Bug 1341753 - SELinux is preventing (uetoothd) from 'mounton' accesses on the directory /etc.
Summary: SELinux is preventing (uetoothd) from 'mounton' accesses on the directory /etc.
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy
Version: 24
Hardware: x86_64
OS: Unspecified
high
high
Target Milestone: ---
Assignee: Lukas Vrabec
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard: abrt_hash:1e08af52a4a54971144f553c0a3...
: 1342273 1342708 1347963 1361819 1366056 (view as bug list)
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-06-01 17:07 UTC by Zdenek Chmelar
Modified: 2016-09-19 04:05 UTC (History)
90 users (show)

Fixed In Version: selinux-policy-3.13.1-191.9.fc24 selinux-policy-3.13.1-191.10.fc24
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2016-08-12 19:28:52 UTC
Type: ---


Attachments (Terms of Use)

Description Zdenek Chmelar 2016-06-01 17:07:44 UTC
Description of problem:
Appeared right after the login on the desktop (Gnome)
SELinux is preventing (uetoothd) from 'mounton' accesses on the directory /etc.

*****  Plugin catchall_labels (83.8 confidence) suggests   *******************

If you want to allow (uetoothd) to have mounton access on the etc directory
Then you need to change the label on /etc
Do
# semanage fcontext -a -t FILE_TYPE '/etc'
where FILE_TYPE is one of the following: admin_home_t, anon_inodefs_t, audit_spool_t, auditd_log_t, autofs_t, automount_tmp_t, bacula_store_t, binfmt_misc_fs_t, boot_t, capifs_t, cephfs_t, cgroup_t, cifs_t, container_image_t, debugfs_t, default_t, device_t, devpts_t, dnssec_t, dosfs_t, ecryptfs_t, efivarfs_t, fusefs_t, home_root_t, hugetlbfs_t, ifconfig_var_run_t, init_var_run_t, initrc_tmp_t, iso9660_t, kdbusfs_t, mail_spool_t, mnt_t, mqueue_spool_t, named_conf_t, news_spool_t, nfs_t, nfsd_fs_t, openshift_tmp_t, openshift_var_lib_t, oracleasmfs_t, proc_t, proc_xen_t, pstore_t, public_content_rw_t, public_content_t, ramfs_t, random_seed_t, removable_t, root_t, rpc_pipefs_t, security_t, spufs_t, src_t, svirt_sandbox_file_t, sysctl_fs_t, sysctl_t, sysfs_t, sysv_t, tmp_t, tmpfs_t, usbfs_t, user_home_dir_t, user_home_t, user_tmp_t, usr_t, var_lib_nfs_t, var_lib_t, var_lock_t, var_log_t, var_run_t, var_t, virt_image_t, virt_var_lib_t, vmblock_t, vxfs_t, xend_var_lib_t, xend_var_run_t, xenfs_t, xenstored_var_lib_t.
Then execute:
restorecon -v '/etc'


*****  Plugin catchall (17.1 confidence) suggests   **************************

If you believe that (uetoothd) should be allowed mounton access on the etc directory by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# ausearch -c '(uetoothd)' --raw | audit2allow -M my-uetoothd
# semodule -X 300 -i my-uetoothd.pp

Additional Information:
Source Context                system_u:system_r:init_t:s0
Target Context                system_u:object_r:etc_t:s0
Target Objects                /etc [ dir ]
Source                        (uetoothd)
Source Path                   (uetoothd)
Port                          <Unknown>
Host                          (removed)
Source RPM Packages           
Target RPM Packages           filesystem-3.2-37.fc24.x86_64
Policy RPM                    selinux-policy-3.13.1-190.fc24.noarch
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Enforcing
Host Name                     (removed)
Platform                      Linux (removed) 4.5.5-300.fc24.x86_64 #1 SMP Thu
                              May 19 13:05:32 UTC 2016 x86_64 x86_64
Alert Count                   1
First Seen                    2016-06-01 19:05:19 CEST
Last Seen                     2016-06-01 19:05:19 CEST
Local ID                      af9d8e01-bd99-4ada-a230-b3412a5f8817

Raw Audit Messages
type=AVC msg=audit(1464800719.714:362): avc:  denied  { mounton } for  pid=1796 comm="(uetoothd)" path="/etc" dev="dm-0" ino=524291 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:etc_t:s0 tclass=dir permissive=0


Hash: (uetoothd),init_t,etc_t,dir,mounton

Version-Release number of selected component:
selinux-policy-3.13.1-190.fc24.noarch

Additional info:
reporter:       libreport-2.7.1
hashmarkername: setroubleshoot
kernel:         4.5.5-300.fc24.x86_64
reproducible:   Not sure how to reproduce the problem
type:           libreport

Comment 1 Bernardo Donadio 2016-06-02 23:23:19 UTC
Description of problem:
I´m not sure why this was triggered, only that it was during or a little after an yum update.

Version-Release number of selected component:
selinux-policy-3.13.1-190.fc24.noarch

Additional info:
reporter:       libreport-2.7.1
hashmarkername: setroubleshoot
kernel:         4.5.4-300.fc24.x86_64
reproducible:   Not sure how to reproduce the problem
type:           libreport

Comment 2 Biji 2016-06-04 15:49:08 UTC
Description of problem:
after login

Version-Release number of selected component:
selinux-policy-3.13.1-190.fc24.noarch

Additional info:
reporter:       libreport-2.7.1
hashmarkername: setroubleshoot
kernel:         4.5.5-300.fc24.x86_64
reproducible:   Not sure how to reproduce the problem
type:           libreport

Comment 3 Karel Volný 2016-06-06 10:55:46 UTC
what the hell is "uetoothd"? - there is no such binary, something very very bad must be happening here ...

Comment 4 Petr Lautrbach 2016-06-06 18:57:11 UTC
It's a filename of the executable, resp the executable's name from the task structure. You can find it in the comm= field in the audit record event.

In this particular case it's most likely a bluetoothd process.

Comment 5 Jared Smith 2016-06-07 19:16:07 UTC
Description of problem:
Installed F24 beta, then did a DNF upgrade to latest bits.  Noticed this SELinux alert while the update was running.

Version-Release number of selected component:
selinux-policy-3.13.1-190.fc24.noarch

Additional info:
reporter:       libreport-2.7.1
hashmarkername: setroubleshoot
kernel:         4.5.2-302.fc24.x86_64
reproducible:   Not sure how to reproduce the problem
type:           libreport

Comment 6 Zdenek Chmelar 2016-06-09 09:02:37 UTC
Description of problem:
I found this report after the login on the desktop (gnome)

Version-Release number of selected component:
selinux-policy-3.13.1-190.fc24.noarch

Additional info:
reporter:       libreport-2.7.1
hashmarkername: setroubleshoot
kernel:         4.5.6-300.fc24.x86_64
reproducible:   Not sure how to reproduce the problem
type:           libreport

Comment 7 Petr Lautrbach 2016-06-10 11:36:46 UTC
*** Bug 1342708 has been marked as a duplicate of this bug. ***

Comment 8 Petr Lautrbach 2016-06-10 11:36:49 UTC
*** Bug 1342273 has been marked as a duplicate of this bug. ***

Comment 9 dzspam 2016-06-15 12:04:50 UTC
Description of problem:
To reproduce
1 - Fresh Install of f24 beta from fedora official website (did not produce such notification)
2- dnf upgrade to get the latest bits
 => notification of two errors with SELinux

	a_ This one says "SELinux is preventing (uetoothd) from mounton access on the directory /etc."

{Note : confirming that this error notification says "uetoothd" not sure if this is a mispelling of bluetoothd?}

	b_  Another one says  "SELinux is preventing accounts-daemon from write access on the directory root."

Version-Release number of selected component:
selinux-policy-3.13.1-190.fc24.noarch

Additional info:
reporter:       libreport-2.7.1
hashmarkername: setroubleshoot
kernel:         4.5.2-302.fc24.x86_64
reproducible:   Not sure how to reproduce the problem
type:           libreport

Comment 10 Paul Moore 2016-06-15 12:53:48 UTC
The "comm" field is an unreliable way to determine the process name; it has a limited size and can be racy.  The prefered method for determining the process name is via the PROCTITLE audit record, although it is hex encoded (using 'ausearch -i' will help decode the PROCTITLE command string).

Comment 11 Paul Moore 2016-06-15 15:39:51 UTC
To add to my last comment, the task_struct->comm field is not currently protected by any locks/semaphores/etc. which means that it is possible for it be changed while we are copying the ->comm string into the audit record.  It seems odd to me that the front of "bluetoothd" is being stripped, as I would have expected the end to get cut, but anything is possible without any synchronization between readers and writers.

Comment 12 dzspam 2016-06-16 22:44:56 UTC
Description of problem:
occurs at every boot

Version-Release number of selected component:
selinux-policy-3.13.1-190.fc24.noarch

Additional info:
reporter:       libreport-2.7.1
hashmarkername: setroubleshoot
kernel:         4.5.7-300.fc24.x86_64
reproducible:   Not sure how to reproduce the problem
type:           libreport

Comment 13 robi 2016-06-19 11:37:22 UTC
*** Bug 1347963 has been marked as a duplicate of this bug. ***

Comment 14 ricardobr 2016-06-23 18:36:55 UTC
(In reply to dzspam from comment #12)
> Description of problem:
> occurs at every boot
> 
> Version-Release number of selected component:
> selinux-policy-3.13.1-190.fc24.noarch
> 
> Additional info:
> reporter:       libreport-2.7.1
> hashmarkername: setroubleshoot
> kernel:         4.5.7-300.fc24.x86_64
> reproducible:   Not sure how to reproduce the problem
> type:           libreport

Occurs at every boot.

Comment 15 Dan Callahan 2016-06-25 16:49:23 UTC
I'm seeing the same error. As a result, I'm unable to add or remove any Bluetooth devices in Settings -> Bluetooth, nor am I able to connect to my bluetooth speakers which I had successfully configured in F23 before the upgrade to F24.

Comment 16 Bernardo Donadio 2016-06-29 22:40:37 UTC
Indeed. I had not noticed before, but this issue prevents the Gnome bluetooth subsystem from detecting the dongle correctly.

Despite bluetoothctl detecting normally the dongle and nearby devices, the Gnome GUI is unable to interact with the dongle, and it also generates this AVC.

It definitely references the /usr/libexec/bluetooth/bluetoothd binary, however, I'm not sure neither why it did truncate the first character, nor what is the proper fix in this situation. Also, sealert couldn't give any marginally sane solution.

Comment 17 Michael Chapman 2016-07-07 11:52:25 UTC
(In reply to Paul Moore from comment #11)
> To add to my last comment, the task_struct->comm field is not currently
> protected by any locks/semaphores/etc. which means that it is possible for
> it be changed while we are copying the ->comm string into the audit record. 
> It seems odd to me that the front of "bluetoothd" is being stripped, as I
> would have expected the end to get cut, but anything is possible without any
> synchronization between readers and writers.

When systemd forks off a child process, it sets comm to the last few characters of the executable name, all enclosed in parentheses. This is so that things like systemd-networkd, systemd-resolved, systemd-journald, etc. can be distinguished from one another rather than all appearing as something like "(systemd-)".

Anyway, this bug has nothing to do with bluetoothd. I just got these AVC denials:

  type=AVC msg=audit(1467890056.999:14679): avc:  denied  { mounton } for  pid=28103 comm="(doveadm)" path="/etc" dev="dm-0" ino=8388705 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:etc_t:s0 tclass=dir permissive=1
  type=AVC msg=audit(1467890073.121:77): avc:  denied  { mounton } for  pid=692 comm="(rtscript)" path="/etc" dev="dm-0" ino=8388705 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:etc_t:s0 tclass=dir permissive=0
  type=AVC msg=audit(1467890073.174:80): avc:  denied  { mounton } for  pid=697 comm="(networkd)" path="/etc" dev="dm-0" ino=8388705 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:etc_t:s0 tclass=dir permissive=0
  type=AVC msg=audit(1467890073.258:86): avc:  denied  { mounton } for  pid=715 comm="(dovecot)" path="/etc" dev="dm-0" ino=8388705 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:etc_t:s0 tclass=dir permissive=0

All of these systemd services have:

  ProtectSystem=yes

which amongst other things wants to remount /etc read-only.

Some local policy is currently working around the issue:

  allow init_t etc_t:dir mounton;

Would be good to get this in selinux-policy-targeted.

Comment 18 dorsy 2016-07-19 07:36:02 UTC
Description of problem:
dnf update triggered it, relevant packages:
bluez.x86_64 5.40-2.fc24
bluez-cups.x86_64 5.40-2.fc24                                               
bluez-libs.x86_64 5.40-2.fc24
bluez-obexd.x86_64 5.40-2.fc24
selinux-policy.noarch 3.13.1-191.5.fc24
selinux-policy-targeted.noarch 3.13.1-191.5.fc24

Version-Release number of selected component:
selinux-policy-3.13.1-191.5.fc24.noarch

Additional info:
reporter:       libreport-2.7.1
hashmarkername: setroubleshoot
kernel:         4.6.3-300.fc24.x86_64
reproducible:   Not sure how to reproduce the problem
type:           libreport

Comment 19 Stephen Gallagher 2016-07-20 11:46:33 UTC
Description of problem:
I was performing a dnf update:

$ sudo dnf history info 56
Transaction ID : 56
Begin time     : Wed Jul 20 07:43:22 2016
Begin rpmdb    : 2311:838d93c3d00696beb64aa321075836cd8fa92621
End time       :            07:45:09 2016 (107 seconds)
End rpmdb      : 2333:5320717b315b60bd85a735bd599b0656103adbba
User           : System <unset>
Return-Code    : Success
Command Line   : update --exclude=gnome-online-accounts --allowerasing --exclude=kernel* --best
Transaction performed with:
    Installed     dnf-1.1.9-2.fc24.noarch         @koji-override-1
    Installed     rpm-4.13.0-0.rc1.27.fc24.x86_64 @koji-override-1
Packages Altered:
    Upgraded GeoIP-GeoLite-data-2016.05-1.fc24.noarch                 @koji-override-1
    Upgrade                     2016.07-1.fc24.noarch                 @updates
    Upgraded PackageKit-1.1.1-3.fc24.x86_64                           (unknown)
    Upgrade             1.1.3-1.fc24.x86_64                           @updates
    Upgraded PackageKit-command-not-found-1.1.1-3.fc24.x86_64         (unknown)
    Upgrade                               1.1.3-1.fc24.x86_64         @updates
    Upgraded PackageKit-glib-1.1.1-3.fc24.x86_64                      (unknown)
    Upgrade                  1.1.3-1.fc24.x86_64                      @updates
    Upgraded PackageKit-gstreamer-plugin-1.1.1-3.fc24.x86_64          (unknown)
    Upgrade                              1.1.3-1.fc24.x86_64          @updates
    Upgraded PackageKit-gtk3-module-1.1.1-3.fc24.x86_64               (unknown)
    Upgrade                         1.1.3-1.fc24.x86_64               @updates
    Upgraded SDL2-2.0.4-4.fc24.i686                                   @fedora
    Upgraded SDL2-2.0.4-4.fc24.x86_64                                 @koji-override-1
    Upgrade       2.0.4-6.fc24.i686                                   @updates
    Upgrade       2.0.4-6.fc24.x86_64                                 @updates
    Upgraded audit-2.6.2-1.fc24.x86_64                                (unknown)
    Upgrade        2.6.5-1.fc24.x86_64                                @updates
    Upgraded audit-libs-2.6.2-1.fc24.i686                             (unknown)
    Upgraded audit-libs-2.6.2-1.fc24.x86_64                           (unknown)
    Upgrade             2.6.5-1.fc24.i686                             @updates
    Upgrade             2.6.5-1.fc24.x86_64                           @updates
    Upgraded audit-libs-python3-2.6.2-1.fc24.x86_64                   (unknown)
    Upgrade                     2.6.5-1.fc24.x86_64                   @updates
    Upgraded bluez-5.40-1.fc24.x86_64                                 (unknown)
    Upgrade        5.40-2.fc24.x86_64                                 @updates
    Upgraded bluez-cups-5.40-1.fc24.x86_64                            (unknown)
    Upgrade             5.40-2.fc24.x86_64                            @updates
    Upgraded bluez-libs-5.40-1.fc24.x86_64                            (unknown)
    Upgrade             5.40-2.fc24.x86_64                            @updates
    Upgraded bluez-obexd-5.40-1.fc24.x86_64                           (unknown)
    Upgrade              5.40-2.fc24.x86_64                           @updates
    Install  bubblewrap-0.1.1-1.fc24.x86_64                           @updates
    Upgraded checkpolicy-2.5-2.fc24.x86_64                            @koji-override-1
    Upgrade              2.5-6.fc24.x86_64                            @updates
    Upgraded coreutils-8.25-5.fc24.x86_64                             @koji-override-1
    Upgrade            8.25-6.fc24.x86_64                             @updates
    Upgraded coreutils-common-8.25-5.fc24.x86_64                      @koji-override-1
    Upgrade                   8.25-6.fc24.x86_64                      @updates
    Upgraded dnsmasq-2.75-4.fc24.x86_64                               @koji-override-1
    Upgrade          2.76-1.fc24.x86_64                               @updates
    Upgraded dracut-044-18.git20160108.fc24.x86_64                    @koji-override-1
    Upgrade         044-20.fc24.x86_64                                @updates
    Upgraded dracut-config-generic-044-18.git20160108.fc24.x86_64     @koji-override-1
    Upgrade                        044-20.fc24.x86_64                 @updates
    Upgraded dracut-config-rescue-044-18.git20160108.fc24.x86_64      @koji-override-1
    Upgrade                       044-20.fc24.x86_64                  @updates
    Upgraded dracut-live-044-18.git20160108.fc24.x86_64               @koji-override-0
    Upgrade              044-20.fc24.x86_64                           @updates
    Upgraded dracut-network-044-18.git20160108.fc24.x86_64            @koji-override-1
    Upgrade                 044-20.fc24.x86_64                        @updates
    Upgraded ebtables-2.0.10-19.fc24.x86_64                           @koji-override-1
    Upgrade           2.0.10-20.fc24.x86_64                           @updates
    Upgraded edk2-ovmf-20160418gita8c39ba-1.fc24.noarch               (unknown)
    Upgrade            20160418gita8c39ba-2.fc24.noarch               @updates
    Erase    electron-1.2.3-1.prebuilt.fc24.x86_64                    (unknown)
    Install  electron-1.2.7-1.prebuilt.fc24.x86_64                    @mosquito-vscode
    Upgraded evolution-3.20.3-1.fc24.x86_64                           (unknown)
    Upgrade            3.20.4-1.fc24.x86_64                           @updates
    Upgraded evolution-data-server-3.20.3-1.fc24.x86_64               (unknown)
    Upgrade                        3.20.4-1.fc24.x86_64               @updates
    Upgraded evolution-ews-3.20.3-1.fc24.x86_64                       (unknown)
    Upgrade                3.20.4-1.fc24.x86_64                       @updates
    Upgraded evolution-help-3.20.3-1.fc24.noarch                      (unknown)
    Upgrade                 3.20.4-1.fc24.noarch                      @updates
    Upgraded fedpkg-1.24-2.fc24.noarch                                (unknown)
    Upgrade         1.24-3.fc24.noarch                                @updates
    Upgraded firefox-47.0-6.fc24.x86_64                               (unknown)
    Upgrade          47.0.1-2.fc24.x86_64                             @updates
    Upgraded firewalld-0.4.3.1-2.fc24.noarch                          (unknown)
    Upgrade            0.4.3.2-1.fc24.noarch                          @updates
    Upgraded firewalld-filesystem-0.4.3.1-2.fc24.noarch               (unknown)
    Upgrade                       0.4.3.2-1.fc24.noarch               @updates
    Upgraded fuse-2.9.4-4.fc24.x86_64                                 @koji-override-1
    Upgrade       2.9.7-1.fc24.x86_64                                 @updates
    Upgraded fuse-libs-2.9.4-4.fc24.x86_64                            @koji-override-1
    Upgrade            2.9.7-1.fc24.x86_64                            @updates
    Upgraded fwupd-0.7.2-1.fc24.x86_64                                (unknown)
    Upgrade        0.7.2-2.fc24.x86_64                                @updates
    Upgraded git-2.7.4-1.fc24.x86_64                                  @koji-override-1
    Upgrade      2.7.4-2.fc24.x86_64                                  @updates
    Upgraded git-core-2.7.4-1.fc24.x86_64                             @koji-override-1
    Upgrade           2.7.4-2.fc24.x86_64                             @updates
    Upgraded git-core-doc-2.7.4-1.fc24.x86_64                         @koji-override-1
    Upgrade               2.7.4-2.fc24.x86_64                         @updates
    Upgraded glusterfs-3.8.0-2.fc24.x86_64                            (unknown)
    Upgrade            3.8.1-1.fc24.x86_64                            @updates
    Upgraded glusterfs-api-3.8.0-2.fc24.x86_64                        (unknown)
    Upgrade                3.8.1-1.fc24.x86_64                        @updates
    Upgraded glusterfs-client-xlators-3.8.0-2.fc24.x86_64             (unknown)
    Upgrade                           3.8.1-1.fc24.x86_64             @updates
    Upgraded glusterfs-fuse-3.8.0-2.fc24.x86_64                       (unknown)
    Upgrade                 3.8.1-1.fc24.x86_64                       @updates
    Upgraded glusterfs-libs-3.8.0-2.fc24.x86_64                       (unknown)
    Upgrade                 3.8.1-1.fc24.x86_64                       @updates
    Upgraded gnome-session-3.20.1-1.fc24.x86_64                       @koji-override-1
    Upgrade                3.20.2-1.fc24.x86_64                       @updates
    Upgraded gnome-session-wayland-session-3.20.1-1.fc24.x86_64       @koji-override-1
    Upgrade                                3.20.2-1.fc24.x86_64       @updates
    Upgraded gnome-session-xsession-3.20.1-1.fc24.x86_64              @koji-override-1
    Upgrade                         3.20.2-1.fc24.x86_64              @updates
    Upgraded gnome-shell-3.20.3-1.fc24.x86_64                         (unknown)
    Upgrade              3.20.3-3.fc24.x86_64                         @updates
    Upgraded gnome-software-3.20.3-1.fc24.x86_64                      @koji-override-1
    Upgrade                 3.20.4-1.fc24.x86_64                      @updates
    Upgraded gnutls-3.4.13-1.fc24.i686                                @updates
    Upgraded gnutls-3.4.13-1.fc24.x86_64                              (unknown)
    Upgrade         3.4.14-1.fc24.i686                                @updates
    Upgrade         3.4.14-1.fc24.x86_64                              @updates
    Upgraded gnutls-dane-3.4.13-1.fc24.x86_64                         (unknown)
    Upgrade              3.4.14-1.fc24.x86_64                         @updates
    Upgraded gnutls-utils-3.4.13-1.fc24.x86_64                        (unknown)
    Upgrade               3.4.14-1.fc24.x86_64                        @updates
    Upgraded gspell-1.0.2-1.fc24.x86_64                               (unknown)
    Upgrade         1.0.3-1.fc24.x86_64                               @updates
    Upgraded httpd-2.4.18-2.fc24.x86_64                               @koji-override-1
    Upgrade        2.4.23-3.fc24.x86_64                               @updates
    Upgraded httpd-filesystem-2.4.18-2.fc24.noarch                    @koji-override-1
    Upgrade                   2.4.23-3.fc24.noarch                    @updates
    Upgraded httpd-tools-2.4.18-2.fc24.x86_64                         @koji-override-1
    Upgrade              2.4.23-3.fc24.x86_64                         @updates
    Upgraded ibus-typing-booster-1.4.6-1.fc24.noarch                  (unknown)
    Upgrade                      1.4.7-1.fc24.noarch                  @updates
    Upgraded libdfu-0.7.2-1.fc24.x86_64                               (unknown)
    Upgrade         0.7.2-2.fc24.x86_64                               @updates
    Upgrade  libgphoto2-2.5.10-1.fc24.i686                            @updates
    Upgrade  libgphoto2-2.5.10-1.fc24.x86_64                          @updates
    Upgraded libgphoto2-2.5.8-2.fc24.i686                             @fedora
    Upgraded libgphoto2-2.5.8-2.fc24.x86_64                           @koji-override-1
    Upgraded libhif-0.2.2-4.fc24.x86_64                               @koji-override-1
    Upgrade         0.2.3-1.fc24.x86_64                               @updates
    Upgraded libmnl-1.0.3-11.fc24.x86_64                              @koji-override-1
    Upgrade         1.0.4-1.fc24.x86_64                               @updates
    Upgraded libnl3-3.2.28-0.1.fc24.x86_64                            (unknown)
    Upgrade         3.2.28-1.fc24.x86_64                              @updates
    Upgraded libnl3-cli-3.2.28-0.1.fc24.x86_64                        (unknown)
    Upgrade             3.2.28-1.fc24.x86_64                          @updates
    Upgraded libnl3-devel-3.2.28-0.1.fc24.x86_64                      (unknown)
    Upgrade               3.2.28-1.fc24.x86_64                        @updates
    Install  libpskc-2.6.1-2.fc24.x86_64                              @fedora
    Upgraded libselinux-2.5-3.fc24.i686                               @fedora
    Upgraded libselinux-2.5-3.fc24.x86_64                             @koji-override-1
    Upgrade             2.5-9.fc24.i686                               @updates
    Upgrade             2.5-9.fc24.x86_64                             @updates
    Upgraded libselinux-devel-2.5-3.fc24.x86_64                       @fedora
    Upgrade                   2.5-9.fc24.x86_64                       @updates
    Upgraded libselinux-python3-2.5-3.fc24.x86_64                     @koji-override-1
    Upgrade                     2.5-9.fc24.x86_64                     @updates
    Upgraded libselinux-utils-2.5-3.fc24.x86_64                       @koji-override-1
    Upgrade                   2.5-9.fc24.x86_64                       @updates
    Upgraded libsemanage-2.5-2.fc24.x86_64                            @koji-override-1
    Upgrade              2.5-5.fc24.x86_64                            @updates
    Upgraded libsemanage-devel-2.5-2.fc24.x86_64                      @fedora
    Upgrade                    2.5-5.fc24.x86_64                      @updates
    Upgraded libsemanage-python3-2.5-2.fc24.x86_64                    @koji-override-1
    Upgrade                      2.5-5.fc24.x86_64                    @updates
    Upgraded libsepol-2.5-3.fc24.i686                                 @fedora
    Upgraded libsepol-2.5-3.fc24.x86_64                               @koji-override-1
    Upgrade           2.5-8.fc24.i686                                 @updates
    Upgrade           2.5-8.fc24.x86_64                               @updates
    Upgraded libsepol-devel-2.5-3.fc24.x86_64                         @fedora
    Upgrade                 2.5-8.fc24.x86_64                         @updates
    Upgraded libtasn1-4.8-1.fc24.i686                                 @fedora
    Upgraded libtasn1-4.8-1.fc24.x86_64                               @koji-override-1
    Upgrade           4.8-2.fc24.i686                                 @updates
    Upgrade           4.8-2.fc24.x86_64                               @updates
    Upgraded mesa-dri-drivers-11.2.2-2.20160614.fc24.i686             @updates
    Upgraded mesa-dri-drivers-11.2.2-2.20160614.fc24.x86_64           (unknown)
    Upgrade                   12.0.1-1.fc24.i686                      @updates
    Upgrade                   12.0.1-1.fc24.x86_64                    @updates
    Upgraded mesa-filesystem-11.2.2-2.20160614.fc24.i686              @updates
    Upgraded mesa-filesystem-11.2.2-2.20160614.fc24.x86_64            (unknown)
    Upgrade                  12.0.1-1.fc24.i686                       @updates
    Upgrade                  12.0.1-1.fc24.x86_64                     @updates
    Upgraded mesa-libEGL-11.2.2-2.20160614.fc24.i686                  @updates
    Upgraded mesa-libEGL-11.2.2-2.20160614.fc24.x86_64                (unknown)
    Upgrade              12.0.1-1.fc24.i686                           @updates
    Upgrade              12.0.1-1.fc24.x86_64                         @updates
    Upgraded mesa-libGL-11.2.2-2.20160614.fc24.i686                   @updates
    Upgraded mesa-libGL-11.2.2-2.20160614.fc24.x86_64                 (unknown)
    Upgrade             12.0.1-1.fc24.i686                            @updates
    Upgrade             12.0.1-1.fc24.x86_64                          @updates
    Upgraded mesa-libOSMesa-11.2.2-2.20160614.fc24.i686               @updates
    Upgraded mesa-libOSMesa-11.2.2-2.20160614.fc24.x86_64             @updates
    Upgrade                 12.0.1-1.fc24.i686                        @updates
    Upgrade                 12.0.1-1.fc24.x86_64                      @updates
    Upgraded mesa-libOpenCL-11.2.2-2.20160614.fc24.i686               @updates
    Upgraded mesa-libOpenCL-11.2.2-2.20160614.fc24.x86_64             @updates
    Upgrade                 12.0.1-1.fc24.i686                        @updates
    Upgrade                 12.0.1-1.fc24.x86_64                      @updates
    Upgraded mesa-libgbm-11.2.2-2.20160614.fc24.i686                  @updates
    Upgraded mesa-libgbm-11.2.2-2.20160614.fc24.x86_64                (unknown)
    Upgrade              12.0.1-1.fc24.i686                           @updates
    Upgrade              12.0.1-1.fc24.x86_64                         @updates
    Upgraded mesa-libglapi-11.2.2-2.20160614.fc24.i686                @updates
    Upgraded mesa-libglapi-11.2.2-2.20160614.fc24.x86_64              (unknown)
    Upgrade                12.0.1-1.fc24.i686                         @updates
    Upgrade                12.0.1-1.fc24.x86_64                       @updates
    Upgraded mesa-libwayland-egl-11.2.2-2.20160614.fc24.i686          @updates
    Upgraded mesa-libwayland-egl-11.2.2-2.20160614.fc24.x86_64        (unknown)
    Upgrade                      12.0.1-1.fc24.i686                   @updates
    Upgrade                      12.0.1-1.fc24.x86_64                 @updates
    Upgraded mesa-libxatracker-11.2.2-2.20160614.fc24.x86_64          (unknown)
    Upgrade                    12.0.1-1.fc24.x86_64                   @updates
    Upgraded openconnect-7.06-4.fc24.x86_64                           @koji-override-1
    Upgrade              7.07-2.fc24.x86_64                           @updates
    Upgraded openjpeg2-2.1.0-8.fc24.x86_64                            @koji-override-1
    Upgrade            2.1.1-1.fc24.x86_64                            @updates
    Upgraded ostree-2016.6-1.fc24.x86_64                              @updates
    Upgrade         2016.7-1.fc24.x86_64                              @updates
    Upgraded perl-Errno-1.23-360.fc24.x86_64                          (unknown)
    Upgrade             1.23-361.fc24.x86_64                          @updates
    Upgraded perl-Git-2.7.4-1.fc24.noarch                             @koji-override-1
    Upgrade           2.7.4-2.fc24.noarch                             @updates
    Upgraded perl-IO-1.35-360.fc24.x86_64                             (unknown)
    Upgrade          1.35-361.fc24.x86_64                             @updates
    Upgraded perl-Math-Complex-1.59-360.fc24.noarch                   (unknown)
    Upgrade                    1.59-361.fc24.noarch                   @updates
    Upgraded perl-Net-Ping-2.43-360.fc24.noarch                       (unknown)
    Upgrade                2.43-361.fc24.noarch                       @updates
    Upgraded perl-Pod-Html-1.22-360.fc24.noarch                       (unknown)
    Upgrade                1.22-361.fc24.noarch                       @updates
    Upgraded perl-generators-1.09-1.fc24.noarch                       (unknown)
    Upgrade                  1.10-1.fc24.noarch                       @updates
    Upgrade  policycoreutils-2.5-12.fc24.x86_64                       @updates
    Upgraded policycoreutils-2.5-5.fc24.x86_64                        @koji-override-1
    Upgrade  policycoreutils-python-utils-2.5-12.fc24.x86_64          @updates
    Upgraded policycoreutils-python-utils-2.5-5.fc24.x86_64           @koji-override-1
    Upgrade  policycoreutils-python3-2.5-12.fc24.x86_64               @updates
    Upgraded policycoreutils-python3-2.5-5.fc24.x86_64                @koji-override-1
    Upgraded poppler-0.41.0-1.fc24.x86_64                             @koji-override-1
    Upgrade          0.41.0-2.fc24.x86_64                             @updates
    Upgraded poppler-glib-0.41.0-1.fc24.x86_64                        @koji-override-1
    Upgrade               0.41.0-2.fc24.x86_64                        @updates
    Upgraded poppler-utils-0.41.0-1.fc24.x86_64                       @koji-override-1
    Upgrade                0.41.0-2.fc24.x86_64                       @updates
    Upgraded pycharm-community-2016.1.4-4.fc24.x86_64                 @phracek-PyCharm
    Upgrade                    2016.1.4-6.fc24.x86_64                 @phracek-PyCharm
    Upgraded python-2.7.11-6.fc24.x86_64                              (unknown)
    Upgrade         2.7.11-8.fc24.x86_64                              @updates
    Upgraded python-devel-2.7.11-6.fc24.x86_64                        (unknown)
    Upgrade               2.7.11-8.fc24.x86_64                        @updates
    Upgraded python-libs-2.7.11-6.fc24.x86_64                         (unknown)
    Upgrade              2.7.11-8.fc24.x86_64                         @updates
    Upgraded python-perf-4.6.3-300.fc24.x86_64                        @updates
    Upgrade              4.6.4-301.fc24.x86_64                        @updates
    Upgraded python-pycparser-2.14-5.fc24.noarch                      @fedora
    Upgrade                   2.14-6.fc24.noarch                      @updates
    Upgraded python2-pysocks-1.5.6-3.fc24.noarch                      @fedora
    Upgrade                  1.5.6-4.fc24.noarch                      @updates
    Upgrade  python3-3.5.1-12.fc24.x86_64                             @updates
    Upgraded python3-3.5.1-9.fc24.x86_64                              (unknown)
    Upgrade  python3-devel-3.5.1-12.fc24.x86_64                       @updates
    Upgraded python3-devel-3.5.1-9.fc24.x86_64                        (unknown)
    Upgraded python3-firewall-0.4.3.1-2.fc24.noarch                   (unknown)
    Upgrade                   0.4.3.2-1.fc24.noarch                   @updates
    Upgrade  python3-libs-3.5.1-12.fc24.x86_64                        @updates
    Upgraded python3-libs-3.5.1-9.fc24.x86_64                         (unknown)
    Upgraded python3-pysocks-1.5.6-3.fc24.noarch                      @koji-override-1
    Upgrade                  1.5.6-4.fc24.noarch                      @updates
    Upgraded qgnomeplatform-0.2-5.20160621git.fc24.x86_64             (unknown)
    Upgrade                 0.2-6.20160621git.fc24.x86_64             @updates
    Upgraded qt-settings-24-6.fc24.noarch                             @koji-override-1
    Upgrade              24-7.fc24.noarch                             @updates
    Upgraded qt5-qtbase-5.6.0-21.fc24.x86_64                          (unknown)
    Upgrade             5.6.1-3.fc24.x86_64                           @updates
    Upgraded qt5-qtbase-common-5.6.0-21.fc24.noarch                   (unknown)
    Upgrade                    5.6.1-3.fc24.noarch                    @updates
    Upgraded qt5-qtbase-gui-5.6.0-21.fc24.x86_64                      (unknown)
    Upgrade                 5.6.1-3.fc24.x86_64                       @updates
    Upgraded qt5-qtdeclarative-5.6.0-11.fc24.x86_64                   @fedora
    Upgrade                    5.6.1-5.fc24.x86_64                    @updates
    Upgraded qt5-qtx11extras-5.6.0-3.fc24.x86_64                      @fedora
    Upgrade                  5.6.1-2.fc24.x86_64                      @updates
    Upgraded qt5-qtxmlpatterns-5.6.0-4.fc24.x86_64                    @koji-override-1
    Upgrade                    5.6.1-1.fc24.x86_64                    @updates
    Upgraded rpm-ostree-2015.11-2.fc24.x86_64                         @fedora
    Upgrade             2016.4-2.fc24.x86_64                          @updates
    Upgraded rpmlint-1.8-7.fc24.noarch                                (unknown)
    Upgrade          1.9-1.fc24.noarch                                @updates
    Upgrade  selinux-policy-3.13.1-191.5.fc24.noarch                  @updates
    Upgraded selinux-policy-3.13.1-191.fc24.3.noarch                  (unknown)
    Upgrade  selinux-policy-targeted-3.13.1-191.5.fc24.noarch         @updates
    Upgraded selinux-policy-targeted-3.13.1-191.fc24.3.noarch         (unknown)
    Upgrade  setroubleshoot-3.3.10-1.fc24.x86_64                      @updates
    Upgraded setroubleshoot-3.3.9.1-1.fc24.x86_64                     (unknown)
    Upgrade  setroubleshoot-server-3.3.10-1.fc24.x86_64               @updates
    Upgraded setroubleshoot-server-3.3.9.1-1.fc24.x86_64              (unknown)
    Upgraded spice-glib-0.32-1.fc24.x86_64                            (unknown)
    Upgrade             0.32-2.fc24.x86_64                            @updates
    Upgraded spice-gtk3-0.32-1.fc24.x86_64                            (unknown)
    Upgrade             0.32-2.fc24.x86_64                            @updates
    Upgraded spice-server-0.12.7-2.fc24.x86_64                        @koji-override-1
    Upgrade               0.12.8-1.fc24.x86_64                        @updates
    Upgraded sqlite-3.12.2-1.fc24.i686                                (unknown)
    Upgraded sqlite-3.12.2-1.fc24.x86_64                              (unknown)
    Upgrade         3.13.0-1.fc24.i686                                @updates
    Upgrade         3.13.0-1.fc24.x86_64                              @updates
    Upgraded sqlite-libs-3.12.2-1.fc24.i686                           (unknown)
    Upgraded sqlite-libs-3.12.2-1.fc24.x86_64                         (unknown)
    Upgrade              3.13.0-1.fc24.i686                           @updates
    Upgrade              3.13.0-1.fc24.x86_64                         @updates
    Upgrade  system-python-libs-3.5.1-12.fc24.x86_64                  @updates
    Upgraded system-python-libs-3.5.1-9.fc24.x86_64                   (unknown)
    Upgraded tzdata-2016e-1.fc24.noarch                               (unknown)
    Upgrade         2016f-1.fc24.noarch                               @updates
    Upgraded tzdata-java-2016e-1.fc24.noarch                          (unknown)
    Upgrade              2016f-1.fc24.noarch                          @updates
    Upgraded unzip-6.0-29.fc24.x86_64                                 (unknown)
    Upgrade        6.0-30.fc24.x86_64                                 @updates
    Upgraded vscode-1.2.1-1.fc24.x86_64                               (unknown)
    Upgrade         1.3.1-1.fc24.x86_64                               @mosquito-vscode
    Upgraded xen-libs-4.6.3-1.fc24.x86_64                             (unknown)
    Upgrade           4.6.3-2.fc24.x86_64                             @updates
    Upgraded xen-licenses-4.6.3-1.fc24.x86_64                         (unknown)
    Upgrade               4.6.3-2.fc24.x86_64                         @updates
    Install  xmlsec1-1.2.20-3.fc24.x86_64                             @fedora
    Upgraded xorg-x11-drv-openchrome-0.4.0-1.fc24.x86_64              @koji-override-1
    Upgrade                          0.5.0-1.fc24.x86_64              @updates
    Upgraded xorg-x11-server-Xorg-1.18.3-5.fc24.x86_64                (unknown)
    Upgrade                       1.18.3-6.fc24.x86_64                @updates
    Upgraded xorg-x11-server-Xwayland-1.18.3-5.fc24.x86_64            (unknown)
    Upgrade                           1.18.3-6.fc24.x86_64            @updates
    Upgraded xorg-x11-server-common-1.18.3-5.fc24.x86_64              (unknown)
    Upgrade                         1.18.3-6.fc24.x86_64              @updates
    Upgraded autocorr-en-1:5.1.4.2-4.fc24.noarch                      (unknown)
    Upgrade              1:5.1.5.1-1.fc24.noarch                      @updates
    Upgraded emacs-filesystem-1:25.0.94-1.fc24.noarch                 @koji-override-1
    Upgrade                   1:25.0.95-2.fc24.noarch                 @updates
    Upgraded java-1.8.0-openjdk-1:1.8.0.92-3.b14.fc24.x86_64          (unknown)
    Upgrade                     1:1.8.0.92-5.b14.fc24.x86_64          @updates
    Upgraded java-1.8.0-openjdk-headless-1:1.8.0.92-3.b14.fc24.x86_64 (unknown)
    Upgrade                              1:1.8.0.92-5.b14.fc24.x86_64 @updates
    Upgraded libreoffice-calc-1:5.1.4.2-4.fc24.x86_64                 (unknown)
    Upgrade                   1:5.1.5.1-1.fc24.x86_64                 @updates
    Upgraded libreoffice-core-1:5.1.4.2-4.fc24.x86_64                 (unknown)
    Upgrade                   1:5.1.5.1-1.fc24.x86_64                 @updates
    Upgraded libreoffice-data-1:5.1.4.2-4.fc24.noarch                 (unknown)
    Upgrade                   1:5.1.5.1-1.fc24.noarch                 @updates
    Upgraded libreoffice-draw-1:5.1.4.2-4.fc24.x86_64                 (unknown)
    Upgrade                   1:5.1.5.1-1.fc24.x86_64                 @updates
    Upgraded libreoffice-emailmerge-1:5.1.4.2-4.fc24.x86_64           (unknown)
    Upgrade                         1:5.1.5.1-1.fc24.x86_64           @updates
    Upgraded libreoffice-filters-1:5.1.4.2-4.fc24.x86_64              (unknown)
    Upgrade                      1:5.1.5.1-1.fc24.x86_64              @updates
    Upgraded libreoffice-graphicfilter-1:5.1.4.2-4.fc24.x86_64        (unknown)
    Upgrade                            1:5.1.5.1-1.fc24.x86_64        @updates
    Upgraded libreoffice-gtk2-1:5.1.4.2-4.fc24.x86_64                 (unknown)
    Upgrade                   1:5.1.5.1-1.fc24.x86_64                 @updates
    Upgraded libreoffice-gtk3-1:5.1.4.2-4.fc24.x86_64                 (unknown)
    Upgrade                   1:5.1.5.1-1.fc24.x86_64                 @updates
    Upgraded libreoffice-impress-1:5.1.4.2-4.fc24.x86_64              (unknown)
    Upgrade                      1:5.1.5.1-1.fc24.x86_64              @updates
    Upgraded libreoffice-langpack-en-1:5.1.4.2-4.fc24.x86_64          (unknown)
    Upgrade                          1:5.1.5.1-1.fc24.x86_64          @updates
    Upgraded libreoffice-math-1:5.1.4.2-4.fc24.x86_64                 (unknown)
    Upgrade                   1:5.1.5.1-1.fc24.x86_64                 @updates
    Upgraded libreoffice-ogltrans-1:5.1.4.2-4.fc24.x86_64             (unknown)
    Upgrade                       1:5.1.5.1-1.fc24.x86_64             @updates
    Upgraded libreoffice-opensymbol-fonts-1:5.1.4.2-4.fc24.noarch     (unknown)
    Upgrade                               1:5.1.5.1-1.fc24.noarch     @updates
    Upgraded libreoffice-pdfimport-1:5.1.4.2-4.fc24.x86_64            (unknown)
    Upgrade                        1:5.1.5.1-1.fc24.x86_64            @updates
    Upgraded libreoffice-pyuno-1:5.1.4.2-4.fc24.x86_64                (unknown)
    Upgrade                    1:5.1.5.1-1.fc24.x86_64                @updates
    Upgraded libreoffice-ure-1:5.1.4.2-4.fc24.x86_64                  (unknown)
    Upgrade                  1:5.1.5.1-1.fc24.x86_64                  @updates
    Upgraded libreoffice-writer-1:5.1.4.2-4.fc24.x86_64               (unknown)
    Upgrade                     1:5.1.5.1-1.fc24.x86_64               @updates
    Upgraded libreoffice-x11-1:5.1.4.2-4.fc24.x86_64                  (unknown)
    Upgrade                  1:5.1.5.1-1.fc24.x86_64                  @updates
    Upgraded libreoffice-xsltfilter-1:5.1.4.2-4.fc24.x86_64           (unknown)
    Upgrade                         1:5.1.5.1-1.fc24.x86_64           @updates
    Upgraded libreofficekit-1:5.1.4.2-4.fc24.x86_64                   (unknown)
    Upgrade                 1:5.1.5.1-1.fc24.x86_64                   @updates
    Upgraded mod_ssl-1:2.4.18-2.fc24.x86_64                           @fedora
    Upgrade          1:2.4.23-3.fc24.x86_64                           @updates
    Upgraded perl-IO-Zlib-1:1.10-360.fc24.noarch                      (unknown)
    Upgrade               1:1.10-361.fc24.noarch                      @updates
    Upgraded perl-Locale-Maketext-Simple-1:0.21-360.fc24.noarch       (unknown)
    Upgrade                              1:0.21-361.fc24.noarch       @updates
    Upgraded docker-2:1.10.3-21.git19b5791.fc24.x86_64                (unknown)
    Upgrade         2:1.10.3-24.git29066b4.fc24.x86_64                @updates
    Upgraded docker-selinux-2:1.10.3-21.git19b5791.fc24.x86_64        (unknown)
    Upgrade                 2:1.10.3-24.git29066b4.fc24.x86_64        @updates
    Upgraded docker-v1.10-migrator-2:1.10.3-21.git19b5791.fc24.x86_64 (unknown)
    Upgrade                        2:1.10.3-24.git29066b4.fc24.x86_64 @updates
    Upgraded libsmbclient-2:4.4.4-3.fc24.x86_64                       (unknown)
    Upgrade               2:4.4.5-1.fc24.x86_64                       @updates
    Upgraded libsmbclient-devel-2:4.4.4-3.fc24.x86_64                 (unknown)
    Upgrade                     2:4.4.5-1.fc24.x86_64                 @updates
    Upgraded libwbclient-2:4.4.4-3.fc24.x86_64                        (unknown)
    Upgrade              2:4.4.5-1.fc24.x86_64                        @updates
    Upgraded qemu-common-2:2.6.0-4.fc24.x86_64                        (unknown)
    Upgrade              2:2.6.0-5.fc24.x86_64                        @updates
    Upgraded qemu-guest-agent-2:2.6.0-4.fc24.x86_64                   (unknown)
    Upgrade                   2:2.6.0-5.fc24.x86_64                   @updates
    Upgraded qemu-img-2:2.6.0-4.fc24.x86_64                           (unknown)
    Upgrade           2:2.6.0-5.fc24.x86_64                           @updates
    Upgraded qemu-kvm-2:2.6.0-4.fc24.x86_64                           (unknown)
    Upgrade           2:2.6.0-5.fc24.x86_64                           @updates
    Upgraded qemu-system-x86-2:2.6.0-4.fc24.x86_64                    (unknown)
    Upgrade                  2:2.6.0-5.fc24.x86_64                    @updates
    Upgraded samba-client-2:4.4.4-3.fc24.x86_64                       (unknown)
    Upgrade               2:4.4.5-1.fc24.x86_64                       @updates
    Upgraded samba-client-libs-2:4.4.4-3.fc24.x86_64                  (unknown)
    Upgrade                    2:4.4.5-1.fc24.x86_64                  @updates
    Upgraded samba-common-2:4.4.4-3.fc24.noarch                       (unknown)
    Upgrade               2:4.4.5-1.fc24.noarch                       @updates
    Upgraded samba-common-libs-2:4.4.4-3.fc24.x86_64                  (unknown)
    Upgrade                    2:4.4.5-1.fc24.x86_64                  @updates
    Upgraded samba-common-tools-2:4.4.4-3.fc24.x86_64                 (unknown)
    Upgrade                     2:4.4.5-1.fc24.x86_64                 @updates
    Upgraded samba-devel-2:4.4.4-3.fc24.x86_64                        (unknown)
    Upgrade              2:4.4.5-1.fc24.x86_64                        @updates
    Upgraded samba-libs-2:4.4.4-3.fc24.x86_64                         (unknown)
    Upgrade             2:4.4.5-1.fc24.x86_64                         @updates
    Upgraded samba-winbind-2:4.4.4-3.fc24.x86_64                      (unknown)
    Upgrade                2:4.4.5-1.fc24.x86_64                      @updates
    Upgraded samba-winbind-clients-2:4.4.4-3.fc24.x86_64              (unknown)
    Upgrade                        2:4.4.5-1.fc24.x86_64              @updates
    Upgraded samba-winbind-modules-2:4.4.4-3.fc24.x86_64              (unknown)
    Upgrade                        2:4.4.5-1.fc24.x86_64              @updates
    Upgraded perl-4:5.22.2-360.fc24.x86_64                            (unknown)
    Upgrade       4:5.22.2-361.fc24.x86_64                            @updates
    Upgraded perl-devel-4:5.22.2-360.fc24.x86_64                      (unknown)
    Upgrade             4:5.22.2-361.fc24.x86_64                      @updates
    Upgraded perl-libs-4:5.22.2-360.fc24.x86_64                       (unknown)
    Upgrade            4:5.22.2-361.fc24.x86_64                       @updates
    Upgraded perl-macros-4:5.22.2-360.fc24.x86_64                     (unknown)
    Upgrade              4:5.22.2-361.fc24.x86_64                     @updates

Version-Release number of selected component:
selinux-policy-3.13.1-191.5.fc24.noarch

Additional info:
reporter:       libreport-2.7.1
hashmarkername: setroubleshoot
kernel:         4.6.3-300.fc24.x86_64
reproducible:   Not sure how to reproduce the problem
type:           libreport

Comment 20 dropbox01 2016-07-23 02:30:45 UTC
Description of problem:
I was watching streaming video in the Chrome browser, and I clicked a button in the video panel to go full screen.  This error popped up.  Also the video failed to go full screen.  Instead the browser title bar and tab bar still appeared at the top of the screen.  

Version-Release number of selected component:
selinux-policy-3.13.1-191.5.fc24.noarch

Additional info:
reporter:       libreport-2.7.2
hashmarkername: setroubleshoot
kernel:         4.6.4-301.fc24.x86_64
type:           libreport

Comment 21 Ari 2016-07-23 22:10:52 UTC
Just started happening to me today after first reboot of DNF update earlier today 7/23

---------------------

SELinux is preventing (uetoothd) from mounton access on the directory /etc.

*****  Plugin catchall_labels (83.8 confidence) suggests   *******************

If you want to allow (uetoothd) to have mounton access on the etc directory
Then you need to change the label on /etc
Do
# semanage fcontext -a -t FILE_TYPE '/etc'
where FILE_TYPE is one of the following: admin_home_t, anon_inodefs_t, audit_spool_t, auditd_log_t, autofs_t, automount_tmp_t, bacula_store_t, binfmt_misc_fs_t, boot_t, capifs_t, cephfs_t, cgroup_t, cifs_t, container_image_t, debugfs_t, default_t, device_t, devpts_t, dnssec_t, dosfs_t, ecryptfs_t, efivarfs_t, fusefs_t, home_root_t, hugetlbfs_t, ifconfig_var_run_t, init_var_run_t, initrc_tmp_t, iso9660_t, kdbusfs_t, mail_spool_t, mnt_t, mqueue_spool_t, named_conf_t, news_spool_t, nfs_t, nfsd_fs_t, onload_fs_t, openshift_tmp_t, openshift_var_lib_t, oracleasmfs_t, proc_t, proc_xen_t, pstore_t, public_content_rw_t, public_content_t, ramfs_t, random_seed_t, removable_t, root_t, rpc_pipefs_t, security_t, spufs_t, src_t, svirt_sandbox_file_t, sysctl_fs_t, sysctl_t, sysfs_t, sysv_t, tmp_t, tmpfs_t, usbfs_t, user_home_dir_t, user_home_t, user_tmp_t, usr_t, var_lib_nfs_t, var_lib_t, var_lock_t, var_log_t, var_run_t, var_t, virt_image_t, virt_var_lib_t, vmblock_t, vxfs_t, xend_var_lib_t, xend_var_run_t, xenfs_t, xenstored_var_lib_t.
Then execute:
restorecon -v '/etc'


*****  Plugin catchall (17.1 confidence) suggests   **************************

If you believe that (uetoothd) should be allowed mounton access on the etc directory by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# ausearch -c '(uetoothd)' --raw | audit2allow -M my-uetoothd
# semodule -X 300 -i my-uetoothd.pp

Additional Information:
Source Context                system_u:system_r:init_t:s0
Target Context                system_u:object_r:etc_t:s0
Target Objects                /etc [ dir ]
Source                        (uetoothd)
Source Path                   (uetoothd)
Port                          <Unknown>
Host                          saturn
Source RPM Packages           
Target RPM Packages           filesystem-3.2-37.fc24.x86_64
Policy RPM                    selinux-policy-3.13.1-191.5.fc24.noarch
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Enforcing
Host Name                     saturn
Platform                      Linux saturn 4.5.7-200.fc23.x86_64 #1 SMP Wed Jun
                              8 17:41:50 UTC 2016 x86_64 x86_64
Alert Count                   3
First Seen                    2016-07-20 11:34:36 EDT
Last Seen                     2016-07-23 18:07:18 EDT
Local ID                      f309ecb6-ab1e-420e-ad95-688a4a377567

Raw Audit Messages
type=AVC msg=audit(1469311638.143:237): avc:  denied  { mounton } for  pid=1916 comm="(uetoothd)" path="/etc" dev="dm-1" ino=1966081 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:etc_t:s0 tclass=dir permissive=0


Hash: (uetoothd),init_t,etc_t,dir,mounton

Comment 22 redhat 2016-07-24 13:42:08 UTC
Description of problem:
On boot the SELinux Alert Browser presented a notification that uetoothd requested access to etc.

Version-Release number of selected component:
selinux-policy-3.13.1-191.5.fc24.noarch

Additional info:
reporter:       libreport-2.7.2
hashmarkername: setroubleshoot
kernel:         4.6.4-301.fc24.x86_64
type:           libreport

Comment 23 Aleksandar Kostadinov 2016-07-25 07:55:00 UTC
Same here, could anybody get this fixed? It shouldn't be hard but is a great issue for bluetooth users.

Comment 24 Michael Chapman 2016-07-25 11:44:41 UTC
Just to reiterate my earlier comment #17, this isn't affecting just "bluetooth users". The bug will trigger an SELinux alert with *any* systemd unit with ProtectSystem=full (I erroneously said ProtectSystem=yes before; only "full" tries to remount /etc read-only) -- that includes:

* most of the systemd-*.service units (I first hit the bug with systemd-resolved.service; see also bug 1325494 and bug 1355593 and bug 1359446);
* dovecot.service (another one I hit);
* amavisd.service (see bug 1358805).

Probably others too -- I'm actually surprised there haven't been more tickets about this problem.

Comment 25 Sureyya Sahin 2016-07-25 16:12:04 UTC
Description of problem:
Another selinux alert I received, related to bluez I believe.

Version-Release number of selected component:
selinux-policy-3.13.1-191.5.fc24.noarch

Additional info:
reporter:       libreport-2.7.2
hashmarkername: setroubleshoot
kernel:         4.6.4-301.fc24.x86_64
type:           libreport

Comment 26 Phil Duby 2016-07-25 20:38:36 UTC
Throw into the mix

I have what seems to be the same issue from another direction.  I have an older laptop that does not have builtin bluetooth.  After upgrading from FC22 to FC24, inserting the usb bluetooth adapter gets:

The source process: (uetoothd)
Attempted this access: mounton
On this directory: /etc

I can successfully connect to my phone, but sharing pictures from the phone to the laptop over bluetooth fails.

Environment:
uname -a
Linux caracal 4.6.4-301.fc24.x86_64 #1 SMP Tue Jul 12 11:50:00 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux
Latest dnf updates as of 2016/07/25 14:28 MDT

To try digging some more details, I rebooted and ran journalctl -f while walking through attempting to connect to and copy a picture from my phone.  The initial errors occur when the usb bluetooth adapter is plugged in.

Steps:
* reboot
* bash shell
* atom /tmp/offline
* journalctl -f
* insert usb bluetooth adapter # first journal entries
* Settings » Bluetooth # more journal entries
* Turn off airplane mode # more journal entries
* phone: bluetooth on
* caracal.felina: connect # more journal entries
* phone: gallery » image » share » bluetooth # file does not copy
* phone: bluetooth off
* settings » Bluetooth » off
* remove usb Bluetooth adapter

journalctl output:
Jul 25 13:48:08 caracal kernel: usb 5-2: new full-speed USB device number 2 using uhci_hcd
Jul 25 13:48:09 caracal kernel: usb 5-2: New USB device found, idVendor=0a5c, idProduct=2101
Jul 25 13:48:09 caracal kernel: usb 5-2: New USB device strings: Mfr=1, Product=2, SerialNumber=3
Jul 25 13:48:09 caracal kernel: usb 5-2: Product: BCM2045A
Jul 25 13:48:09 caracal kernel: usb 5-2: Manufacturer: Broadcom Corp
Jul 25 13:48:09 caracal kernel: usb 5-2: SerialNumber: 000272148454
Jul 25 13:48:09 caracal org.freedesktop.fwupd[850]: (fwupd:1961): libdfu-WARNING **: interface found, but not interface data
Jul 25 13:48:09 caracal kernel: Bluetooth: Core ver 2.21
Jul 25 13:48:09 caracal kernel: NET: Registered protocol family 31
Jul 25 13:48:09 caracal kernel: Bluetooth: HCI device and connection manager initialized
Jul 25 13:48:09 caracal kernel: Bluetooth: HCI socket layer initialized
Jul 25 13:48:09 caracal kernel: Bluetooth: L2CAP socket layer initialized
Jul 25 13:48:09 caracal kernel: Bluetooth: SCO socket layer initialized
Jul 25 13:48:09 caracal kernel: usbcore: registered new interface driver btusb
Jul 25 13:48:09 caracal systemd[1]: Starting Load/Save RF Kill Switch Status...
Jul 25 13:48:09 caracal systemd[1]: Started Load/Save RF Kill Switch Status.
Jul 25 13:48:09 caracal audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-rfkill comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
Jul 25 13:48:09 caracal systemd[1]: Starting Bluetooth service...
Jul 25 13:48:10 caracal audit[3317]: AVC avc:  denied  { mounton } for  pid=3317 comm="(uetoothd)" path="/etc" dev="dm-1" ino=2752513 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:etc_t:s0 tclass=dir permissive=0
Jul 25 13:48:10 caracal bluetoothd[3317]: Bluetooth daemon 5.40
Jul 25 13:48:10 caracal systemd[1]: Started Bluetooth service.
Jul 25 13:48:10 caracal audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=bluetooth comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
Jul 25 13:48:10 caracal systemd[1]: Reached target Bluetooth.
Jul 25 13:48:10 caracal bluetoothd[3317]: Starting SDP server
Jul 25 13:48:10 caracal kernel: Bluetooth: BNEP (Ethernet Emulation) ver 1.3
Jul 25 13:48:10 caracal kernel: Bluetooth: BNEP filters: protocol multicast
Jul 25 13:48:10 caracal kernel: Bluetooth: BNEP socket layer initialized
Jul 25 13:48:10 caracal bluetoothd[3317]: Bluetooth management interface 1.12 initialized
Jul 25 13:48:10 caracal bluetoothd[3317]: Failed to obtain handles for "Service Changed" characteristic
Jul 25 13:48:10 caracal dbus[850]: [system] Activating via systemd: service name='org.freedesktop.hostname1' unit='dbus-org.freedesktop.hostname1.service'
Jul 25 13:48:10 caracal NetworkManager[969]: <info>  [1469476090.4137] bluez: use BlueZ version 5
Jul 25 13:48:10 caracal systemd[1]: Starting Hostname Service...
Jul 25 13:48:10 caracal bluetoothd[3317]: Failed to set mode: Blocked through rfkill (0x12)
Jul 25 13:48:10 caracal bluetoothd[3317]: Endpoint registered: sender=:1.52 path=/MediaEndpoint/A2DPSource
Jul 25 13:48:10 caracal bluetoothd[3317]: Endpoint registered: sender=:1.52 path=/MediaEndpoint/A2DPSink
Jul 25 13:48:10 caracal kernel: Bluetooth: RFCOMM TTY layer initialized
Jul 25 13:48:10 caracal kernel: Bluetooth: RFCOMM socket layer initialized
Jul 25 13:48:10 caracal kernel: Bluetooth: RFCOMM ver 1.11
Jul 25 13:48:10 caracal audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-hostnamed comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
Jul 25 13:48:10 caracal systemd[1]: Started Hostname Service.
Jul 25 13:48:10 caracal bluetoothd[3317]: Failed to set mode: Blocked through rfkill (0x12)
Jul 25 13:48:10 caracal bluetoothd[3317]: Failed to set mode: Blocked through rfkill (0x12)
Jul 25 13:48:10 caracal dbus[850]: [system] Successfully activated service 'org.freedesktop.hostname1'
Jul 25 13:48:13 caracal dbus[850]: [system] Activating service name='org.fedoraproject.Setroubleshootd' (using servicehelper)
Jul 25 13:48:14 caracal audit[1]: SERVICE_STOP pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-rfkill comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
Jul 25 13:48:17 caracal dbus[850]: [system] Successfully activated service 'org.fedoraproject.Setroubleshootd'
Jul 25 13:48:19 caracal setroubleshoot[3327]: SELinux is preventing (uetoothd) from mounton access on the directory /etc. For complete SELinux messages. run sealert -l 751c8204-e0c5-400b-8bfd-fae2417444fd
Jul 25 13:48:19 caracal python3[3327]: SELinux is preventing (uetoothd) from mounton access on the directory /etc.

    *****  Plugin catchall_labels (83.8 confidence) suggests   *******************

    If you want to allow (uetoothd) to have mounton access on the etc directory
    Then you need to change the label on /etc
    Do
    # semanage fcontext -a -t FILE_TYPE '/etc'
    where FILE_TYPE is one of the following: admin_home_t, anon_inodefs_t, audit_spool_t, auditd_log_t, autofs_t, automount_tmp_t, bacula_store_t, binfmt_misc_fs_t, boot_t, capifs_t, cephfs_t, cgroup_t, cifs_t, container_image_t, debugfs_t, default_t, device_t, devpts_t, dnssec_t, dosfs_t, ecryptfs_t, efivarfs_t, fusefs_t, home_root_t, hugetlbfs_t, ifconfig_var_run_t, init_var_run_t, initrc_tmp_t, iso9660_t, kdbusfs_t, mail_spool_t, mnt_t, mqueue_spool_t, named_conf_t, news_spool_t, nfs_t, nfsd_fs_t, onload_fs_t, openshift_tmp_t, openshift_var_lib_t, oracleasmfs_t, proc_t, proc_xen_t, pstore_t, public_content_rw_t, public_content_t, ramfs_t, random_seed_t, removable_t, root_t, rpc_pipefs_t, security_t, spufs_t, src_t, svirt_sandbox_file_t, sysctl_fs_t, sysctl_t, sysfs_t, sysv_t, tmp_t, tmpfs_t, usbfs_t, user_home_dir_t, user_home_t, user_tmp_t, usr_t, var_lib_nfs_t, var_lib_t, var_lock_t, var_log_t, var_run_t, var_t, virt_image_t, virt_var_lib_t, vmblock_t, vxfs_t, xend_var_lib_t, xend_var_run_t, xenfs_t, xenstored_var_lib_t.
    Then execute:
    restorecon -v '/etc'


    *****  Plugin catchall (17.1 confidence) suggests   **************************

    If you believe that (uetoothd) should be allowed mounton access on the etc directory by default.
    Then you should report this as a bug.
    You can generate a local policy module to allow this access.
    Do
    allow this access for now by executing:
    # ausearch -c '(uetoothd)' --raw | audit2allow -M my-uetoothd
    # semodule -X 300 -i my-uetoothd.pp

Jul 25 13:48:40 caracal audit[1]: SERVICE_STOP pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-hostnamed comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
###############
Jul 25 13:55:33 caracal dbus-daemon[1591]: Activating via systemd: service name='org.bluez.obex' unit='dbus-org.bluez.obex.service'
Jul 25 13:55:33 caracal dbus-daemon[1591]: Activation via systemd failed for unit 'dbus-org.bluez.obex.service': Unit dbus-org.bluez.obex.service not found.
Jul 25 13:55:33 caracal bluetoothd[3317]: Failed to set mode: Blocked through rfkill (0x12)
Jul 25 13:55:50 caracal dhclient[1170]: DHCPREQUEST on enp4s0 to 192.168.1.1 port 67 (xid=0x65bcd110)
Jul 25 13:55:51 caracal dhclient[1170]: DHCPACK from 192.168.1.1 (xid=0x65bcd110)
Jul 25 13:55:51 caracal NetworkManager[969]: <info>  [1469476551.6573]   address 192.168.1.22
Jul 25 13:55:51 caracal NetworkManager[969]: <info>  [1469476551.6580]   plen 24 (255.255.255.0)
Jul 25 13:55:51 caracal NetworkManager[969]: <info>  [1469476551.6581]   gateway 192.168.1.1
Jul 25 13:55:51 caracal NetworkManager[969]: <info>  [1469476551.6581]   server identifier 192.168.1.1
Jul 25 13:55:51 caracal NetworkManager[969]: <info>  [1469476551.6581]   lease time 3600
Jul 25 13:55:51 caracal NetworkManager[969]: <info>  [1469476551.6582]   nameserver '192.168.1.11'
Jul 25 13:55:51 caracal NetworkManager[969]: <info>  [1469476551.6582]   nameserver '64.59.135.145'
Jul 25 13:55:51 caracal NetworkManager[969]: <info>  [1469476551.6582]   domain name 'cg.shawcable.net'
Jul 25 13:55:51 caracal NetworkManager[969]: <info>  [1469476551.6583] dhcp4 (enp4s0): state changed bound -> bound
Jul 25 13:55:51 caracal dbus[850]: [system] Activating via systemd: service name='org.freedesktop.nm_dispatcher' unit='dbus-org.freedesktop.nm-dispatcher.service'
Jul 25 13:55:51 caracal dhclient[1170]: bound to 192.168.1.22 -- renewal in 1792 seconds.
Jul 25 13:55:51 caracal systemd[1]: Starting Network Manager Script Dispatcher Service...
Jul 25 13:55:51 caracal dbus[850]: [system] Successfully activated service 'org.freedesktop.nm_dispatcher'
Jul 25 13:55:51 caracal audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=NetworkManager-dispatcher comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
Jul 25 13:55:51 caracal systemd[1]: Started Network Manager Script Dispatcher Service.
Jul 25 13:55:51 caracal nm-dispatcher[3396]: req:1 'dhcp4-change' [enp4s0]: new request (6 scripts)
Jul 25 13:55:51 caracal nm-dispatcher[3396]: req:1 'dhcp4-change' [enp4s0]: start running ordered scripts...
###############
Jul 25 13:56:02 caracal audit[1]: SERVICE_STOP pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=NetworkManager-dispatcher comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
Jul 25 13:56:42 caracal systemd[1]: Starting Load/Save RF Kill Switch Status...
Jul 25 13:56:42 caracal systemd[1]: Started Load/Save RF Kill Switch Status.
Jul 25 13:56:42 caracal audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-rfkill comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
Jul 25 13:56:42 caracal NetworkManager[969]: <info>  [1469476602.3461] audit: op="radio-control" arg="wwan-enabled:1" pid=1805 uid=1000 result="success"
Jul 25 13:56:47 caracal audit[1]: SERVICE_STOP pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-rfkill comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
###############
Jul 25 13:59:42 caracal rtkit-daemon[872]: Supervising 6 threads of 2 processes of 2 users.
Jul 25 13:59:42 caracal rtkit-daemon[872]: Successfully made thread 3444 of process 1684 (/usr/bin/pulseaudio) owned by '1000' RT at priority 5.
Jul 25 13:59:42 caracal rtkit-daemon[872]: Supervising 7 threads of 2 processes of 2 users.
Jul 25 13:59:46 caracal kernel: input: BC:E6:3F:BD:1B:77 as /devices/virtual/input/input13
Jul 25 13:59:46 caracal /usr/libexec/gdm-x-session[1563]: (II) config/udev: Adding input device BC:E6:3F:BD:1B:77 (/dev/input/event12)
Jul 25 13:59:46 caracal /usr/libexec/gdm-x-session[1563]: (**) BC:E6:3F:BD:1B:77: Applying InputClass "evdev keyboard catchall"
Jul 25 13:59:46 caracal /usr/libexec/gdm-x-session[1563]: (**) BC:E6:3F:BD:1B:77: Applying InputClass "libinput keyboard catchall"
Jul 25 13:59:46 caracal /usr/libexec/gdm-x-session[1563]: (**) BC:E6:3F:BD:1B:77: Applying InputClass "system-keyboard"
Jul 25 13:59:46 caracal /usr/libexec/gdm-x-session[1563]: (II) systemd-logind: got fd for /dev/input/event12 13:76 fd 37 paused 0
Jul 25 13:59:46 caracal /usr/libexec/gdm-x-session[1563]: (II) Using input driver 'libinput' for 'BC:E6:3F:BD:1B:77'
Jul 25 13:59:46 caracal /usr/libexec/gdm-x-session[1563]: (**) BC:E6:3F:BD:1B:77: always reports core events
Jul 25 13:59:46 caracal /usr/libexec/gdm-x-session[1563]: (**) Option "Device" "/dev/input/event12"
Jul 25 13:59:46 caracal /usr/libexec/gdm-x-session[1563]: (**) Option "_source" "server/udev"
Jul 25 13:59:46 caracal /usr/libexec/gdm-x-session[1563]: (II) input device 'BC:E6:3F:BD:1B:77', /dev/input/event12 is tagged by udev as: Keyboard
Jul 25 13:59:46 caracal /usr/libexec/gdm-x-session[1563]: (II) input device 'BC:E6:3F:BD:1B:77', /dev/input/event12 is a keyboard
Jul 25 13:59:46 caracal /usr/libexec/gdm-x-session[1563]: (**) Option "config_info" "udev:/sys/devices/virtual/input/input13/event12"
Jul 25 13:59:46 caracal /usr/libexec/gdm-x-session[1563]: (II) XINPUT: Adding extended input device "BC:E6:3F:BD:1B:77" (type: KEYBOARD, id 15)
Jul 25 13:59:46 caracal /usr/libexec/gdm-x-session[1563]: (**) Option "xkb_layout" "us,ca"
Jul 25 13:59:46 caracal /usr/libexec/gdm-x-session[1563]: (**) Option "xkb_variant" ",multix"
Jul 25 13:59:46 caracal /usr/libexec/gdm-x-session[1563]: (II) input device 'BC:E6:3F:BD:1B:77', /dev/input/event12 is tagged by udev as: Keyboard
Jul 25 13:59:46 caracal /usr/libexec/gdm-x-session[1563]: (II) input device 'BC:E6:3F:BD:1B:77', /dev/input/event12 is a keyboard
Jul 25 13:59:46 caracal /usr/libexec/gdm-x-session[1563]: The XKEYBOARD keymap compiler (xkbcomp) reports:
Jul 25 13:59:46 caracal /usr/libexec/gdm-x-session[1563]: > Error:            Key <MDSW> added to map for multiple modifiers
Jul 25 13:59:46 caracal /usr/libexec/gdm-x-session[1563]: >                   Using Mod3, ignoring Mod5.
Jul 25 13:59:46 caracal /usr/libexec/gdm-x-session[1563]: Errors from xkbcomp are not fatal to the X server
###############
Jul 25 14:02:47 caracal bluetoothd[3317]: /org/bluez/hci0/dev_BC_E6_3F_BD_1B_77/fd0: fd(23) ready
###############
Jul 25 14:07:22 caracal /usr/libexec/gdm-x-session[1563]: (II) config/udev: removing device BC:E6:3F:BD:1B:77
Jul 25 14:07:23 caracal /usr/libexec/gdm-x-session[1563]: (**) Option "fd" "37"
Jul 25 14:07:23 caracal /usr/libexec/gdm-x-session[1563]: (II) UnloadModule: "libinput"
Jul 25 14:07:23 caracal /usr/libexec/gdm-x-session[1563]: (II) systemd-logind: releasing fd for 13:76
Jul 25 14:07:23 caracal /usr/libexec/gdm-x-session[1563]: (EE) systemd-logind: failed to release device: Device not taken
Jul 25 14:07:22 caracal dbus[850]: [system] Rejected send message, 4 matched rules; type="method_return", sender=":1.52" (uid=1000 pid=1684 comm="/usr/bin/pulseaudio --start --log-target=syslog ") interface="(unset)" member="(unset)" error name="(unset)" requested_reply="0" destination=":1.88" (uid=0 pid=3317 comm="/usr/libexec/bluetooth/bluetoothd ")
###############
Jul 25 14:09:09 caracal systemd[1]: Starting Load/Save RF Kill Switch Status...
Jul 25 14:09:09 caracal audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-rfkill comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
Jul 25 14:09:09 caracal systemd[1]: Started Load/Save RF Kill Switch Status.
Jul 25 14:09:14 caracal audit[1]: SERVICE_STOP pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-rfkill comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
###############
Jul 25 14:11:19 caracal kernel: usb 5-2: USB disconnect, device number 2
Jul 25 14:11:19 caracal bluetoothd[3317]: Endpoint unregistered: sender=:1.52 path=/MediaEndpoint/A2DPSource
Jul 25 14:11:19 caracal systemd[1]: Starting Load/Save RF Kill Switch Status...
Jul 25 14:11:19 caracal bluetoothd[3317]: Endpoint unregistered: sender=:1.52 path=/MediaEndpoint/A2DPSink
Jul 25 14:11:19 caracal systemd[1]: bluetooth.target: Unit not needed anymore. Stopping.
Jul 25 14:11:19 caracal systemd[1]: Stopped target Bluetooth.
Jul 25 14:11:19 caracal audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-rfkill comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
Jul 25 14:11:19 caracal systemd[1]: Started Load/Save RF Kill Switch Status.
Jul 25 14:11:19 caracal dbus[850]: [system] Rejected send message, 4 matched rules; type="error", sender=":1.52" (uid=1000 pid=1684 comm="/usr/bin/pulseaudio --start --log-target=syslog ") interface="(unset)" member="(unset)" error name="org.bluez.MediaEndpoint1.Error.NotImplemented" requested_reply="0" destination=":1.88" (uid=0 pid=3317 comm="/usr/libexec/bluetooth/bluetoothd ")
Jul 25 14:11:19 caracal dbus[850]: [system] Rejected send message, 4 matched rules; type="error", sender=":1.52" (uid=1000 pid=1684 comm="/usr/bin/pulseaudio --start --log-target=syslog ") interface="(unset)" member="(unset)" error name="org.bluez.MediaEndpoint1.Error.NotImplemented" requested_reply="0" destination=":1.88" (uid=0 pid=3317 comm="/usr/libexec/bluetooth/bluetoothd ")
Jul 25 14:11:19 caracal dbus[850]: [system] Rejected send message, 4 matched rules; type="error", sender=":1.52" (uid=1000 pid=1684 comm="/usr/bin/pulseaudio --start --log-target=syslog ") interface="(unset)" member="(unset)" error name="org.bluez.MediaEndpoint1.Error.NotImplemented" requested_reply="0" destination=":1.88" (uid=0 pid=3317 comm="/usr/libexec/bluetooth/bluetoothd ")
Jul 25 14:11:19 caracal dbus[850]: [system] Rejected send message, 4 matched rules; type="error", sender=":1.52" (uid=1000 pid=1684 comm="/usr/bin/pulseaudio --start --log-target=syslog ") interface="(unset)" member="(unset)" error name="org.bluez.MediaEndpoint1.Error.NotImplemented" requested_reply="0" destination=":1.88" (uid=0 pid=3317 comm="/usr/libexec/bluetooth/bluetoothd ")
Jul 25 14:11:19 caracal org.freedesktop.fwupd[850]: (fwupd:1961): GLib-GObject-CRITICAL **: g_object_unref: assertion 'G_IS_OBJECT (object)' failed
Jul 25 14:11:23 caracal PackageKit[1433]: get-updates transaction /3307_ecedecbb from uid 1000 finished with success after 110ms
Jul 25 14:11:24 caracal audit[1]: SERVICE_STOP pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-rfkill comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'

Comment 27 Kwang Moo Yi 2016-07-26 21:58:18 UTC
Indeed this bug is still affecting me as well.

Comment 28 Aleksandar Kostadinov 2016-07-28 16:20:50 UTC
I don't see a build in koji [1], am I doing something wrong or we just wait for something else to perform a build?

[1] http://koji.fedoraproject.org/koji/packageinfo?packageID=32

Comment 29 Robb Romans 2016-07-29 15:57:31 UTC
Confirmed for me as well.

Comment 30 Adam Hunt 2016-07-30 06:50:34 UTC
I can confirm this as well. I've been seeing this behavior since at least F23, if not earlier (yes, I've failed to report this issue many times, sorry).

While I'm certainly no expert I wonder if we have at least two separate issues here. The first is the policy issue that's being triggered. The second relates to the fact that at least some portion of the SELinux toolchain is convinced that there's a binary with the name "uetoothd".

Comment 31 Michael Chapman 2016-07-30 07:05:39 UTC
(In reply to Adam Hunt from comment #30)
> I can confirm this as well. I've been seeing this behavior since at least
> F23, if not earlier (yes, I've failed to report this issue many times,
> sorry).

I'm not sure how you can have seen this on F23. As far as I can see the SELinux policy permits the action there:

# sesearch -s init_t -t etc_t -c dir -p mounton --allow
Found 1 semantic av rules:
   allow files_unconfined_type file_type : dir { ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename execute swapon quotaon mounton add_name remove_name reparent search rmdir open audit_access execmod } ; 

> While I'm certainly no expert I wonder if we have at least two separate
> issues here. The first is the policy issue that's being triggered. The
> second relates to the fact that at least some portion of the SELinux
> toolchain is convinced that there's a binary with the name "uetoothd".

That has nothing to do with SELinux. The "(uetoothd)" is the comm field set up by systemd *before* it executes bluetoothd. See my comment 17 for details on why it looks like this.

Comment 32 srrosten 2016-07-30 22:29:16 UTC
*** Bug 1361819 has been marked as a duplicate of this bug. ***

Comment 33 Aleksandar Kostadinov 2016-07-31 09:54:30 UTC
FYI I've never seen exactly this issue with fedora 23.

Comment 34 Leszek Matok 2016-08-01 06:33:40 UTC
Description of problem:
This happens every reboot for me. Pretty sure this is bluetoothd (from bluez package), but for whatever reason I only see (uetoothd)?

Version-Release number of selected component:
selinux-policy-3.13.1-191.5.fc24.noarch

Additional info:
reporter:       libreport-2.7.2
hashmarkername: setroubleshoot
kernel:         4.6.4-301.fc24.x86_64
type:           libreport

Comment 35 Phil Duby 2016-08-01 18:27:31 UTC
(In reply to Leszek Matok from comment #34)
> Description of problem:
> This happens every reboot for me. Pretty sure this is bluetoothd (from bluez
> package), but for whatever reason I only see (uetoothd)?

"(uetoothd)" is bluetoothd.  See comment #17 in this report, and minor correction in comment #24.

comment #31 just above also references back to comment #17

Every reboot because Bluetooth is initialized each time, and fails the same way each time.  Unless one of the workarounds is used.  Issue status says fixed in selinux-policy-3.13.1-191.9.fc24.  My system is currently using 3.13.1-191.5.fc24, so waiting until -9 gets rolled out to remove the workaround.

Comment 36 Aleksandar Kostadinov 2016-08-01 18:34:18 UTC
You can try koji build:
http://koji.fedoraproject.org/koji/buildinfo?buildID=786414

I installed but have not rebooted since so not sure if it resolves all issues.

Comment 37 jrweare 2016-08-02 11:35:04 UTC
Description of problem:
boot
(F24 with upstream kernel 4.8.0-0.rc0.git2.2.fc26.x86_64)

Version-Release number of selected component:
selinux-policy-3.13.1-191.8.fc24.noarch

Additional info:
reporter:       libreport-2.7.2
hashmarkername: setroubleshoot
kernel:         4.8.0-0.rc0.git2.2.fc26.x86_64
type:           libreport

Comment 38 Aleksandar Kostadinov 2016-08-02 13:51:05 UTC
I can confirm that the original denial goes away with the new selinux-package
selinux-policy-3.13.1-191.9.fc24.noarch

Now I saw another issue with selinux policy related to using DUN (bug 1362544) and possibly headset (bug 1338996) but it/they can be tracked separately.

Comment 39 Doncho Gunchev 2016-08-03 13:34:30 UTC
Description of problem:
I am using Blueman. I turned bluetooth off (from the tray icon) and then on. The error popped up.

Version-Release number of selected component:
selinux-policy-3.13.1-191.8.fc24.noarch

Additional info:
reporter:       libreport-2.7.2
hashmarkername: setroubleshoot
kernel:         4.6.4-301.fc24.x86_64
type:           libreport

Comment 40 Kwang Moo Yi 2016-08-03 15:11:10 UTC
I can confirm as well the problem goes away as well with selinux-policy-3.13.1-191.9.fc24.noarch

Comment 41 Christophe GERARDIN 2016-08-07 20:09:34 UTC
Description of problem:
sudo dnf update

Version-Release number of selected component:
selinux-policy-3.13.1-191.8.fc24.noarch

Additional info:
reporter:       libreport-2.7.2
hashmarkername: setroubleshoot
kernel:         4.6.4-301.fc24.x86_64
type:           libreport

Comment 42 Marty Wesley 2016-08-07 23:53:41 UTC
Description of problem:
Updating my system using 'dnf update -y'

Version-Release number of selected component:
selinux-policy-3.13.1-191.8.fc24.noarch

Additional info:
reporter:       libreport-2.7.2
hashmarkername: setroubleshoot
kernel:         4.6.4-301.fc24.x86_64
type:           libreport

Comment 43 keshav.kira 2016-08-08 07:55:32 UTC
Description of problem:
i don't now what happens. i just type 'sudo yum -y update' and i get this error. i am very new to linux therefore don't no anything about it.

Version-Release number of selected component:
selinux-policy-3.13.1-191.8.fc24.noarch

Additional info:
reporter:       libreport-2.7.2
hashmarkername: setroubleshoot
kernel:         4.6.4-301.fc24.x86_64
type:           libreport

Comment 44 edo 2016-08-08 08:22:17 UTC
Description of problem:
running  "dnf distro-sync" and start removing selective packages.

Version-Release number of selected component:
selinux-policy-3.13.1-191.8.fc24.noarch

Additional info:
reporter:       libreport-2.7.2
hashmarkername: setroubleshoot
kernel:         4.6.4-301.fc24.x86_64
type:           libreport

Comment 45 Dave Allan 2016-08-09 14:41:39 UTC
Description of problem:
I'm not 100% certain, but I think this reliably reproduces with the following steps:

create a temporary user
allow X connections by that user "xhost +si:localuser:username"
su to that user
spawn firefox as that user
close firefox
log out as that user
userdel that user

Version-Release number of selected component:
selinux-policy-3.13.1-191.8.fc24.noarch

Additional info:
reporter:       libreport-2.7.2
hashmarkername: setroubleshoot
kernel:         4.6.4-301.fc24.x86_64
type:           libreport

Comment 46 avitygrai 2016-08-10 05:46:31 UTC
Description of problem:
Ran # dnf update. The package "bluez" was part of the upgrade.

Version-Release number of selected component:
selinux-policy-3.13.1-191.8.fc24.noarch

Additional info:
reporter:       libreport-2.7.2
hashmarkername: setroubleshoot
kernel:         4.6.4-301.fc24.x86_64
type:           libreport

Comment 47 Fedora Update System 2016-08-10 12:24:08 UTC
selinux-policy-3.13.1-191.10.fc24 has been pushed to the Fedora 24 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-2c8a3e08c6

Comment 48 fred 2016-08-10 16:19:51 UTC
Description of problem:
powertop as a service seems to trigger this error. 
disabling powertop.service helps.

Version-Release number of selected component:
selinux-policy-3.13.1-191.8.fc24.noarch

Additional info:
reporter:       libreport-2.7.2
hashmarkername: setroubleshoot
kernel:         4.6.5-300.fc24.x86_64
type:           libreport

Comment 49 imspidermannomore 2016-08-10 22:26:56 UTC
*** Bug 1366056 has been marked as a duplicate of this bug. ***

Comment 50 Michal Nowak 2016-08-12 19:03:51 UTC
Description of problem:
Turned on bluetooth headphones.

Version-Release number of selected component:
selinux-policy-3.13.1-191.8.fc24.noarch

Additional info:
reporter:       libreport-2.7.2
hashmarkername: setroubleshoot
kernel:         4.6.5-300.fc24.x86_64
type:           libreport

Comment 51 Fedora Update System 2016-08-12 19:28:05 UTC
selinux-policy-3.13.1-191.10.fc24 has been pushed to the Fedora 24 stable repository. If problems still persist, please make note of it in this bug report.

Comment 52 Daniel Demus 2016-08-14 10:30:56 UTC
Description of problem:
trying to upload via bluetooth to this device.

uestoothd should probably be bluetoothd.

Version-Release number of selected component:
selinux-policy-3.13.1-191.8.fc24.noarch

Additional info:
reporter:       libreport-2.7.2
hashmarkername: setroubleshoot
kernel:         4.6.5-300.fc24.x86_64
type:           libreport

Comment 53 Matheus 2016-09-17 17:59:32 UTC
Description of problem:
i have turned off bluetooth and tried to get it up again.

Version-Release number of selected component:
selinux-policy-3.13.1-191.8.fc24.noarch

Additional info:
reporter:       libreport-2.7.2
hashmarkername: setroubleshoot
kernel:         4.6.4-301.fc24.x86_64
type:           libreport


Note You need to log in before you can comment on or make changes to this bug.