1361808 – SELinux is preventing gdbus from write access on the fifo_file /run/systemd/inhibit/1.ref

Bug 1361808 - SELinux is preventing gdbus from write access on the fifo_file /run/systemd/inhibit/1.ref

Summary: SELinux is preventing gdbus from write access on the fifo_file /run/systemd/i...

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	selinux-policy
Sub Component:
Version:	25
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Assignee:	Lukas Vrabec
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2016-07-30 17:51 UTC by Chris Murphy
Modified:	2016-08-23 15:05 UTC (History)
CC List:	6 users (show)
Fixed In Version:	selinux-policy-3.13.1-210.fc25
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2016-08-23 15:05:27 UTC
Type:	Bug
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Chris Murphy 2016-07-30 17:51:59 UTC

Description of problem:


Version-Release number of selected component (if applicable):
selinux-policy-3.13.1-202.fc25.noarch

How reproducible:
Always


Steps to Reproduce:
1. Install Fedora-Workstation-Live-x86_64-Rawhide-20160718.n.0.iso
2.
3.

Actual results:
Notification appears during installation, SELinux Troubleshooter lists:

SELinux is preventing gdbus from write access on the fifo_file /run/systemd/inhibit/1.ref.

*****  Plugin catchall (100. confidence) suggests   **************************

If you believe that gdbus should be allowed write access on the 1.ref fifo_file by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# ausearch -c 'gdbus' --raw | audit2allow -M my-gdbus
# semodule -X 300 -i my-gdbus.pp

Additional Information:
Source Context                system_u:system_r:modemmanager_t:s0
Target Context                system_u:object_r:systemd_logind_inhibit_var_run_t
                              :s0
Target Objects                /run/systemd/inhibit/1.ref [ fifo_file ]
Source                        gdbus
Source Path                   gdbus
Port                          <Unknown>
Host                          localhost
Source RPM Packages           
Target RPM Packages           
Policy RPM                    selinux-policy-3.13.1-202.fc25.noarch
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Enforcing
Host Name                     localhost
Platform                      Linux localhost 4.7.0-0.rc7.git3.1.fc25.x86_64 #1
                              SMP Fri Jul 15 21:02:08 UTC 2016 x86_64 x86_64
Alert Count                   1
First Seen                    2016-07-30 17:36:07 EDT
Last Seen                     2016-07-30 17:36:07 EDT
Local ID                      45b142a5-5759-4e7a-97d3-a7880cc2525c

Raw Audit Messages
type=AVC msg=audit(1469914567.936:102): avc:  denied  { write } for  pid=989 comm="gdbus" path="/run/systemd/inhibit/1.ref" dev="tmpfs" ino=19043 scontext=system_u:system_r:modemmanager_t:s0 tcontext=system_u:object_r:systemd_logind_inhibit_var_run_t:s0 tclass=fifo_file permissive=0


Hash: gdbus,modemmanager_t,systemd_logind_inhibit_var_run_t,fifo_file,write



Expected results:

No SELinux denials during installation


Additional info:

Comment 1 Giulio 'juliuxpigface' 2016-08-17 18:10:08 UTC

I've encountered this too. Actually, I think it's not exactly related to installation.

Booting the live and logging to Gnome seems enough, in order to trigger the denial.

Note You need to log in before you can comment on or make changes to this bug.