Description of problem: SELinux is preventing abrt-hook-ccpp from 'sys_ptrace' accesses on the cap_userns Unknown. ***** Plugin catchall (100. confidence) suggests ************************** If you believe that abrt-hook-ccpp should be allowed sys_ptrace access on the Unknown cap_userns by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # ausearch -c 'abrt-hook-ccpp' --raw | audit2allow -M my-abrthookccpp # semodule -X 300 -i my-abrthookccpp.pp Additional Information: Source Context system_u:system_r:abrt_dump_oops_t:s0 Target Context system_u:system_r:abrt_dump_oops_t:s0 Target Objects Unknown [ cap_userns ] Source abrt-hook-ccpp Source Path abrt-hook-ccpp Port <Unknown> Host (removed) Source RPM Packages Target RPM Packages Policy RPM selinux-policy-3.13.1-191.12.fc24.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 4.7.2+ #3 SMP Sun Aug 21 23:08:59 JST 2016 x86_64 x86_64 Alert Count 3 First Seen 2016-08-24 01:05:42 JST Last Seen 2016-08-25 16:58:34 JST Local ID 843d9086-a615-44c8-9b9f-faf48bf20278 Raw Audit Messages type=AVC msg=audit(1472111914.606:401): avc: denied { sys_ptrace } for pid=13353 comm="abrt-hook-ccpp" capability=19 scontext=system_u:system_r:abrt_dump_oops_t:s0 tcontext=system_u:system_r:abrt_dump_oops_t:s0 tclass=cap_userns permissive=0 Hash: abrt-hook-ccpp,abrt_dump_oops_t,abrt_dump_oops_t,cap_userns,sys_ptrace Version-Release number of selected component: selinux-policy-3.13.1-191.12.fc24.noarch Additional info: reporter: libreport-2.7.2 hashmarkername: setroubleshoot kernel: 4.7.2+ type: libreport
Description of problem: While using Google-Chrome Version-Release number of selected component: selinux-policy-3.13.1-191.14.fc24.noarch Additional info: reporter: libreport-2.7.2 hashmarkername: setroubleshoot kernel: 4.7.2-201.fc24.x86_64 type: libreport
*** Bug 1374829 has been marked as a duplicate of this bug. ***
Description of problem: Working on Chrome, open a new page and the red light from bit defender stop working Version-Release number of selected component: selinux-policy-3.13.1-191.14.fc24.noarch Additional info: reporter: libreport-2.7.2 hashmarkername: setroubleshoot kernel: 4.7.3-200.fc24.x86_64 type: libreport
Description of problem: Starting `GDK_BACKEND=X11 flatpak run org.libreoffice.LibreOffice` Version-Release number of selected component: selinux-policy-3.13.1-191.16.fc24.noarch Additional info: reporter: libreport-2.7.2 hashmarkername: setroubleshoot kernel: 4.7.3-200.fc24.x86_64 type: libreport
Description of problem: It's only just started doing this right after boot. But it happens every time. Version-Release number of selected component: selinux-policy-3.13.1-191.16.fc24.noarch Additional info: reporter: libreport-2.7.2 hashmarkername: setroubleshoot kernel: 4.7.4-200.fc24.x86_64 type: libreport
I see Chrome in the other comments, and it didn't start happening to me until I installed Firefox 49 and visited Netflix. I wonder if Widevine is involved somehow. It seems to happen in pairs with with the alert: SELinux is preventing plugin-containe from sys_admin access on the cap_userns Unknown. I can't help but notice cap_userns is in that one too.
This package has changed ownership in the Fedora Package Database. Reassigning to the new owner of this component.
Description of problem: Just logged in to gnome classic desktop. Version-Release number of selected component: selinux-policy-3.13.1-191.16.fc24.noarch Additional info: reporter: libreport-2.7.2 hashmarkername: setroubleshoot kernel: 4.7.5-200.fc24.x86_64 type: libreport
Description of problem: Clicked on "Enable DRM" in Firefox at http://www.nbcnews.com/storyline/aleppos-children/hospital-aleppo-evidence-detested-weapon-n657621. Version-Release number of selected component: selinux-policy-3.13.1-191.17.fc24.noarch Additional info: reporter: libreport-2.7.2 hashmarkername: setroubleshoot kernel: 4.7.4-200.fc24.x86_64 type: libreport
Plus one: SELinux is preventing abrt-hook-ccpp from sys_ptrace access on the cap_userns Unknown. ***** Plugin catchall (100. confidence) suggests ************************** If you believe that abrt-hook-ccpp should be allowed sys_ptrace access on the Unknown cap_userns by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # ausearch -c 'abrt-hook-ccpp' --raw | audit2allow -M my-abrthookccpp # semodule -X 300 -i my-abrthookccpp.pp Additional Information: Source Context system_u:system_r:abrt_dump_oops_t:s0 Target Context system_u:system_r:abrt_dump_oops_t:s0 Target Objects Unknown [ cap_userns ] Source abrt-hook-ccpp Source Path abrt-hook-ccpp Port <Unknown> Host eldenador.giftdigital Source RPM Packages Target RPM Packages Policy RPM selinux-policy-3.13.1-191.17.fc24.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name eldenador.giftdigital Platform Linux eldenador.giftdigital 4.7.5-200.fc24.x86_64 #1 SMP Mon Sep 26 21:25:47 UTC 2016 x86_64 x86_64 Alert Count 2 First Seen 2016-10-08 15:11:45 AEST Last Seen 2016-10-08 15:11:45 AEST Local ID ab91b83a-8c84-42ca-a82c-7f6e84b42e61 Raw Audit Messages type=AVC msg=audit(1475903505.996:330): avc: denied { sys_ptrace } for pid=15399 comm="abrt-hook-ccpp" capability=19 scontext=system_u:system_r:abrt_dump_oops_t:s0 tcontext=system_u:system_r:abrt_dump_oops_t:s0 tclass=cap_userns permissive=0 Hash: abrt-hook-ccpp,abrt_dump_oops_t,abrt_dump_oops_t,cap_userns,sys_ptrace
Description of problem: running latest chrome Additional info: reporter: libreport-2.7.2 hashmarkername: setroubleshoot kernel: 4.7.5-200.fc24.x86_64 type: libreport
selinux-policy-3.13.1-191.20.fc24 has been submitted as an update to Fedora 24. https://bodhi.fedoraproject.org/updates/FEDORA-2016-7ce27629b3
selinux-policy-3.13.1-191.20.fc24 has been pushed to the Fedora 24 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-7ce27629b3
selinux-policy-3.13.1-191.20.fc24 has been pushed to the Fedora 24 stable repository. If problems still persist, please make note of it in this bug report.