Hide Forgot
Description of problem: Appeared right after the login on the desktop (Gnome) SELinux is preventing (uetoothd) from 'mounton' accesses on the directory /etc. ***** Plugin catchall_labels (83.8 confidence) suggests ******************* If you want to allow (uetoothd) to have mounton access on the etc directory Then you need to change the label on /etc Do # semanage fcontext -a -t FILE_TYPE '/etc' where FILE_TYPE is one of the following: admin_home_t, anon_inodefs_t, audit_spool_t, auditd_log_t, autofs_t, automount_tmp_t, bacula_store_t, binfmt_misc_fs_t, boot_t, capifs_t, cephfs_t, cgroup_t, cifs_t, container_image_t, debugfs_t, default_t, device_t, devpts_t, dnssec_t, dosfs_t, ecryptfs_t, efivarfs_t, fusefs_t, home_root_t, hugetlbfs_t, ifconfig_var_run_t, init_var_run_t, initrc_tmp_t, iso9660_t, kdbusfs_t, mail_spool_t, mnt_t, mqueue_spool_t, named_conf_t, news_spool_t, nfs_t, nfsd_fs_t, openshift_tmp_t, openshift_var_lib_t, oracleasmfs_t, proc_t, proc_xen_t, pstore_t, public_content_rw_t, public_content_t, ramfs_t, random_seed_t, removable_t, root_t, rpc_pipefs_t, security_t, spufs_t, src_t, svirt_sandbox_file_t, sysctl_fs_t, sysctl_t, sysfs_t, sysv_t, tmp_t, tmpfs_t, usbfs_t, user_home_dir_t, user_home_t, user_tmp_t, usr_t, var_lib_nfs_t, var_lib_t, var_lock_t, var_log_t, var_run_t, var_t, virt_image_t, virt_var_lib_t, vmblock_t, vxfs_t, xend_var_lib_t, xend_var_run_t, xenfs_t, xenstored_var_lib_t. Then execute: restorecon -v '/etc' ***** Plugin catchall (17.1 confidence) suggests ************************** If you believe that (uetoothd) should be allowed mounton access on the etc directory by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # ausearch -c '(uetoothd)' --raw | audit2allow -M my-uetoothd # semodule -X 300 -i my-uetoothd.pp Additional Information: Source Context system_u:system_r:init_t:s0 Target Context system_u:object_r:etc_t:s0 Target Objects /etc [ dir ] Source (uetoothd) Source Path (uetoothd) Port <Unknown> Host (removed) Source RPM Packages Target RPM Packages filesystem-3.2-37.fc24.x86_64 Policy RPM selinux-policy-3.13.1-190.fc24.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 4.5.5-300.fc24.x86_64 #1 SMP Thu May 19 13:05:32 UTC 2016 x86_64 x86_64 Alert Count 1 First Seen 2016-06-01 19:05:19 CEST Last Seen 2016-06-01 19:05:19 CEST Local ID af9d8e01-bd99-4ada-a230-b3412a5f8817 Raw Audit Messages type=AVC msg=audit(1464800719.714:362): avc: denied { mounton } for pid=1796 comm="(uetoothd)" path="/etc" dev="dm-0" ino=524291 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:etc_t:s0 tclass=dir permissive=0 Hash: (uetoothd),init_t,etc_t,dir,mounton Version-Release number of selected component: selinux-policy-3.13.1-190.fc24.noarch Additional info: reporter: libreport-2.7.1 hashmarkername: setroubleshoot kernel: 4.5.5-300.fc24.x86_64 reproducible: Not sure how to reproduce the problem type: libreport
Description of problem: I´m not sure why this was triggered, only that it was during or a little after an yum update. Version-Release number of selected component: selinux-policy-3.13.1-190.fc24.noarch Additional info: reporter: libreport-2.7.1 hashmarkername: setroubleshoot kernel: 4.5.4-300.fc24.x86_64 reproducible: Not sure how to reproduce the problem type: libreport
Description of problem: after login Version-Release number of selected component: selinux-policy-3.13.1-190.fc24.noarch Additional info: reporter: libreport-2.7.1 hashmarkername: setroubleshoot kernel: 4.5.5-300.fc24.x86_64 reproducible: Not sure how to reproduce the problem type: libreport
what the hell is "uetoothd"? - there is no such binary, something very very bad must be happening here ...
It's a filename of the executable, resp the executable's name from the task structure. You can find it in the comm= field in the audit record event. In this particular case it's most likely a bluetoothd process.
Description of problem: Installed F24 beta, then did a DNF upgrade to latest bits. Noticed this SELinux alert while the update was running. Version-Release number of selected component: selinux-policy-3.13.1-190.fc24.noarch Additional info: reporter: libreport-2.7.1 hashmarkername: setroubleshoot kernel: 4.5.2-302.fc24.x86_64 reproducible: Not sure how to reproduce the problem type: libreport
Description of problem: I found this report after the login on the desktop (gnome) Version-Release number of selected component: selinux-policy-3.13.1-190.fc24.noarch Additional info: reporter: libreport-2.7.1 hashmarkername: setroubleshoot kernel: 4.5.6-300.fc24.x86_64 reproducible: Not sure how to reproduce the problem type: libreport
*** Bug 1342708 has been marked as a duplicate of this bug. ***
*** Bug 1342273 has been marked as a duplicate of this bug. ***
Description of problem: To reproduce 1 - Fresh Install of f24 beta from fedora official website (did not produce such notification) 2- dnf upgrade to get the latest bits => notification of two errors with SELinux a_ This one says "SELinux is preventing (uetoothd) from mounton access on the directory /etc." {Note : confirming that this error notification says "uetoothd" not sure if this is a mispelling of bluetoothd?} b_ Another one says "SELinux is preventing accounts-daemon from write access on the directory root." Version-Release number of selected component: selinux-policy-3.13.1-190.fc24.noarch Additional info: reporter: libreport-2.7.1 hashmarkername: setroubleshoot kernel: 4.5.2-302.fc24.x86_64 reproducible: Not sure how to reproduce the problem type: libreport
The "comm" field is an unreliable way to determine the process name; it has a limited size and can be racy. The prefered method for determining the process name is via the PROCTITLE audit record, although it is hex encoded (using 'ausearch -i' will help decode the PROCTITLE command string).
To add to my last comment, the task_struct->comm field is not currently protected by any locks/semaphores/etc. which means that it is possible for it be changed while we are copying the ->comm string into the audit record. It seems odd to me that the front of "bluetoothd" is being stripped, as I would have expected the end to get cut, but anything is possible without any synchronization between readers and writers.
Description of problem: occurs at every boot Version-Release number of selected component: selinux-policy-3.13.1-190.fc24.noarch Additional info: reporter: libreport-2.7.1 hashmarkername: setroubleshoot kernel: 4.5.7-300.fc24.x86_64 reproducible: Not sure how to reproduce the problem type: libreport
*** ConfidentialBug 1347963 has been marked as a duplicate of this bug. ***
(In reply to dzspam from comment #12) > Description of problem: > occurs at every boot > > Version-Release number of selected component: > selinux-policy-3.13.1-190.fc24.noarch > > Additional info: > reporter: libreport-2.7.1 > hashmarkername: setroubleshoot > kernel: 4.5.7-300.fc24.x86_64 > reproducible: Not sure how to reproduce the problem > type: libreport Occurs at every boot.
I'm seeing the same error. As a result, I'm unable to add or remove any Bluetooth devices in Settings -> Bluetooth, nor am I able to connect to my bluetooth speakers which I had successfully configured in F23 before the upgrade to F24.
Indeed. I had not noticed before, but this issue prevents the Gnome bluetooth subsystem from detecting the dongle correctly. Despite bluetoothctl detecting normally the dongle and nearby devices, the Gnome GUI is unable to interact with the dongle, and it also generates this AVC. It definitely references the /usr/libexec/bluetooth/bluetoothd binary, however, I'm not sure neither why it did truncate the first character, nor what is the proper fix in this situation. Also, sealert couldn't give any marginally sane solution.
(In reply to Paul Moore from comment #11) > To add to my last comment, the task_struct->comm field is not currently > protected by any locks/semaphores/etc. which means that it is possible for > it be changed while we are copying the ->comm string into the audit record. > It seems odd to me that the front of "bluetoothd" is being stripped, as I > would have expected the end to get cut, but anything is possible without any > synchronization between readers and writers. When systemd forks off a child process, it sets comm to the last few characters of the executable name, all enclosed in parentheses. This is so that things like systemd-networkd, systemd-resolved, systemd-journald, etc. can be distinguished from one another rather than all appearing as something like "(systemd-)". Anyway, this bug has nothing to do with bluetoothd. I just got these AVC denials: type=AVC msg=audit(1467890056.999:14679): avc: denied { mounton } for pid=28103 comm="(doveadm)" path="/etc" dev="dm-0" ino=8388705 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:etc_t:s0 tclass=dir permissive=1 type=AVC msg=audit(1467890073.121:77): avc: denied { mounton } for pid=692 comm="(rtscript)" path="/etc" dev="dm-0" ino=8388705 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:etc_t:s0 tclass=dir permissive=0 type=AVC msg=audit(1467890073.174:80): avc: denied { mounton } for pid=697 comm="(networkd)" path="/etc" dev="dm-0" ino=8388705 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:etc_t:s0 tclass=dir permissive=0 type=AVC msg=audit(1467890073.258:86): avc: denied { mounton } for pid=715 comm="(dovecot)" path="/etc" dev="dm-0" ino=8388705 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:etc_t:s0 tclass=dir permissive=0 All of these systemd services have: ProtectSystem=yes which amongst other things wants to remount /etc read-only. Some local policy is currently working around the issue: allow init_t etc_t:dir mounton; Would be good to get this in selinux-policy-targeted.
Description of problem: dnf update triggered it, relevant packages: bluez.x86_64 5.40-2.fc24 bluez-cups.x86_64 5.40-2.fc24 bluez-libs.x86_64 5.40-2.fc24 bluez-obexd.x86_64 5.40-2.fc24 selinux-policy.noarch 3.13.1-191.5.fc24 selinux-policy-targeted.noarch 3.13.1-191.5.fc24 Version-Release number of selected component: selinux-policy-3.13.1-191.5.fc24.noarch Additional info: reporter: libreport-2.7.1 hashmarkername: setroubleshoot kernel: 4.6.3-300.fc24.x86_64 reproducible: Not sure how to reproduce the problem type: libreport
Description of problem: I was performing a dnf update: $ sudo dnf history info 56 Transaction ID : 56 Begin time : Wed Jul 20 07:43:22 2016 Begin rpmdb : 2311:838d93c3d00696beb64aa321075836cd8fa92621 End time : 07:45:09 2016 (107 seconds) End rpmdb : 2333:5320717b315b60bd85a735bd599b0656103adbba User : System <unset> Return-Code : Success Command Line : update --exclude=gnome-online-accounts --allowerasing --exclude=kernel* --best Transaction performed with: Installed dnf-1.1.9-2.fc24.noarch @koji-override-1 Installed rpm-4.13.0-0.rc1.27.fc24.x86_64 @koji-override-1 Packages Altered: Upgraded GeoIP-GeoLite-data-2016.05-1.fc24.noarch @koji-override-1 Upgrade 2016.07-1.fc24.noarch @updates Upgraded PackageKit-1.1.1-3.fc24.x86_64 (unknown) Upgrade 1.1.3-1.fc24.x86_64 @updates Upgraded PackageKit-command-not-found-1.1.1-3.fc24.x86_64 (unknown) Upgrade 1.1.3-1.fc24.x86_64 @updates Upgraded PackageKit-glib-1.1.1-3.fc24.x86_64 (unknown) Upgrade 1.1.3-1.fc24.x86_64 @updates Upgraded PackageKit-gstreamer-plugin-1.1.1-3.fc24.x86_64 (unknown) Upgrade 1.1.3-1.fc24.x86_64 @updates Upgraded PackageKit-gtk3-module-1.1.1-3.fc24.x86_64 (unknown) Upgrade 1.1.3-1.fc24.x86_64 @updates Upgraded SDL2-2.0.4-4.fc24.i686 @fedora Upgraded SDL2-2.0.4-4.fc24.x86_64 @koji-override-1 Upgrade 2.0.4-6.fc24.i686 @updates Upgrade 2.0.4-6.fc24.x86_64 @updates Upgraded audit-2.6.2-1.fc24.x86_64 (unknown) Upgrade 2.6.5-1.fc24.x86_64 @updates Upgraded audit-libs-2.6.2-1.fc24.i686 (unknown) Upgraded audit-libs-2.6.2-1.fc24.x86_64 (unknown) Upgrade 2.6.5-1.fc24.i686 @updates Upgrade 2.6.5-1.fc24.x86_64 @updates Upgraded audit-libs-python3-2.6.2-1.fc24.x86_64 (unknown) Upgrade 2.6.5-1.fc24.x86_64 @updates Upgraded bluez-5.40-1.fc24.x86_64 (unknown) Upgrade 5.40-2.fc24.x86_64 @updates Upgraded bluez-cups-5.40-1.fc24.x86_64 (unknown) Upgrade 5.40-2.fc24.x86_64 @updates Upgraded bluez-libs-5.40-1.fc24.x86_64 (unknown) Upgrade 5.40-2.fc24.x86_64 @updates Upgraded bluez-obexd-5.40-1.fc24.x86_64 (unknown) Upgrade 5.40-2.fc24.x86_64 @updates Install bubblewrap-0.1.1-1.fc24.x86_64 @updates Upgraded checkpolicy-2.5-2.fc24.x86_64 @koji-override-1 Upgrade 2.5-6.fc24.x86_64 @updates Upgraded coreutils-8.25-5.fc24.x86_64 @koji-override-1 Upgrade 8.25-6.fc24.x86_64 @updates Upgraded coreutils-common-8.25-5.fc24.x86_64 @koji-override-1 Upgrade 8.25-6.fc24.x86_64 @updates Upgraded dnsmasq-2.75-4.fc24.x86_64 @koji-override-1 Upgrade 2.76-1.fc24.x86_64 @updates Upgraded dracut-044-18.git20160108.fc24.x86_64 @koji-override-1 Upgrade 044-20.fc24.x86_64 @updates Upgraded dracut-config-generic-044-18.git20160108.fc24.x86_64 @koji-override-1 Upgrade 044-20.fc24.x86_64 @updates Upgraded dracut-config-rescue-044-18.git20160108.fc24.x86_64 @koji-override-1 Upgrade 044-20.fc24.x86_64 @updates Upgraded dracut-live-044-18.git20160108.fc24.x86_64 @koji-override-0 Upgrade 044-20.fc24.x86_64 @updates Upgraded dracut-network-044-18.git20160108.fc24.x86_64 @koji-override-1 Upgrade 044-20.fc24.x86_64 @updates Upgraded ebtables-2.0.10-19.fc24.x86_64 @koji-override-1 Upgrade 2.0.10-20.fc24.x86_64 @updates Upgraded edk2-ovmf-20160418gita8c39ba-1.fc24.noarch (unknown) Upgrade 20160418gita8c39ba-2.fc24.noarch @updates Erase electron-1.2.3-1.prebuilt.fc24.x86_64 (unknown) Install electron-1.2.7-1.prebuilt.fc24.x86_64 @mosquito-vscode Upgraded evolution-3.20.3-1.fc24.x86_64 (unknown) Upgrade 3.20.4-1.fc24.x86_64 @updates Upgraded evolution-data-server-3.20.3-1.fc24.x86_64 (unknown) Upgrade 3.20.4-1.fc24.x86_64 @updates Upgraded evolution-ews-3.20.3-1.fc24.x86_64 (unknown) Upgrade 3.20.4-1.fc24.x86_64 @updates Upgraded evolution-help-3.20.3-1.fc24.noarch (unknown) Upgrade 3.20.4-1.fc24.noarch @updates Upgraded fedpkg-1.24-2.fc24.noarch (unknown) Upgrade 1.24-3.fc24.noarch @updates Upgraded firefox-47.0-6.fc24.x86_64 (unknown) Upgrade 47.0.1-2.fc24.x86_64 @updates Upgraded firewalld-0.4.3.1-2.fc24.noarch (unknown) Upgrade 0.4.3.2-1.fc24.noarch @updates Upgraded firewalld-filesystem-0.4.3.1-2.fc24.noarch (unknown) Upgrade 0.4.3.2-1.fc24.noarch @updates Upgraded fuse-2.9.4-4.fc24.x86_64 @koji-override-1 Upgrade 2.9.7-1.fc24.x86_64 @updates Upgraded fuse-libs-2.9.4-4.fc24.x86_64 @koji-override-1 Upgrade 2.9.7-1.fc24.x86_64 @updates Upgraded fwupd-0.7.2-1.fc24.x86_64 (unknown) Upgrade 0.7.2-2.fc24.x86_64 @updates Upgraded git-2.7.4-1.fc24.x86_64 @koji-override-1 Upgrade 2.7.4-2.fc24.x86_64 @updates Upgraded git-core-2.7.4-1.fc24.x86_64 @koji-override-1 Upgrade 2.7.4-2.fc24.x86_64 @updates Upgraded git-core-doc-2.7.4-1.fc24.x86_64 @koji-override-1 Upgrade 2.7.4-2.fc24.x86_64 @updates Upgraded glusterfs-3.8.0-2.fc24.x86_64 (unknown) Upgrade 3.8.1-1.fc24.x86_64 @updates Upgraded glusterfs-api-3.8.0-2.fc24.x86_64 (unknown) Upgrade 3.8.1-1.fc24.x86_64 @updates Upgraded glusterfs-client-xlators-3.8.0-2.fc24.x86_64 (unknown) Upgrade 3.8.1-1.fc24.x86_64 @updates Upgraded glusterfs-fuse-3.8.0-2.fc24.x86_64 (unknown) Upgrade 3.8.1-1.fc24.x86_64 @updates Upgraded glusterfs-libs-3.8.0-2.fc24.x86_64 (unknown) Upgrade 3.8.1-1.fc24.x86_64 @updates Upgraded gnome-session-3.20.1-1.fc24.x86_64 @koji-override-1 Upgrade 3.20.2-1.fc24.x86_64 @updates Upgraded gnome-session-wayland-session-3.20.1-1.fc24.x86_64 @koji-override-1 Upgrade 3.20.2-1.fc24.x86_64 @updates Upgraded gnome-session-xsession-3.20.1-1.fc24.x86_64 @koji-override-1 Upgrade 3.20.2-1.fc24.x86_64 @updates Upgraded gnome-shell-3.20.3-1.fc24.x86_64 (unknown) Upgrade 3.20.3-3.fc24.x86_64 @updates Upgraded gnome-software-3.20.3-1.fc24.x86_64 @koji-override-1 Upgrade 3.20.4-1.fc24.x86_64 @updates Upgraded gnutls-3.4.13-1.fc24.i686 @updates Upgraded gnutls-3.4.13-1.fc24.x86_64 (unknown) Upgrade 3.4.14-1.fc24.i686 @updates Upgrade 3.4.14-1.fc24.x86_64 @updates Upgraded gnutls-dane-3.4.13-1.fc24.x86_64 (unknown) Upgrade 3.4.14-1.fc24.x86_64 @updates Upgraded gnutls-utils-3.4.13-1.fc24.x86_64 (unknown) Upgrade 3.4.14-1.fc24.x86_64 @updates Upgraded gspell-1.0.2-1.fc24.x86_64 (unknown) Upgrade 1.0.3-1.fc24.x86_64 @updates Upgraded httpd-2.4.18-2.fc24.x86_64 @koji-override-1 Upgrade 2.4.23-3.fc24.x86_64 @updates Upgraded httpd-filesystem-2.4.18-2.fc24.noarch @koji-override-1 Upgrade 2.4.23-3.fc24.noarch @updates Upgraded httpd-tools-2.4.18-2.fc24.x86_64 @koji-override-1 Upgrade 2.4.23-3.fc24.x86_64 @updates Upgraded ibus-typing-booster-1.4.6-1.fc24.noarch (unknown) Upgrade 1.4.7-1.fc24.noarch @updates Upgraded libdfu-0.7.2-1.fc24.x86_64 (unknown) Upgrade 0.7.2-2.fc24.x86_64 @updates Upgrade libgphoto2-2.5.10-1.fc24.i686 @updates Upgrade libgphoto2-2.5.10-1.fc24.x86_64 @updates Upgraded libgphoto2-2.5.8-2.fc24.i686 @fedora Upgraded libgphoto2-2.5.8-2.fc24.x86_64 @koji-override-1 Upgraded libhif-0.2.2-4.fc24.x86_64 @koji-override-1 Upgrade 0.2.3-1.fc24.x86_64 @updates Upgraded libmnl-1.0.3-11.fc24.x86_64 @koji-override-1 Upgrade 1.0.4-1.fc24.x86_64 @updates Upgraded libnl3-3.2.28-0.1.fc24.x86_64 (unknown) Upgrade 3.2.28-1.fc24.x86_64 @updates Upgraded libnl3-cli-3.2.28-0.1.fc24.x86_64 (unknown) Upgrade 3.2.28-1.fc24.x86_64 @updates Upgraded libnl3-devel-3.2.28-0.1.fc24.x86_64 (unknown) Upgrade 3.2.28-1.fc24.x86_64 @updates Install libpskc-2.6.1-2.fc24.x86_64 @fedora Upgraded libselinux-2.5-3.fc24.i686 @fedora Upgraded libselinux-2.5-3.fc24.x86_64 @koji-override-1 Upgrade 2.5-9.fc24.i686 @updates Upgrade 2.5-9.fc24.x86_64 @updates Upgraded libselinux-devel-2.5-3.fc24.x86_64 @fedora Upgrade 2.5-9.fc24.x86_64 @updates Upgraded libselinux-python3-2.5-3.fc24.x86_64 @koji-override-1 Upgrade 2.5-9.fc24.x86_64 @updates Upgraded libselinux-utils-2.5-3.fc24.x86_64 @koji-override-1 Upgrade 2.5-9.fc24.x86_64 @updates Upgraded libsemanage-2.5-2.fc24.x86_64 @koji-override-1 Upgrade 2.5-5.fc24.x86_64 @updates Upgraded libsemanage-devel-2.5-2.fc24.x86_64 @fedora Upgrade 2.5-5.fc24.x86_64 @updates Upgraded libsemanage-python3-2.5-2.fc24.x86_64 @koji-override-1 Upgrade 2.5-5.fc24.x86_64 @updates Upgraded libsepol-2.5-3.fc24.i686 @fedora Upgraded libsepol-2.5-3.fc24.x86_64 @koji-override-1 Upgrade 2.5-8.fc24.i686 @updates Upgrade 2.5-8.fc24.x86_64 @updates Upgraded libsepol-devel-2.5-3.fc24.x86_64 @fedora Upgrade 2.5-8.fc24.x86_64 @updates Upgraded libtasn1-4.8-1.fc24.i686 @fedora Upgraded libtasn1-4.8-1.fc24.x86_64 @koji-override-1 Upgrade 4.8-2.fc24.i686 @updates Upgrade 4.8-2.fc24.x86_64 @updates Upgraded mesa-dri-drivers-11.2.2-2.20160614.fc24.i686 @updates Upgraded mesa-dri-drivers-11.2.2-2.20160614.fc24.x86_64 (unknown) Upgrade 12.0.1-1.fc24.i686 @updates Upgrade 12.0.1-1.fc24.x86_64 @updates Upgraded mesa-filesystem-11.2.2-2.20160614.fc24.i686 @updates Upgraded mesa-filesystem-11.2.2-2.20160614.fc24.x86_64 (unknown) Upgrade 12.0.1-1.fc24.i686 @updates Upgrade 12.0.1-1.fc24.x86_64 @updates Upgraded mesa-libEGL-11.2.2-2.20160614.fc24.i686 @updates Upgraded mesa-libEGL-11.2.2-2.20160614.fc24.x86_64 (unknown) Upgrade 12.0.1-1.fc24.i686 @updates Upgrade 12.0.1-1.fc24.x86_64 @updates Upgraded mesa-libGL-11.2.2-2.20160614.fc24.i686 @updates Upgraded mesa-libGL-11.2.2-2.20160614.fc24.x86_64 (unknown) Upgrade 12.0.1-1.fc24.i686 @updates Upgrade 12.0.1-1.fc24.x86_64 @updates Upgraded mesa-libOSMesa-11.2.2-2.20160614.fc24.i686 @updates Upgraded mesa-libOSMesa-11.2.2-2.20160614.fc24.x86_64 @updates Upgrade 12.0.1-1.fc24.i686 @updates Upgrade 12.0.1-1.fc24.x86_64 @updates Upgraded mesa-libOpenCL-11.2.2-2.20160614.fc24.i686 @updates Upgraded mesa-libOpenCL-11.2.2-2.20160614.fc24.x86_64 @updates Upgrade 12.0.1-1.fc24.i686 @updates Upgrade 12.0.1-1.fc24.x86_64 @updates Upgraded mesa-libgbm-11.2.2-2.20160614.fc24.i686 @updates Upgraded mesa-libgbm-11.2.2-2.20160614.fc24.x86_64 (unknown) Upgrade 12.0.1-1.fc24.i686 @updates Upgrade 12.0.1-1.fc24.x86_64 @updates Upgraded mesa-libglapi-11.2.2-2.20160614.fc24.i686 @updates Upgraded mesa-libglapi-11.2.2-2.20160614.fc24.x86_64 (unknown) Upgrade 12.0.1-1.fc24.i686 @updates Upgrade 12.0.1-1.fc24.x86_64 @updates Upgraded mesa-libwayland-egl-11.2.2-2.20160614.fc24.i686 @updates Upgraded mesa-libwayland-egl-11.2.2-2.20160614.fc24.x86_64 (unknown) Upgrade 12.0.1-1.fc24.i686 @updates Upgrade 12.0.1-1.fc24.x86_64 @updates Upgraded mesa-libxatracker-11.2.2-2.20160614.fc24.x86_64 (unknown) Upgrade 12.0.1-1.fc24.x86_64 @updates Upgraded openconnect-7.06-4.fc24.x86_64 @koji-override-1 Upgrade 7.07-2.fc24.x86_64 @updates Upgraded openjpeg2-2.1.0-8.fc24.x86_64 @koji-override-1 Upgrade 2.1.1-1.fc24.x86_64 @updates Upgraded ostree-2016.6-1.fc24.x86_64 @updates Upgrade 2016.7-1.fc24.x86_64 @updates Upgraded perl-Errno-1.23-360.fc24.x86_64 (unknown) Upgrade 1.23-361.fc24.x86_64 @updates Upgraded perl-Git-2.7.4-1.fc24.noarch @koji-override-1 Upgrade 2.7.4-2.fc24.noarch @updates Upgraded perl-IO-1.35-360.fc24.x86_64 (unknown) Upgrade 1.35-361.fc24.x86_64 @updates Upgraded perl-Math-Complex-1.59-360.fc24.noarch (unknown) Upgrade 1.59-361.fc24.noarch @updates Upgraded perl-Net-Ping-2.43-360.fc24.noarch (unknown) Upgrade 2.43-361.fc24.noarch @updates Upgraded perl-Pod-Html-1.22-360.fc24.noarch (unknown) Upgrade 1.22-361.fc24.noarch @updates Upgraded perl-generators-1.09-1.fc24.noarch (unknown) Upgrade 1.10-1.fc24.noarch @updates Upgrade policycoreutils-2.5-12.fc24.x86_64 @updates Upgraded policycoreutils-2.5-5.fc24.x86_64 @koji-override-1 Upgrade policycoreutils-python-utils-2.5-12.fc24.x86_64 @updates Upgraded policycoreutils-python-utils-2.5-5.fc24.x86_64 @koji-override-1 Upgrade policycoreutils-python3-2.5-12.fc24.x86_64 @updates Upgraded policycoreutils-python3-2.5-5.fc24.x86_64 @koji-override-1 Upgraded poppler-0.41.0-1.fc24.x86_64 @koji-override-1 Upgrade 0.41.0-2.fc24.x86_64 @updates Upgraded poppler-glib-0.41.0-1.fc24.x86_64 @koji-override-1 Upgrade 0.41.0-2.fc24.x86_64 @updates Upgraded poppler-utils-0.41.0-1.fc24.x86_64 @koji-override-1 Upgrade 0.41.0-2.fc24.x86_64 @updates Upgraded pycharm-community-2016.1.4-4.fc24.x86_64 @phracek-PyCharm Upgrade 2016.1.4-6.fc24.x86_64 @phracek-PyCharm Upgraded python-2.7.11-6.fc24.x86_64 (unknown) Upgrade 2.7.11-8.fc24.x86_64 @updates Upgraded python-devel-2.7.11-6.fc24.x86_64 (unknown) Upgrade 2.7.11-8.fc24.x86_64 @updates Upgraded python-libs-2.7.11-6.fc24.x86_64 (unknown) Upgrade 2.7.11-8.fc24.x86_64 @updates Upgraded python-perf-4.6.3-300.fc24.x86_64 @updates Upgrade 4.6.4-301.fc24.x86_64 @updates Upgraded python-pycparser-2.14-5.fc24.noarch @fedora Upgrade 2.14-6.fc24.noarch @updates Upgraded python2-pysocks-1.5.6-3.fc24.noarch @fedora Upgrade 1.5.6-4.fc24.noarch @updates Upgrade python3-3.5.1-12.fc24.x86_64 @updates Upgraded python3-3.5.1-9.fc24.x86_64 (unknown) Upgrade python3-devel-3.5.1-12.fc24.x86_64 @updates Upgraded python3-devel-3.5.1-9.fc24.x86_64 (unknown) Upgraded python3-firewall-0.4.3.1-2.fc24.noarch (unknown) Upgrade 0.4.3.2-1.fc24.noarch @updates Upgrade python3-libs-3.5.1-12.fc24.x86_64 @updates Upgraded python3-libs-3.5.1-9.fc24.x86_64 (unknown) Upgraded python3-pysocks-1.5.6-3.fc24.noarch @koji-override-1 Upgrade 1.5.6-4.fc24.noarch @updates Upgraded qgnomeplatform-0.2-5.20160621git.fc24.x86_64 (unknown) Upgrade 0.2-6.20160621git.fc24.x86_64 @updates Upgraded qt-settings-24-6.fc24.noarch @koji-override-1 Upgrade 24-7.fc24.noarch @updates Upgraded qt5-qtbase-5.6.0-21.fc24.x86_64 (unknown) Upgrade 5.6.1-3.fc24.x86_64 @updates Upgraded qt5-qtbase-common-5.6.0-21.fc24.noarch (unknown) Upgrade 5.6.1-3.fc24.noarch @updates Upgraded qt5-qtbase-gui-5.6.0-21.fc24.x86_64 (unknown) Upgrade 5.6.1-3.fc24.x86_64 @updates Upgraded qt5-qtdeclarative-5.6.0-11.fc24.x86_64 @fedora Upgrade 5.6.1-5.fc24.x86_64 @updates Upgraded qt5-qtx11extras-5.6.0-3.fc24.x86_64 @fedora Upgrade 5.6.1-2.fc24.x86_64 @updates Upgraded qt5-qtxmlpatterns-5.6.0-4.fc24.x86_64 @koji-override-1 Upgrade 5.6.1-1.fc24.x86_64 @updates Upgraded rpm-ostree-2015.11-2.fc24.x86_64 @fedora Upgrade 2016.4-2.fc24.x86_64 @updates Upgraded rpmlint-1.8-7.fc24.noarch (unknown) Upgrade 1.9-1.fc24.noarch @updates Upgrade selinux-policy-3.13.1-191.5.fc24.noarch @updates Upgraded selinux-policy-3.13.1-191.fc24.3.noarch (unknown) Upgrade selinux-policy-targeted-3.13.1-191.5.fc24.noarch @updates Upgraded selinux-policy-targeted-3.13.1-191.fc24.3.noarch (unknown) Upgrade setroubleshoot-3.3.10-1.fc24.x86_64 @updates Upgraded setroubleshoot-3.3.9.1-1.fc24.x86_64 (unknown) Upgrade setroubleshoot-server-3.3.10-1.fc24.x86_64 @updates Upgraded setroubleshoot-server-3.3.9.1-1.fc24.x86_64 (unknown) Upgraded spice-glib-0.32-1.fc24.x86_64 (unknown) Upgrade 0.32-2.fc24.x86_64 @updates Upgraded spice-gtk3-0.32-1.fc24.x86_64 (unknown) Upgrade 0.32-2.fc24.x86_64 @updates Upgraded spice-server-0.12.7-2.fc24.x86_64 @koji-override-1 Upgrade 0.12.8-1.fc24.x86_64 @updates Upgraded sqlite-3.12.2-1.fc24.i686 (unknown) Upgraded sqlite-3.12.2-1.fc24.x86_64 (unknown) Upgrade 3.13.0-1.fc24.i686 @updates Upgrade 3.13.0-1.fc24.x86_64 @updates Upgraded sqlite-libs-3.12.2-1.fc24.i686 (unknown) Upgraded sqlite-libs-3.12.2-1.fc24.x86_64 (unknown) Upgrade 3.13.0-1.fc24.i686 @updates Upgrade 3.13.0-1.fc24.x86_64 @updates Upgrade system-python-libs-3.5.1-12.fc24.x86_64 @updates Upgraded system-python-libs-3.5.1-9.fc24.x86_64 (unknown) Upgraded tzdata-2016e-1.fc24.noarch (unknown) Upgrade 2016f-1.fc24.noarch @updates Upgraded tzdata-java-2016e-1.fc24.noarch (unknown) Upgrade 2016f-1.fc24.noarch @updates Upgraded unzip-6.0-29.fc24.x86_64 (unknown) Upgrade 6.0-30.fc24.x86_64 @updates Upgraded vscode-1.2.1-1.fc24.x86_64 (unknown) Upgrade 1.3.1-1.fc24.x86_64 @mosquito-vscode Upgraded xen-libs-4.6.3-1.fc24.x86_64 (unknown) Upgrade 4.6.3-2.fc24.x86_64 @updates Upgraded xen-licenses-4.6.3-1.fc24.x86_64 (unknown) Upgrade 4.6.3-2.fc24.x86_64 @updates Install xmlsec1-1.2.20-3.fc24.x86_64 @fedora Upgraded xorg-x11-drv-openchrome-0.4.0-1.fc24.x86_64 @koji-override-1 Upgrade 0.5.0-1.fc24.x86_64 @updates Upgraded xorg-x11-server-Xorg-1.18.3-5.fc24.x86_64 (unknown) Upgrade 1.18.3-6.fc24.x86_64 @updates Upgraded xorg-x11-server-Xwayland-1.18.3-5.fc24.x86_64 (unknown) Upgrade 1.18.3-6.fc24.x86_64 @updates Upgraded xorg-x11-server-common-1.18.3-5.fc24.x86_64 (unknown) Upgrade 1.18.3-6.fc24.x86_64 @updates Upgraded autocorr-en-1:5.1.4.2-4.fc24.noarch (unknown) Upgrade 1:5.1.5.1-1.fc24.noarch @updates Upgraded emacs-filesystem-1:25.0.94-1.fc24.noarch @koji-override-1 Upgrade 1:25.0.95-2.fc24.noarch @updates Upgraded java-1.8.0-openjdk-1:1.8.0.92-3.b14.fc24.x86_64 (unknown) Upgrade 1:1.8.0.92-5.b14.fc24.x86_64 @updates Upgraded java-1.8.0-openjdk-headless-1:1.8.0.92-3.b14.fc24.x86_64 (unknown) Upgrade 1:1.8.0.92-5.b14.fc24.x86_64 @updates Upgraded libreoffice-calc-1:5.1.4.2-4.fc24.x86_64 (unknown) Upgrade 1:5.1.5.1-1.fc24.x86_64 @updates Upgraded libreoffice-core-1:5.1.4.2-4.fc24.x86_64 (unknown) Upgrade 1:5.1.5.1-1.fc24.x86_64 @updates Upgraded libreoffice-data-1:5.1.4.2-4.fc24.noarch (unknown) Upgrade 1:5.1.5.1-1.fc24.noarch @updates Upgraded libreoffice-draw-1:5.1.4.2-4.fc24.x86_64 (unknown) Upgrade 1:5.1.5.1-1.fc24.x86_64 @updates Upgraded libreoffice-emailmerge-1:5.1.4.2-4.fc24.x86_64 (unknown) Upgrade 1:5.1.5.1-1.fc24.x86_64 @updates Upgraded libreoffice-filters-1:5.1.4.2-4.fc24.x86_64 (unknown) Upgrade 1:5.1.5.1-1.fc24.x86_64 @updates Upgraded libreoffice-graphicfilter-1:5.1.4.2-4.fc24.x86_64 (unknown) Upgrade 1:5.1.5.1-1.fc24.x86_64 @updates Upgraded libreoffice-gtk2-1:5.1.4.2-4.fc24.x86_64 (unknown) Upgrade 1:5.1.5.1-1.fc24.x86_64 @updates Upgraded libreoffice-gtk3-1:5.1.4.2-4.fc24.x86_64 (unknown) Upgrade 1:5.1.5.1-1.fc24.x86_64 @updates Upgraded libreoffice-impress-1:5.1.4.2-4.fc24.x86_64 (unknown) Upgrade 1:5.1.5.1-1.fc24.x86_64 @updates Upgraded libreoffice-langpack-en-1:5.1.4.2-4.fc24.x86_64 (unknown) Upgrade 1:5.1.5.1-1.fc24.x86_64 @updates Upgraded libreoffice-math-1:5.1.4.2-4.fc24.x86_64 (unknown) Upgrade 1:5.1.5.1-1.fc24.x86_64 @updates Upgraded libreoffice-ogltrans-1:5.1.4.2-4.fc24.x86_64 (unknown) Upgrade 1:5.1.5.1-1.fc24.x86_64 @updates Upgraded libreoffice-opensymbol-fonts-1:5.1.4.2-4.fc24.noarch (unknown) Upgrade 1:5.1.5.1-1.fc24.noarch @updates Upgraded libreoffice-pdfimport-1:5.1.4.2-4.fc24.x86_64 (unknown) Upgrade 1:5.1.5.1-1.fc24.x86_64 @updates Upgraded libreoffice-pyuno-1:5.1.4.2-4.fc24.x86_64 (unknown) Upgrade 1:5.1.5.1-1.fc24.x86_64 @updates Upgraded libreoffice-ure-1:5.1.4.2-4.fc24.x86_64 (unknown) Upgrade 1:5.1.5.1-1.fc24.x86_64 @updates Upgraded libreoffice-writer-1:5.1.4.2-4.fc24.x86_64 (unknown) Upgrade 1:5.1.5.1-1.fc24.x86_64 @updates Upgraded libreoffice-x11-1:5.1.4.2-4.fc24.x86_64 (unknown) Upgrade 1:5.1.5.1-1.fc24.x86_64 @updates Upgraded libreoffice-xsltfilter-1:5.1.4.2-4.fc24.x86_64 (unknown) Upgrade 1:5.1.5.1-1.fc24.x86_64 @updates Upgraded libreofficekit-1:5.1.4.2-4.fc24.x86_64 (unknown) Upgrade 1:5.1.5.1-1.fc24.x86_64 @updates Upgraded mod_ssl-1:2.4.18-2.fc24.x86_64 @fedora Upgrade 1:2.4.23-3.fc24.x86_64 @updates Upgraded perl-IO-Zlib-1:1.10-360.fc24.noarch (unknown) Upgrade 1:1.10-361.fc24.noarch @updates Upgraded perl-Locale-Maketext-Simple-1:0.21-360.fc24.noarch (unknown) Upgrade 1:0.21-361.fc24.noarch @updates Upgraded docker-2:1.10.3-21.git19b5791.fc24.x86_64 (unknown) Upgrade 2:1.10.3-24.git29066b4.fc24.x86_64 @updates Upgraded docker-selinux-2:1.10.3-21.git19b5791.fc24.x86_64 (unknown) Upgrade 2:1.10.3-24.git29066b4.fc24.x86_64 @updates Upgraded docker-v1.10-migrator-2:1.10.3-21.git19b5791.fc24.x86_64 (unknown) Upgrade 2:1.10.3-24.git29066b4.fc24.x86_64 @updates Upgraded libsmbclient-2:4.4.4-3.fc24.x86_64 (unknown) Upgrade 2:4.4.5-1.fc24.x86_64 @updates Upgraded libsmbclient-devel-2:4.4.4-3.fc24.x86_64 (unknown) Upgrade 2:4.4.5-1.fc24.x86_64 @updates Upgraded libwbclient-2:4.4.4-3.fc24.x86_64 (unknown) Upgrade 2:4.4.5-1.fc24.x86_64 @updates Upgraded qemu-common-2:2.6.0-4.fc24.x86_64 (unknown) Upgrade 2:2.6.0-5.fc24.x86_64 @updates Upgraded qemu-guest-agent-2:2.6.0-4.fc24.x86_64 (unknown) Upgrade 2:2.6.0-5.fc24.x86_64 @updates Upgraded qemu-img-2:2.6.0-4.fc24.x86_64 (unknown) Upgrade 2:2.6.0-5.fc24.x86_64 @updates Upgraded qemu-kvm-2:2.6.0-4.fc24.x86_64 (unknown) Upgrade 2:2.6.0-5.fc24.x86_64 @updates Upgraded qemu-system-x86-2:2.6.0-4.fc24.x86_64 (unknown) Upgrade 2:2.6.0-5.fc24.x86_64 @updates Upgraded samba-client-2:4.4.4-3.fc24.x86_64 (unknown) Upgrade 2:4.4.5-1.fc24.x86_64 @updates Upgraded samba-client-libs-2:4.4.4-3.fc24.x86_64 (unknown) Upgrade 2:4.4.5-1.fc24.x86_64 @updates Upgraded samba-common-2:4.4.4-3.fc24.noarch (unknown) Upgrade 2:4.4.5-1.fc24.noarch @updates Upgraded samba-common-libs-2:4.4.4-3.fc24.x86_64 (unknown) Upgrade 2:4.4.5-1.fc24.x86_64 @updates Upgraded samba-common-tools-2:4.4.4-3.fc24.x86_64 (unknown) Upgrade 2:4.4.5-1.fc24.x86_64 @updates Upgraded samba-devel-2:4.4.4-3.fc24.x86_64 (unknown) Upgrade 2:4.4.5-1.fc24.x86_64 @updates Upgraded samba-libs-2:4.4.4-3.fc24.x86_64 (unknown) Upgrade 2:4.4.5-1.fc24.x86_64 @updates Upgraded samba-winbind-2:4.4.4-3.fc24.x86_64 (unknown) Upgrade 2:4.4.5-1.fc24.x86_64 @updates Upgraded samba-winbind-clients-2:4.4.4-3.fc24.x86_64 (unknown) Upgrade 2:4.4.5-1.fc24.x86_64 @updates Upgraded samba-winbind-modules-2:4.4.4-3.fc24.x86_64 (unknown) Upgrade 2:4.4.5-1.fc24.x86_64 @updates Upgraded perl-4:5.22.2-360.fc24.x86_64 (unknown) Upgrade 4:5.22.2-361.fc24.x86_64 @updates Upgraded perl-devel-4:5.22.2-360.fc24.x86_64 (unknown) Upgrade 4:5.22.2-361.fc24.x86_64 @updates Upgraded perl-libs-4:5.22.2-360.fc24.x86_64 (unknown) Upgrade 4:5.22.2-361.fc24.x86_64 @updates Upgraded perl-macros-4:5.22.2-360.fc24.x86_64 (unknown) Upgrade 4:5.22.2-361.fc24.x86_64 @updates Version-Release number of selected component: selinux-policy-3.13.1-191.5.fc24.noarch Additional info: reporter: libreport-2.7.1 hashmarkername: setroubleshoot kernel: 4.6.3-300.fc24.x86_64 reproducible: Not sure how to reproduce the problem type: libreport
Description of problem: I was watching streaming video in the Chrome browser, and I clicked a button in the video panel to go full screen. This error popped up. Also the video failed to go full screen. Instead the browser title bar and tab bar still appeared at the top of the screen. Version-Release number of selected component: selinux-policy-3.13.1-191.5.fc24.noarch Additional info: reporter: libreport-2.7.2 hashmarkername: setroubleshoot kernel: 4.6.4-301.fc24.x86_64 type: libreport
Just started happening to me today after first reboot of DNF update earlier today 7/23 --------------------- SELinux is preventing (uetoothd) from mounton access on the directory /etc. ***** Plugin catchall_labels (83.8 confidence) suggests ******************* If you want to allow (uetoothd) to have mounton access on the etc directory Then you need to change the label on /etc Do # semanage fcontext -a -t FILE_TYPE '/etc' where FILE_TYPE is one of the following: admin_home_t, anon_inodefs_t, audit_spool_t, auditd_log_t, autofs_t, automount_tmp_t, bacula_store_t, binfmt_misc_fs_t, boot_t, capifs_t, cephfs_t, cgroup_t, cifs_t, container_image_t, debugfs_t, default_t, device_t, devpts_t, dnssec_t, dosfs_t, ecryptfs_t, efivarfs_t, fusefs_t, home_root_t, hugetlbfs_t, ifconfig_var_run_t, init_var_run_t, initrc_tmp_t, iso9660_t, kdbusfs_t, mail_spool_t, mnt_t, mqueue_spool_t, named_conf_t, news_spool_t, nfs_t, nfsd_fs_t, onload_fs_t, openshift_tmp_t, openshift_var_lib_t, oracleasmfs_t, proc_t, proc_xen_t, pstore_t, public_content_rw_t, public_content_t, ramfs_t, random_seed_t, removable_t, root_t, rpc_pipefs_t, security_t, spufs_t, src_t, svirt_sandbox_file_t, sysctl_fs_t, sysctl_t, sysfs_t, sysv_t, tmp_t, tmpfs_t, usbfs_t, user_home_dir_t, user_home_t, user_tmp_t, usr_t, var_lib_nfs_t, var_lib_t, var_lock_t, var_log_t, var_run_t, var_t, virt_image_t, virt_var_lib_t, vmblock_t, vxfs_t, xend_var_lib_t, xend_var_run_t, xenfs_t, xenstored_var_lib_t. Then execute: restorecon -v '/etc' ***** Plugin catchall (17.1 confidence) suggests ************************** If you believe that (uetoothd) should be allowed mounton access on the etc directory by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # ausearch -c '(uetoothd)' --raw | audit2allow -M my-uetoothd # semodule -X 300 -i my-uetoothd.pp Additional Information: Source Context system_u:system_r:init_t:s0 Target Context system_u:object_r:etc_t:s0 Target Objects /etc [ dir ] Source (uetoothd) Source Path (uetoothd) Port <Unknown> Host saturn Source RPM Packages Target RPM Packages filesystem-3.2-37.fc24.x86_64 Policy RPM selinux-policy-3.13.1-191.5.fc24.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name saturn Platform Linux saturn 4.5.7-200.fc23.x86_64 #1 SMP Wed Jun 8 17:41:50 UTC 2016 x86_64 x86_64 Alert Count 3 First Seen 2016-07-20 11:34:36 EDT Last Seen 2016-07-23 18:07:18 EDT Local ID f309ecb6-ab1e-420e-ad95-688a4a377567 Raw Audit Messages type=AVC msg=audit(1469311638.143:237): avc: denied { mounton } for pid=1916 comm="(uetoothd)" path="/etc" dev="dm-1" ino=1966081 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:etc_t:s0 tclass=dir permissive=0 Hash: (uetoothd),init_t,etc_t,dir,mounton
Description of problem: On boot the SELinux Alert Browser presented a notification that uetoothd requested access to etc. Version-Release number of selected component: selinux-policy-3.13.1-191.5.fc24.noarch Additional info: reporter: libreport-2.7.2 hashmarkername: setroubleshoot kernel: 4.6.4-301.fc24.x86_64 type: libreport
Same here, could anybody get this fixed? It shouldn't be hard but is a great issue for bluetooth users.
Just to reiterate my earlier comment #17, this isn't affecting just "bluetooth users". The bug will trigger an SELinux alert with *any* systemd unit with ProtectSystem=full (I erroneously said ProtectSystem=yes before; only "full" tries to remount /etc read-only) -- that includes: * most of the systemd-*.service units (I first hit the bug with systemd-resolved.service; see also bug 1325494 and bug 1355593 and bug 1359446); * dovecot.service (another one I hit); * amavisd.service (see bug 1358805). Probably others too -- I'm actually surprised there haven't been more tickets about this problem.
Description of problem: Another selinux alert I received, related to bluez I believe. Version-Release number of selected component: selinux-policy-3.13.1-191.5.fc24.noarch Additional info: reporter: libreport-2.7.2 hashmarkername: setroubleshoot kernel: 4.6.4-301.fc24.x86_64 type: libreport
Throw into the mix I have what seems to be the same issue from another direction. I have an older laptop that does not have builtin bluetooth. After upgrading from FC22 to FC24, inserting the usb bluetooth adapter gets: The source process: (uetoothd) Attempted this access: mounton On this directory: /etc I can successfully connect to my phone, but sharing pictures from the phone to the laptop over bluetooth fails. Environment: uname -a Linux caracal 4.6.4-301.fc24.x86_64 #1 SMP Tue Jul 12 11:50:00 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux Latest dnf updates as of 2016/07/25 14:28 MDT To try digging some more details, I rebooted and ran journalctl -f while walking through attempting to connect to and copy a picture from my phone. The initial errors occur when the usb bluetooth adapter is plugged in. Steps: * reboot * bash shell * atom /tmp/offline * journalctl -f * insert usb bluetooth adapter # first journal entries * Settings » Bluetooth # more journal entries * Turn off airplane mode # more journal entries * phone: bluetooth on * caracal.felina: connect # more journal entries * phone: gallery » image » share » bluetooth # file does not copy * phone: bluetooth off * settings » Bluetooth » off * remove usb Bluetooth adapter journalctl output: Jul 25 13:48:08 caracal kernel: usb 5-2: new full-speed USB device number 2 using uhci_hcd Jul 25 13:48:09 caracal kernel: usb 5-2: New USB device found, idVendor=0a5c, idProduct=2101 Jul 25 13:48:09 caracal kernel: usb 5-2: New USB device strings: Mfr=1, Product=2, SerialNumber=3 Jul 25 13:48:09 caracal kernel: usb 5-2: Product: BCM2045A Jul 25 13:48:09 caracal kernel: usb 5-2: Manufacturer: Broadcom Corp Jul 25 13:48:09 caracal kernel: usb 5-2: SerialNumber: 000272148454 Jul 25 13:48:09 caracal org.freedesktop.fwupd[850]: (fwupd:1961): libdfu-WARNING **: interface found, but not interface data Jul 25 13:48:09 caracal kernel: Bluetooth: Core ver 2.21 Jul 25 13:48:09 caracal kernel: NET: Registered protocol family 31 Jul 25 13:48:09 caracal kernel: Bluetooth: HCI device and connection manager initialized Jul 25 13:48:09 caracal kernel: Bluetooth: HCI socket layer initialized Jul 25 13:48:09 caracal kernel: Bluetooth: L2CAP socket layer initialized Jul 25 13:48:09 caracal kernel: Bluetooth: SCO socket layer initialized Jul 25 13:48:09 caracal kernel: usbcore: registered new interface driver btusb Jul 25 13:48:09 caracal systemd[1]: Starting Load/Save RF Kill Switch Status... Jul 25 13:48:09 caracal systemd[1]: Started Load/Save RF Kill Switch Status. Jul 25 13:48:09 caracal audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-rfkill comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' Jul 25 13:48:09 caracal systemd[1]: Starting Bluetooth service... Jul 25 13:48:10 caracal audit[3317]: AVC avc: denied { mounton } for pid=3317 comm="(uetoothd)" path="/etc" dev="dm-1" ino=2752513 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:etc_t:s0 tclass=dir permissive=0 Jul 25 13:48:10 caracal bluetoothd[3317]: Bluetooth daemon 5.40 Jul 25 13:48:10 caracal systemd[1]: Started Bluetooth service. Jul 25 13:48:10 caracal audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=bluetooth comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' Jul 25 13:48:10 caracal systemd[1]: Reached target Bluetooth. Jul 25 13:48:10 caracal bluetoothd[3317]: Starting SDP server Jul 25 13:48:10 caracal kernel: Bluetooth: BNEP (Ethernet Emulation) ver 1.3 Jul 25 13:48:10 caracal kernel: Bluetooth: BNEP filters: protocol multicast Jul 25 13:48:10 caracal kernel: Bluetooth: BNEP socket layer initialized Jul 25 13:48:10 caracal bluetoothd[3317]: Bluetooth management interface 1.12 initialized Jul 25 13:48:10 caracal bluetoothd[3317]: Failed to obtain handles for "Service Changed" characteristic Jul 25 13:48:10 caracal dbus[850]: [system] Activating via systemd: service name='org.freedesktop.hostname1' unit='dbus-org.freedesktop.hostname1.service' Jul 25 13:48:10 caracal NetworkManager[969]: <info> [1469476090.4137] bluez: use BlueZ version 5 Jul 25 13:48:10 caracal systemd[1]: Starting Hostname Service... Jul 25 13:48:10 caracal bluetoothd[3317]: Failed to set mode: Blocked through rfkill (0x12) Jul 25 13:48:10 caracal bluetoothd[3317]: Endpoint registered: sender=:1.52 path=/MediaEndpoint/A2DPSource Jul 25 13:48:10 caracal bluetoothd[3317]: Endpoint registered: sender=:1.52 path=/MediaEndpoint/A2DPSink Jul 25 13:48:10 caracal kernel: Bluetooth: RFCOMM TTY layer initialized Jul 25 13:48:10 caracal kernel: Bluetooth: RFCOMM socket layer initialized Jul 25 13:48:10 caracal kernel: Bluetooth: RFCOMM ver 1.11 Jul 25 13:48:10 caracal audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-hostnamed comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' Jul 25 13:48:10 caracal systemd[1]: Started Hostname Service. Jul 25 13:48:10 caracal bluetoothd[3317]: Failed to set mode: Blocked through rfkill (0x12) Jul 25 13:48:10 caracal bluetoothd[3317]: Failed to set mode: Blocked through rfkill (0x12) Jul 25 13:48:10 caracal dbus[850]: [system] Successfully activated service 'org.freedesktop.hostname1' Jul 25 13:48:13 caracal dbus[850]: [system] Activating service name='org.fedoraproject.Setroubleshootd' (using servicehelper) Jul 25 13:48:14 caracal audit[1]: SERVICE_STOP pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-rfkill comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' Jul 25 13:48:17 caracal dbus[850]: [system] Successfully activated service 'org.fedoraproject.Setroubleshootd' Jul 25 13:48:19 caracal setroubleshoot[3327]: SELinux is preventing (uetoothd) from mounton access on the directory /etc. For complete SELinux messages. run sealert -l 751c8204-e0c5-400b-8bfd-fae2417444fd Jul 25 13:48:19 caracal python3[3327]: SELinux is preventing (uetoothd) from mounton access on the directory /etc. ***** Plugin catchall_labels (83.8 confidence) suggests ******************* If you want to allow (uetoothd) to have mounton access on the etc directory Then you need to change the label on /etc Do # semanage fcontext -a -t FILE_TYPE '/etc' where FILE_TYPE is one of the following: admin_home_t, anon_inodefs_t, audit_spool_t, auditd_log_t, autofs_t, automount_tmp_t, bacula_store_t, binfmt_misc_fs_t, boot_t, capifs_t, cephfs_t, cgroup_t, cifs_t, container_image_t, debugfs_t, default_t, device_t, devpts_t, dnssec_t, dosfs_t, ecryptfs_t, efivarfs_t, fusefs_t, home_root_t, hugetlbfs_t, ifconfig_var_run_t, init_var_run_t, initrc_tmp_t, iso9660_t, kdbusfs_t, mail_spool_t, mnt_t, mqueue_spool_t, named_conf_t, news_spool_t, nfs_t, nfsd_fs_t, onload_fs_t, openshift_tmp_t, openshift_var_lib_t, oracleasmfs_t, proc_t, proc_xen_t, pstore_t, public_content_rw_t, public_content_t, ramfs_t, random_seed_t, removable_t, root_t, rpc_pipefs_t, security_t, spufs_t, src_t, svirt_sandbox_file_t, sysctl_fs_t, sysctl_t, sysfs_t, sysv_t, tmp_t, tmpfs_t, usbfs_t, user_home_dir_t, user_home_t, user_tmp_t, usr_t, var_lib_nfs_t, var_lib_t, var_lock_t, var_log_t, var_run_t, var_t, virt_image_t, virt_var_lib_t, vmblock_t, vxfs_t, xend_var_lib_t, xend_var_run_t, xenfs_t, xenstored_var_lib_t. Then execute: restorecon -v '/etc' ***** Plugin catchall (17.1 confidence) suggests ************************** If you believe that (uetoothd) should be allowed mounton access on the etc directory by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # ausearch -c '(uetoothd)' --raw | audit2allow -M my-uetoothd # semodule -X 300 -i my-uetoothd.pp Jul 25 13:48:40 caracal audit[1]: SERVICE_STOP pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-hostnamed comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' ############### Jul 25 13:55:33 caracal dbus-daemon[1591]: Activating via systemd: service name='org.bluez.obex' unit='dbus-org.bluez.obex.service' Jul 25 13:55:33 caracal dbus-daemon[1591]: Activation via systemd failed for unit 'dbus-org.bluez.obex.service': Unit dbus-org.bluez.obex.service not found. Jul 25 13:55:33 caracal bluetoothd[3317]: Failed to set mode: Blocked through rfkill (0x12) Jul 25 13:55:50 caracal dhclient[1170]: DHCPREQUEST on enp4s0 to 192.168.1.1 port 67 (xid=0x65bcd110) Jul 25 13:55:51 caracal dhclient[1170]: DHCPACK from 192.168.1.1 (xid=0x65bcd110) Jul 25 13:55:51 caracal NetworkManager[969]: <info> [1469476551.6573] address 192.168.1.22 Jul 25 13:55:51 caracal NetworkManager[969]: <info> [1469476551.6580] plen 24 (255.255.255.0) Jul 25 13:55:51 caracal NetworkManager[969]: <info> [1469476551.6581] gateway 192.168.1.1 Jul 25 13:55:51 caracal NetworkManager[969]: <info> [1469476551.6581] server identifier 192.168.1.1 Jul 25 13:55:51 caracal NetworkManager[969]: <info> [1469476551.6581] lease time 3600 Jul 25 13:55:51 caracal NetworkManager[969]: <info> [1469476551.6582] nameserver '192.168.1.11' Jul 25 13:55:51 caracal NetworkManager[969]: <info> [1469476551.6582] nameserver '64.59.135.145' Jul 25 13:55:51 caracal NetworkManager[969]: <info> [1469476551.6582] domain name 'cg.shawcable.net' Jul 25 13:55:51 caracal NetworkManager[969]: <info> [1469476551.6583] dhcp4 (enp4s0): state changed bound -> bound Jul 25 13:55:51 caracal dbus[850]: [system] Activating via systemd: service name='org.freedesktop.nm_dispatcher' unit='dbus-org.freedesktop.nm-dispatcher.service' Jul 25 13:55:51 caracal dhclient[1170]: bound to 192.168.1.22 -- renewal in 1792 seconds. Jul 25 13:55:51 caracal systemd[1]: Starting Network Manager Script Dispatcher Service... Jul 25 13:55:51 caracal dbus[850]: [system] Successfully activated service 'org.freedesktop.nm_dispatcher' Jul 25 13:55:51 caracal audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=NetworkManager-dispatcher comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' Jul 25 13:55:51 caracal systemd[1]: Started Network Manager Script Dispatcher Service. Jul 25 13:55:51 caracal nm-dispatcher[3396]: req:1 'dhcp4-change' [enp4s0]: new request (6 scripts) Jul 25 13:55:51 caracal nm-dispatcher[3396]: req:1 'dhcp4-change' [enp4s0]: start running ordered scripts... ############### Jul 25 13:56:02 caracal audit[1]: SERVICE_STOP pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=NetworkManager-dispatcher comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' Jul 25 13:56:42 caracal systemd[1]: Starting Load/Save RF Kill Switch Status... Jul 25 13:56:42 caracal systemd[1]: Started Load/Save RF Kill Switch Status. Jul 25 13:56:42 caracal audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-rfkill comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' Jul 25 13:56:42 caracal NetworkManager[969]: <info> [1469476602.3461] audit: op="radio-control" arg="wwan-enabled:1" pid=1805 uid=1000 result="success" Jul 25 13:56:47 caracal audit[1]: SERVICE_STOP pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-rfkill comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' ############### Jul 25 13:59:42 caracal rtkit-daemon[872]: Supervising 6 threads of 2 processes of 2 users. Jul 25 13:59:42 caracal rtkit-daemon[872]: Successfully made thread 3444 of process 1684 (/usr/bin/pulseaudio) owned by '1000' RT at priority 5. Jul 25 13:59:42 caracal rtkit-daemon[872]: Supervising 7 threads of 2 processes of 2 users. Jul 25 13:59:46 caracal kernel: input: BC:E6:3F:BD:1B:77 as /devices/virtual/input/input13 Jul 25 13:59:46 caracal /usr/libexec/gdm-x-session[1563]: (II) config/udev: Adding input device BC:E6:3F:BD:1B:77 (/dev/input/event12) Jul 25 13:59:46 caracal /usr/libexec/gdm-x-session[1563]: (**) BC:E6:3F:BD:1B:77: Applying InputClass "evdev keyboard catchall" Jul 25 13:59:46 caracal /usr/libexec/gdm-x-session[1563]: (**) BC:E6:3F:BD:1B:77: Applying InputClass "libinput keyboard catchall" Jul 25 13:59:46 caracal /usr/libexec/gdm-x-session[1563]: (**) BC:E6:3F:BD:1B:77: Applying InputClass "system-keyboard" Jul 25 13:59:46 caracal /usr/libexec/gdm-x-session[1563]: (II) systemd-logind: got fd for /dev/input/event12 13:76 fd 37 paused 0 Jul 25 13:59:46 caracal /usr/libexec/gdm-x-session[1563]: (II) Using input driver 'libinput' for 'BC:E6:3F:BD:1B:77' Jul 25 13:59:46 caracal /usr/libexec/gdm-x-session[1563]: (**) BC:E6:3F:BD:1B:77: always reports core events Jul 25 13:59:46 caracal /usr/libexec/gdm-x-session[1563]: (**) Option "Device" "/dev/input/event12" Jul 25 13:59:46 caracal /usr/libexec/gdm-x-session[1563]: (**) Option "_source" "server/udev" Jul 25 13:59:46 caracal /usr/libexec/gdm-x-session[1563]: (II) input device 'BC:E6:3F:BD:1B:77', /dev/input/event12 is tagged by udev as: Keyboard Jul 25 13:59:46 caracal /usr/libexec/gdm-x-session[1563]: (II) input device 'BC:E6:3F:BD:1B:77', /dev/input/event12 is a keyboard Jul 25 13:59:46 caracal /usr/libexec/gdm-x-session[1563]: (**) Option "config_info" "udev:/sys/devices/virtual/input/input13/event12" Jul 25 13:59:46 caracal /usr/libexec/gdm-x-session[1563]: (II) XINPUT: Adding extended input device "BC:E6:3F:BD:1B:77" (type: KEYBOARD, id 15) Jul 25 13:59:46 caracal /usr/libexec/gdm-x-session[1563]: (**) Option "xkb_layout" "us,ca" Jul 25 13:59:46 caracal /usr/libexec/gdm-x-session[1563]: (**) Option "xkb_variant" ",multix" Jul 25 13:59:46 caracal /usr/libexec/gdm-x-session[1563]: (II) input device 'BC:E6:3F:BD:1B:77', /dev/input/event12 is tagged by udev as: Keyboard Jul 25 13:59:46 caracal /usr/libexec/gdm-x-session[1563]: (II) input device 'BC:E6:3F:BD:1B:77', /dev/input/event12 is a keyboard Jul 25 13:59:46 caracal /usr/libexec/gdm-x-session[1563]: The XKEYBOARD keymap compiler (xkbcomp) reports: Jul 25 13:59:46 caracal /usr/libexec/gdm-x-session[1563]: > Error: Key <MDSW> added to map for multiple modifiers Jul 25 13:59:46 caracal /usr/libexec/gdm-x-session[1563]: > Using Mod3, ignoring Mod5. Jul 25 13:59:46 caracal /usr/libexec/gdm-x-session[1563]: Errors from xkbcomp are not fatal to the X server ############### Jul 25 14:02:47 caracal bluetoothd[3317]: /org/bluez/hci0/dev_BC_E6_3F_BD_1B_77/fd0: fd(23) ready ############### Jul 25 14:07:22 caracal /usr/libexec/gdm-x-session[1563]: (II) config/udev: removing device BC:E6:3F:BD:1B:77 Jul 25 14:07:23 caracal /usr/libexec/gdm-x-session[1563]: (**) Option "fd" "37" Jul 25 14:07:23 caracal /usr/libexec/gdm-x-session[1563]: (II) UnloadModule: "libinput" Jul 25 14:07:23 caracal /usr/libexec/gdm-x-session[1563]: (II) systemd-logind: releasing fd for 13:76 Jul 25 14:07:23 caracal /usr/libexec/gdm-x-session[1563]: (EE) systemd-logind: failed to release device: Device not taken Jul 25 14:07:22 caracal dbus[850]: [system] Rejected send message, 4 matched rules; type="method_return", sender=":1.52" (uid=1000 pid=1684 comm="/usr/bin/pulseaudio --start --log-target=syslog ") interface="(unset)" member="(unset)" error name="(unset)" requested_reply="0" destination=":1.88" (uid=0 pid=3317 comm="/usr/libexec/bluetooth/bluetoothd ") ############### Jul 25 14:09:09 caracal systemd[1]: Starting Load/Save RF Kill Switch Status... Jul 25 14:09:09 caracal audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-rfkill comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' Jul 25 14:09:09 caracal systemd[1]: Started Load/Save RF Kill Switch Status. Jul 25 14:09:14 caracal audit[1]: SERVICE_STOP pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-rfkill comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' ############### Jul 25 14:11:19 caracal kernel: usb 5-2: USB disconnect, device number 2 Jul 25 14:11:19 caracal bluetoothd[3317]: Endpoint unregistered: sender=:1.52 path=/MediaEndpoint/A2DPSource Jul 25 14:11:19 caracal systemd[1]: Starting Load/Save RF Kill Switch Status... Jul 25 14:11:19 caracal bluetoothd[3317]: Endpoint unregistered: sender=:1.52 path=/MediaEndpoint/A2DPSink Jul 25 14:11:19 caracal systemd[1]: bluetooth.target: Unit not needed anymore. Stopping. Jul 25 14:11:19 caracal systemd[1]: Stopped target Bluetooth. Jul 25 14:11:19 caracal audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-rfkill comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' Jul 25 14:11:19 caracal systemd[1]: Started Load/Save RF Kill Switch Status. Jul 25 14:11:19 caracal dbus[850]: [system] Rejected send message, 4 matched rules; type="error", sender=":1.52" (uid=1000 pid=1684 comm="/usr/bin/pulseaudio --start --log-target=syslog ") interface="(unset)" member="(unset)" error name="org.bluez.MediaEndpoint1.Error.NotImplemented" requested_reply="0" destination=":1.88" (uid=0 pid=3317 comm="/usr/libexec/bluetooth/bluetoothd ") Jul 25 14:11:19 caracal dbus[850]: [system] Rejected send message, 4 matched rules; type="error", sender=":1.52" (uid=1000 pid=1684 comm="/usr/bin/pulseaudio --start --log-target=syslog ") interface="(unset)" member="(unset)" error name="org.bluez.MediaEndpoint1.Error.NotImplemented" requested_reply="0" destination=":1.88" (uid=0 pid=3317 comm="/usr/libexec/bluetooth/bluetoothd ") Jul 25 14:11:19 caracal dbus[850]: [system] Rejected send message, 4 matched rules; type="error", sender=":1.52" (uid=1000 pid=1684 comm="/usr/bin/pulseaudio --start --log-target=syslog ") interface="(unset)" member="(unset)" error name="org.bluez.MediaEndpoint1.Error.NotImplemented" requested_reply="0" destination=":1.88" (uid=0 pid=3317 comm="/usr/libexec/bluetooth/bluetoothd ") Jul 25 14:11:19 caracal dbus[850]: [system] Rejected send message, 4 matched rules; type="error", sender=":1.52" (uid=1000 pid=1684 comm="/usr/bin/pulseaudio --start --log-target=syslog ") interface="(unset)" member="(unset)" error name="org.bluez.MediaEndpoint1.Error.NotImplemented" requested_reply="0" destination=":1.88" (uid=0 pid=3317 comm="/usr/libexec/bluetooth/bluetoothd ") Jul 25 14:11:19 caracal org.freedesktop.fwupd[850]: (fwupd:1961): GLib-GObject-CRITICAL **: g_object_unref: assertion 'G_IS_OBJECT (object)' failed Jul 25 14:11:23 caracal PackageKit[1433]: get-updates transaction /3307_ecedecbb from uid 1000 finished with success after 110ms Jul 25 14:11:24 caracal audit[1]: SERVICE_STOP pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-rfkill comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
Indeed this bug is still affecting me as well.
I don't see a build in koji [1], am I doing something wrong or we just wait for something else to perform a build? [1] http://koji.fedoraproject.org/koji/packageinfo?packageID=32
Confirmed for me as well.
I can confirm this as well. I've been seeing this behavior since at least F23, if not earlier (yes, I've failed to report this issue many times, sorry). While I'm certainly no expert I wonder if we have at least two separate issues here. The first is the policy issue that's being triggered. The second relates to the fact that at least some portion of the SELinux toolchain is convinced that there's a binary with the name "uetoothd".
(In reply to Adam Hunt from comment #30) > I can confirm this as well. I've been seeing this behavior since at least > F23, if not earlier (yes, I've failed to report this issue many times, > sorry). I'm not sure how you can have seen this on F23. As far as I can see the SELinux policy permits the action there: # sesearch -s init_t -t etc_t -c dir -p mounton --allow Found 1 semantic av rules: allow files_unconfined_type file_type : dir { ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename execute swapon quotaon mounton add_name remove_name reparent search rmdir open audit_access execmod } ; > While I'm certainly no expert I wonder if we have at least two separate > issues here. The first is the policy issue that's being triggered. The > second relates to the fact that at least some portion of the SELinux > toolchain is convinced that there's a binary with the name "uetoothd". That has nothing to do with SELinux. The "(uetoothd)" is the comm field set up by systemd *before* it executes bluetoothd. See my comment 17 for details on why it looks like this.
*** ConfidentialBug 1361819 has been marked as a duplicate of this bug. ***
FYI I've never seen exactly this issue with fedora 23.
Description of problem: This happens every reboot for me. Pretty sure this is bluetoothd (from bluez package), but for whatever reason I only see (uetoothd)? Version-Release number of selected component: selinux-policy-3.13.1-191.5.fc24.noarch Additional info: reporter: libreport-2.7.2 hashmarkername: setroubleshoot kernel: 4.6.4-301.fc24.x86_64 type: libreport
(In reply to Leszek Matok from comment #34) > Description of problem: > This happens every reboot for me. Pretty sure this is bluetoothd (from bluez > package), but for whatever reason I only see (uetoothd)? "(uetoothd)" is bluetoothd. See comment #17 in this report, and minor correction in comment #24. comment #31 just above also references back to comment #17 Every reboot because Bluetooth is initialized each time, and fails the same way each time. Unless one of the workarounds is used. Issue status says fixed in selinux-policy-3.13.1-191.9.fc24. My system is currently using 3.13.1-191.5.fc24, so waiting until -9 gets rolled out to remove the workaround.
You can try koji build: http://koji.fedoraproject.org/koji/buildinfo?buildID=786414 I installed but have not rebooted since so not sure if it resolves all issues.
Description of problem: boot (F24 with upstream kernel 4.8.0-0.rc0.git2.2.fc26.x86_64) Version-Release number of selected component: selinux-policy-3.13.1-191.8.fc24.noarch Additional info: reporter: libreport-2.7.2 hashmarkername: setroubleshoot kernel: 4.8.0-0.rc0.git2.2.fc26.x86_64 type: libreport
I can confirm that the original denial goes away with the new selinux-package selinux-policy-3.13.1-191.9.fc24.noarch Now I saw another issue with selinux policy related to using DUN (bug 1362544) and possibly headset (bug 1338996) but it/they can be tracked separately.
Description of problem: I am using Blueman. I turned bluetooth off (from the tray icon) and then on. The error popped up. Version-Release number of selected component: selinux-policy-3.13.1-191.8.fc24.noarch Additional info: reporter: libreport-2.7.2 hashmarkername: setroubleshoot kernel: 4.6.4-301.fc24.x86_64 type: libreport
I can confirm as well the problem goes away as well with selinux-policy-3.13.1-191.9.fc24.noarch
Description of problem: sudo dnf update Version-Release number of selected component: selinux-policy-3.13.1-191.8.fc24.noarch Additional info: reporter: libreport-2.7.2 hashmarkername: setroubleshoot kernel: 4.6.4-301.fc24.x86_64 type: libreport
Description of problem: Updating my system using 'dnf update -y' Version-Release number of selected component: selinux-policy-3.13.1-191.8.fc24.noarch Additional info: reporter: libreport-2.7.2 hashmarkername: setroubleshoot kernel: 4.6.4-301.fc24.x86_64 type: libreport
Description of problem: i don't now what happens. i just type 'sudo yum -y update' and i get this error. i am very new to linux therefore don't no anything about it. Version-Release number of selected component: selinux-policy-3.13.1-191.8.fc24.noarch Additional info: reporter: libreport-2.7.2 hashmarkername: setroubleshoot kernel: 4.6.4-301.fc24.x86_64 type: libreport
Description of problem: running "dnf distro-sync" and start removing selective packages. Version-Release number of selected component: selinux-policy-3.13.1-191.8.fc24.noarch Additional info: reporter: libreport-2.7.2 hashmarkername: setroubleshoot kernel: 4.6.4-301.fc24.x86_64 type: libreport
Description of problem: I'm not 100% certain, but I think this reliably reproduces with the following steps: create a temporary user allow X connections by that user "xhost +si:localuser:username" su to that user spawn firefox as that user close firefox log out as that user userdel that user Version-Release number of selected component: selinux-policy-3.13.1-191.8.fc24.noarch Additional info: reporter: libreport-2.7.2 hashmarkername: setroubleshoot kernel: 4.6.4-301.fc24.x86_64 type: libreport
Description of problem: Ran # dnf update. The package "bluez" was part of the upgrade. Version-Release number of selected component: selinux-policy-3.13.1-191.8.fc24.noarch Additional info: reporter: libreport-2.7.2 hashmarkername: setroubleshoot kernel: 4.6.4-301.fc24.x86_64 type: libreport
selinux-policy-3.13.1-191.10.fc24 has been pushed to the Fedora 24 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-2c8a3e08c6
Description of problem: powertop as a service seems to trigger this error. disabling powertop.service helps. Version-Release number of selected component: selinux-policy-3.13.1-191.8.fc24.noarch Additional info: reporter: libreport-2.7.2 hashmarkername: setroubleshoot kernel: 4.6.5-300.fc24.x86_64 type: libreport
*** ConfidentialBug 1366056 has been marked as a duplicate of this bug. ***
Description of problem: Turned on bluetooth headphones. Version-Release number of selected component: selinux-policy-3.13.1-191.8.fc24.noarch Additional info: reporter: libreport-2.7.2 hashmarkername: setroubleshoot kernel: 4.6.5-300.fc24.x86_64 type: libreport
selinux-policy-3.13.1-191.10.fc24 has been pushed to the Fedora 24 stable repository. If problems still persist, please make note of it in this bug report.
Description of problem: trying to upload via bluetooth to this device. uestoothd should probably be bluetoothd. Version-Release number of selected component: selinux-policy-3.13.1-191.8.fc24.noarch Additional info: reporter: libreport-2.7.2 hashmarkername: setroubleshoot kernel: 4.6.5-300.fc24.x86_64 type: libreport
Description of problem: i have turned off bluetooth and tried to get it up again. Version-Release number of selected component: selinux-policy-3.13.1-191.8.fc24.noarch Additional info: reporter: libreport-2.7.2 hashmarkername: setroubleshoot kernel: 4.6.4-301.fc24.x86_64 type: libreport