.1.21-1.fc23.noarch @updates Upgrade 0.1.21-2.fc23.noarch @updates Upgraded python3-dnf-1.1.9-1.fc23.noarch @updates Upgrade 1.1.9-2.fc23.noarch @updates Upgraded python3-dnf-plugins-core-0.1.21-1.fc23.noarch @updates Upgrade 0.1.21-2.fc23.noarch @updates Upgraded setroubleshoot-3.3.6-1.fc23.x86_64 @updates Upgrade 3.3.7-1.fc23.x86_64 @updates Upgraded setroubleshoot-server-3.3.6-1.fc23.x86_64 @updates Upgrade 3.3.7-1.fc23.x86_64 @updates Upgraded teamd-1.24-1.fc23.x86_64 @updates Upgrade 1.25-1.fc23.x86_64 @updates Upgraded webkitgtk4-2.12.2-2.fc23.x86_64 @updates Upgrade 2.12.3-1.fc23.x86_64 @updates Upgraded webkitgtk4-jsc-2.12.2-2.fc23.x86_64 @updates Upgrade 2.12.3-1.fc23.x86_64 @updates Upgraded webkitgtk4-plugin-process-gtk2-2.12.2-2.fc23.x86_64 @updates Upgrade 2.12.3-1.fc23.x86_64 @updates Install wxBase3-3.0.2-19.fc23.x86_64 @updates Install wxGTK3-3.0.2-19.fc23.x86_64 @updates Upgraded xen-libs-4.5.3-3.fc23.x86_64 @updates Upgrade 4.5.3-5.fc23.x86_64 @updates Upgraded xen-licenses-4.5.3-3.fc23.x86_64 @updates Upgrade 4.5.3-5.fc23.x86_64 @updates Upgraded autocorr-en-1:5.0.6.2-4.fc23.noarch @updates Upgrade 1:5.0.6.2-5.fc23.noarch @updates Upgraded ibm-lotus-notes-updates-1:9.0.1-16.0.i386 @openclient Upgrade 1:9.0.1-17.0.i386 @openclient Upgraded iwl1000-firmware-1:39.31.5.1-64.fc23.noarch @updates Upgrade 1:39.31.5.1-65.fc23.noarch @updates Upgraded iwl3160-firmware-1:25.30.13.0-64.fc23.noarch @updates Upgrade 1:25.30.13.0-65.fc23.noarch @updates Upgraded iwl7260-firmware-1:25.30.13.0-64.fc23.noarch @updates Upgrade 1:25.30.13.0-65.fc23.noarch @updates Upgraded librados2-1:0.94.6-1.fc23.x86_64 @updates Upgrade 1:0.94.7-2.fc23.x86_64 @updates Upgraded librbd1-1:0.94.6-1.fc23.x86_64 @updates Upgrade 1:0.94.7-2.fc23.x86_64 @updates Upgraded libreoffice-calc-1:5.0.6.2-4.fc23.x86_64 @updates Upgrade 1:5.0.6.2-5.fc23.x86_64 @updates Upgraded libreoffice-core-1:5.0.6.2-4.fc23.x86_64 @updates Upgrade 1:5.0.6.2-5.fc23.x86_64 @updates Upgraded libreoffice-draw-1:5.0.6.2-4.fc23.x86_64 @updates Upgrade 1:5.0.6.2-5.fc23.x86_64 @updates Upgraded libreoffice-emailmerge-1:5.0.6.2-4.fc23.x86_64 @updates Upgrade 1:5.0.6.2-5.fc23.x86_64 @updates Upgraded libreoffice-filters-1:5.0.6.2-4.fc23.x86_64 @updates Upgrade 1:5.0.6.2-5.fc23.x86_64 @updates Upgraded libreoffice-graphicfilter-1:5.0.6.2-4.fc23.x86_64 @updates Upgrade 1:5.0.6.2-5.fc23.x86_64 @updates Upgraded libreoffice-impress-1:5.0.6.2-4.fc23.x86_64 @updates Upgrade 1:5.0.6.2-5.fc23.x86_64 @updates Upgraded libreoffice-math-1:5.0.6.2-4.fc23.x86_64 @updates Upgrade 1:5.0.6.2-5.fc23.x86_64 @updates Upgraded libreoffice-opensymbol-fonts-1:5.0.6.2-4.fc23.noarch @updates Upgrade 1:5.0.6.2-5.fc23.noarch @updates Upgraded libreoffice-pdfimport-1:5.0.6.2-4.fc23.x86_64 @updates Upgrade 1:5.0.6.2-5.fc23.x86_64 @updates Upgraded libreoffice-pyuno-1:5.0.6.2-4.fc23.x86_64 @updates Upgrade 1:5.0.6.2-5.fc23.x86_64 @updates Upgraded libreoffice-ure-1:5.0.6.2-4.fc23.x86_64 @updates Upgrade 1:5.0.6.2-5.fc23.x86_64 @updates Upgraded libreoffice-writer-1:5.0.6.2-4.fc23.x86_64 @updates Upgrade 1:5.0.6.2-5.fc23.x86_64 @updates Upgraded libreoffice-xsltfilter-1:5.0.6.2-4.fc23.x86_64 @updates Upgrade 1:5.0.6.2-5.fc23.x86_64 @updates Upgraded perl-Module-CoreList-1:5.20160507-1.fc23.noarch @updates Upgrade 1:5.20160520-1.fc23.noarch @updates Upgraded xscreensaver-1:5.34-1.fc23.x86_64 @@commandline Upgrade 1:5.35-1.fc23.x86_64 @updates Upgraded xscreensaver-base-1:5.34-1.fc23.x86_64 @@commandline Upgrade 1:5.35-1.fc23.x86_64 @updates Upgraded xscreensaver-extras-1:5.34-1.fc23.x86_64 @@commandline Upgrade 1:5.35-1.fc23.x86_64 @updates Upgraded xscreensaver-extras-base-1:5.34-1.fc23.x86_64 @@commandline Upgrade 1:5.35-1.fc23.x86_64 @updates Upgraded xscreensaver-gl-base-1:5.34-1.fc23.x86_64 @@commandline Upgrade 1:5.35-1.fc23.x86_64 @updates Upgraded xscreensaver-gl-extras-1:5.34-1.fc23.x86_64 @@commandline Upgrade 1:5.35-1.fc23.x86_64 @updates Upgraded ibm-notes-config-2:9.0.1-78.i386 @openclient Upgrade 2:9.0.1-79.i386 @openclient Upgrade libcacard-2:2.4.1-10.fc23.x86_64 @updates Upgraded libcacard-2:2.4.1-9.fc23.x86_64 @updates Upgraded libertas-usb8388-firmware-2:20160505-64.git8afadbe5.fc23.noarch @updates Upgrade 2:20160526-65.git80d463be.fc23.noarch @updates Upgrade qemu-common-2:2.4.1-10.fc23.x86_64 @updates Upgraded qemu-common-2:2.4.1-9.fc23.x86_64 @updates Upgrade qemu-guest-agent-2:2.4.1-10.fc23.x86_64 @updates Upgraded qemu-guest-agent-2:2.4.1-9.fc23.x86_64 @updates Upgrade qemu-img-2:2.4.1-10.fc23.x86_64 @updates Upgraded qemu-img-2:2.4.1-9.fc23.x86_64 @updates Upgrade qemu-kvm-2:2.4.1-10.fc23.x86_64 @updates Upgraded qemu-kvm-2:2.4.1-9.fc23.x86_64 @updates Upgrade qemu-system-x86-2:2.4.1-10.fc23.x86_64 @updates Upgraded qemu-system-x86-2:2.4.1-9.fc23.x86_64 @updates Scriptlet output: 1 Redirecting to /bin/systemctl start atd.service 2 Redirecting to /bin/systemctl start atd.service 3 You can customize what plugins you want installed in /etc/ibm/notes/disable-plugins.cfg 4 Creating a new global configuration file, the following features will be enabled - 5 voicerite.feature sut_hotfix.feature sut_blue.feature st-gateway.feature issi.feature ibm_lotus_sametime_issi.feature ibm_lotus_sametime.feature ibm_lotus_opensocial.feature ibm_lotus_notes-nl1.feature ibm_lotus_feedreader-nl1.feature ibm_lotus_feedreader.feature ibm_lotus_activities.feature hotfix_fp.feature dictionaries.feature connections.feature 6 Cleaning up.. 7 Updating Desktop Database 8 Fix mime issue 9 Updating icons 10 kernel.shmmax = 50331648 11 kernel.shmall = 50331648 12 Setting mailto to notes 13 Applying notes binary hotfix fixpack_20160423.1936.FP6 14 /opt/ibm/notes/res/ca_ES / 15 / 16 /opt/ibm/notes/res/de_DE / 17 / 18 /opt/ibm/notes/res/es_ES / 19 / 20 /opt/ibm/notes/res/fr_FR / 21 / 22 /opt/ibm/notes/res/it_IT / 23 / 24 /opt/ibm/notes/res/ja_JP / 25 / 26 /opt/ibm/notes/res/ko_KR / 27 / 28 /opt/ibm/notes/res/pt_BR / 29 / 30 /opt/ibm/notes/res/zh_CN / 31 / 32 /opt/ibm/notes/res/zh_TW / 33 / 34 * soft nofile 2048 35 * hard nofile 2048 36 IBM Lotus Notes 9.0.1 Fix Pack 5 Interim Fix 2 for the Linux Notes Client 37 dconsole.jar 38 dconsoleSE.jar 39 dconsoleenh.jar 40 dconsoleeval.jar 41 dconsolexpages.jar 42 libnotes.so 43 jconsole 44 libsslplus.so 45 libnotes.so.sym 46 sbinder 47 lnotes 48 scontroller 49 chmod: cannot access ‘/opt/ibm/notes/framework/shared/eclipse/plugins/com.ibm.notes.branding.version_9.0.1.20160423-1936/abou’: No such file or directory 50 /var/tmp/rpm-tmp.BGvpcF: line 307: t.mappings: command not found 51 Fixing permissions, to correct problems. 52 Fixing BluePages Photos 53 Fixing screensaver idle 54 canwatchscreensaver 55 sametime_mongss.sh 56 watchscreensaver $
As package co-maintainer, I started retrieving infos about the reasons why BOINC tried to access /dev/input https://boinc.berkeley.edu/dev/forum_thread.php?id=11041
Me too. Needed to downgrade. The key issues, as I see them: * boinc-client 7.4.42 is the current, offical Linux release. * boinc-client 7.6 is pre-release/beta for Linux. * boinc-client 7.4 was running unconfined since the log redirection script broke the SELinux process transitions. * boinc-client-7.4 was fixed to enforce SELinux confinement. * boinc 7.6 adds new functionality to check input sources for activity. * SELinux policy does not allow boinc-client access to input devices. * boinc-client-7.6 does not notice AVC denial and spams logs. Possible options: * Revert boinc-client to the official 7.4 series. Will need to increment package epoch to handle downgrade. * Reinstate the log redirection script to run boinc-client unconfined. or * Modify the systemd unit file to explicitly run unconfined. Not optimal. * Update selinux-policy-targeted. Run 7.6 permissive and collect AVC information. Work with SELinux policy maintainers to audit and approve requirements. Lots of work. * Work with upstream to resolve in 7.6 series. Switch or #ifdef to skip the offending code (client/hostinfo.cpp). Better fit for headless servers. Lots of work and will take time. I'd vote to revert to the 7.4 series. --DaveG.
(In reply to DaveG from comment #5) > > Possible options: > * Revert boinc-client to the official 7.4 series. > Will need to increment package epoch to handle downgrade. Downgrade is not an option since the problem is easy to fix > * Reinstate the log redirection script to run boinc-client unconfined. > or > * Modify the systemd unit file to explicitly run unconfined. > Not optimal. boinc cannot run unconfined again. > * Update selinux-policy-targeted. > Run 7.6 permissive and collect AVC information. > Work with SELinux policy maintainers to audit and approve requirements. > Lots of work. We have already been told to handle this problem. > * Work with upstream to resolve in 7.6 series. > Switch or #ifdef to skip the offending code (client/hostinfo.cpp). > Better fit for headless servers. > Lots of work and will take time. This is the solution. A patch either for Fedora only, or upstream. I will be working on this as soon I have some free time.
Description of problem: Whenever boinc is running, these errors pile up. setroubleshootd often has a high CPU usage because of this. So there are many of these AVC's generated. Version-Release number of selected component: selinux-policy-3.13.1-158.15.fc23.noarch Additional info: reporter: libreport-2.6.4 hashmarkername: setroubleshoot kernel: 4.5.6-200.fc23.x86_64 type: libreport
Description of problem: BOINC client Version-Release number of selected component: selinux-policy-3.13.1-158.15.fc23.noarch Additional info: reporter: libreport-2.6.4 hashmarkername: setroubleshoot kernel: 4.5.6-200.fc23.x86_64 type: libreport
https://lists.fedoraproject.org/archives/list/security-team@lists.fedoraproject.org/thread/P5PWUJQKKKLOUHBG46HSKTQ2ISNJ2P6V/
I contacted upstream developers, giving them a suggestion about how to implement user idle time detection in systemd based Linux distributions https://github.com/BOINC/boinc/issues/1187#issuecomment-225699768
Message sent also to boinc devel mailing list http://lists.ssl.berkeley.edu/pipermail/boinc_dev/2016-June/022229.html
Description of problem: /dev/somthing/event* is counting down event7 to event 1 in the selinux troubleshooter and https://bugzilla.redhat.com/show_bug.cgi?id=1181308 may be related Version-Release number of selected component: selinux-policy-3.13.1-158.15.fc23.noarch Additional info: reporter: libreport-2.6.4 hashmarkername: setroubleshoot kernel: 4.5.6-200.fc23.i686 type: libreport
Description of problem: possibly related bugs? https://retrace.fedoraproject.org/faf/reports/bthash/0a9d4d46885b20275fea5f69e63ed895f0fd83cb https://retrace.fedoraproject.org/faf/reports/bthash/94b2942b25a4e975f958517df0e6cdc46e760ed0 https://retrace.fedoraproject.org/faf/reports/bthash/914d0d7839020a08f14a4599287d9e681acaabc0 https://retrace.fedoraproject.org/faf/reports/bthash/d07acdc19fba689d73d26c19556e9cab835e6274 https://retrace.fedoraproject.org/faf/reports/bthash/93fe9bb1af9021f768977fa3b6319b6346e14cf5 https://retrace.fedoraproject.org/faf/reports/bthash/3a0ed41a54220fea8e34d8a812ca31ada6127d0b https://bugzilla.redhat.com/show_bug.cgi?id=1300212 https://retrace.fedoraproject.org/faf/reports/bthash/19ee31d5eb30ecad008327d0c4a4895a63f322fa Version-Release number of selected component: selinux-policy-3.13.1-158.15.fc23.noarch Additional info: reporter: libreport-2.6.4 hashmarkername: setroubleshoot kernel: 4.5.6-200.fc23.i686 type: libreport
Description of problem: After the upgrade to Fedora 24 from Fedora 23 Selinux gave this error. It is a cycling error whitch ranges from event0 till event15. Allowing by a local rule is rejected: Failed to create node Bad boolean declaration at line 148 of /var/lib/selinux/targeted/tmp/modules/100/virt/cil semodule: Failed! That went for -X 300 and -X 500; also no -X was rejected with the same error. It worked in Fedora 23, but I must admit that after the upgrade of Boinc also gave me problems, that I could resolve. Version-Release number of selected component: selinux-policy-3.13.1-190.fc24.noarch Additional info: reporter: libreport-2.7.1 hashmarkername: setroubleshoot kernel: 4.5.7-300.fc24.x86_64+debug reproducible: Not sure how to reproduce the problem type: libreport
It recurred after I stopped the clients, re-applied with -X500 that was accepted, restarted client, verified the running of the client, started manager, got new work-units. I think the recurrence started when a checkpoint was to be written, however that is a guess. Stopping the manager and the clients did at the end stop Selinux from cycling in the reporting screen.
After a reinstall due to advice/request to a standard-install it disappeared, however, upgrading selinux to the latest version (3.13.1-191.5.fc24 upgrade on july 19th, 2016) it recurred. Boinc-client is running, however if it is running correctly is doubt. Note: Actions of SeLinux are not in compliance with each other: the advice that is given by the gui is different than what given by the computer: >> start PC output << root ~ ausearch -c 'boinc_client' --raw | audit2allow -M my-boincclient ******************** IMPORTANT *********************** To make this policy package active, execute: semodule -i my-boincclient.pp root ~ semodule -i my-boincclient.pp Re-declaration of boolean virt_sandbox_use_fusefs Failed to create node Bad boolean declaration at line 148 of /var/lib/selinux/targeted/tmp/modules/100/virt/cil semodule: Failed! >> end PC output << >>Start GUI SeApplet << root ~ ausearch -c 'boinc_client' --raw | audit2allow -M my-boincclient ******************** IMPORTANT *********************** To make this policy package active, execute: semodule -i my-boincclient.pp root ~ semodule -X 300 -i my-boincclient.pp libsemanage.semanage_direct_install_info: A higher priority my-boincclient module exists at priority 400 and will override the module currently being installed at priority 300. Re-declaration of boolean virt_sandbox_use_fusefs Failed to create node Bad boolean declaration at line 148 of /var/lib/selinux/targeted/tmp/modules/100/virt/cil semodule: Failed! >> end GUI SeApplet <<
*** Bug 1047044 has been marked as a duplicate of this bug. ***
(In reply to Herman Grootaers from comment #16) This bugreport is not about virtual box sandbox SELinux alerts, please fill another bugreport
The actual situation is: 1) upstream is going to start working on a new idle time detection approach, as I suggested in https://github.com/BOINC/boinc/issues/1187#issuecomment-225699768 2) Meanwhile, since 1) will require an undefinite amount of time, as soon I have some free time I will try to disable the idle detection code. Here you can see some useful piece of code https://github.com/BOINC/boinc/blob/master/client/hostinfo_unix.cpp#L1686 Any help is welcome :-)
boinc-client-7.6.22-7.fc23 has been submitted as an update to Fedora 23. https://bodhi.fedoraproject.org/updates/FEDORA-2016-a35db13be2
boinc-client-7.6.22-7.fc24 has been submitted as an update to Fedora 24. https://bodhi.fedoraproject.org/updates/FEDORA-2016-b7c5ba70ea
boinc-client-7.6.22-7.fc23 has been pushed to the Fedora 23 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-a35db13be2
boinc-client-7.6.22-7.fc24 has been pushed to the Fedora 24 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-b7c5ba70ea
boinc-client-7.6.22-7.fc24 has been pushed to the Fedora 24 stable repository. If problems still persist, please make note of it in this bug report.
boinc-client-7.6.22-7.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.
boinc-client-7.6.22-7.el7 has been pushed to the Fedora EPEL 7 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-5e04a4a471
(In reply to Fedora Update System from comment #24) > boinc-client-7.6.22-7.fc24 has been pushed to the Fedora 24 stable > repository. If problems still persist, please make note of it in this bug > report. This package worked for me for some time, but since mid-August it stopped working. Boinc is not able to detect when the computer is idle again. Maybe something change in Gnome3 that affect boinc-client? I am running Fedora 24.
(In reply to Leonardo Garcia from comment #27) > (In reply to Fedora Update System from comment #24) > > boinc-client-7.6.22-7.fc24 has been pushed to the Fedora 24 stable > > repository. If problems still persist, please make note of it in this bug > > report. > > This package worked for me for some time, but since mid-August it stopped > working. Boinc is not able to detect when the computer is idle again. Maybe > something change in Gnome3 that affect boinc-client? I am running Fedora 24. Before my workaround patch, BOINC idle time did not work. Now as you can see from my comments, I removed the idle detection broken feature. Upstream developers are working on a new solution
boinc-client-7.6.22-7.el7 has been pushed to the Fedora EPEL 7 stable repository. If problems still persist, please make note of it in this bug report.
Issue seems unresolved in 'Fedora release 26 (Twenty Six)', with package --- $ dnf info boinc-manager Last metadata expiration check: 0:00:22 ago on Vi 10 nov 2017 14:27:04 +0200. Installed Packages Name : boinc-manager Version : 7.6.22 Release : 7.fc25 Arch : x86_64 Size : 6.3 M Source : boinc-client-7.6.22-7.fc25.src.rpm Repo : @System From repo : fedora Summary : GUI to control and monitor boinc-client URL : http://boinc.berkeley.edu/ License : LGPLv2+ Description : The BOINC Manager is a graphical monitor and control utility for the BOINC : core client. It gives a detailed overview of the state of the client it is : monitoring. The BOINC Manager has two modes of operation, the "Simple View" : in which it only displays the most important information and the "Advanced : View" in which all information and all control elements are available. --- That is, idle detection does [still...?] not work in boinc-manager. Any news on it...? Thank you.
(In reply to Iosif Fettich from comment #30) > Issue seems unresolved in 'Fedora release 26 (Twenty Six)', with package You are right. More infos at https://github.com/BOINC/boinc/issues/1187#issuecomment-339070513
Errata with a "hack around" that disables at least the SELinux alerts. A working idle time detection must be implemented by upstream developers.
(In reply to Germano Massullo from comment #32) > Errata with a "hack around" that disables at least the SELinux alerts. I meant "[...] that does not trigger SELinux alerts"
(In reply to Germano Massullo from comment #33) > (In reply to Germano Massullo from comment #32) > > Errata with a "hack around" that disables at least the SELinux alerts. > > I meant "[...] that does not trigger SELinux alerts" i agree and im starting to think something fishy going on at fedora in the last fiew versions. is it just me or is kerneloops, watchdog and abrt not working so good lateley in fedora? it dosent suprise me that my hard drives are burning out but whats so interesting is the where the bad sectors are showing up and where i get the [drdy err] and how when i mount fedora 27 on a live disk and fix it with e2fsck it mostly keeps working without freezing until i visit facebook or youtube then the chain of hard drive errors reappear