Description of problem: I do not know what this means and if the application should be allowed or rather fixed, however, what seems suspicios to me is that I'm getting the alert usually after an application crash when abrt pops up ... what is the connection here??? SELinux is preventing pcscd from using the 'wake_alarm' capabilities. ***** Plugin catchall (100. confidence) suggests ************************** If you believe that pcscd should have the wake_alarm capability by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # ausearch -c 'pcscd' --raw | audit2allow -M my-pcscd # semodule -X 300 -i my-pcscd.pp Additional Information: Source Context system_u:system_r:pcscd_t:s0 Target Context system_u:system_r:pcscd_t:s0 Target Objects Unknown [ capability2 ] Source pcscd Source Path pcscd Port <Unknown> Host (removed) Source RPM Packages Target RPM Packages Policy RPM selinux-policy-3.13.1-215.fc25.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 4.8.0-0.rc7.git0.1.fc25.x86_64 #1 SMP Mon Sep 19 15:24:06 UTC 2016 x86_64 x86_64 Alert Count 28 First Seen 2016-10-04 12:54:44 CEST Last Seen 2016-10-04 12:54:47 CEST Local ID ac9cddef-b823-441e-89f0-bacfeb3d2547 Raw Audit Messages type=AVC msg=audit(1475578487.871:844): avc: denied { wake_alarm } for pid=30852 comm="pcscd" capability=35 scontext=system_u:system_r:pcscd_t:s0 tcontext=system_u:system_r:pcscd_t:s0 tclass=capability2 permissive=0 Hash: pcscd,pcscd_t,pcscd_t,capability2,wake_alarm Version-Release number of selected component: selinux-policy-3.13.1-215.fc25.noarch Additional info: reporter: libreport-2.8.0 hashmarkername: setroubleshoot kernel: 4.8.0-0.rc7.git0.1.fc25.x86_64 type: libreport
SELinux is preventing pcscd from using the wake_alarm capability. ***** Plugin catchall (100. confidence) suggests ************************** If you believe that pcscd should have the wake_alarm capability by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # ausearch -c 'pcscd' --raw | audit2allow -M my-pcscd # semodule -X 300 -i my-pcscd.pp Additional Information: Source Context system_u:system_r:pcscd_t:s0 Target Context system_u:system_r:pcscd_t:s0 Target Objects Unknown [ capability2 ] Source pcscd Source Path pcscd Port <Unknown> Host dragonfly.XXX.net Source RPM Packages Target RPM Packages Policy RPM selinux-policy-3.13.1-218.fc25.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name dragonfly.XXX.net Platform Linux dragonfly.saguna.net 4.8.0-0.rc8.git0.1.fc25.x86_64 #1 SMP Mon Sep 26 17:12:24 UTC 2016 x86_64 x86_64 Alert Count 4157 First Seen 2016-09-16 17:25:40 IDT Last Seen 2016-10-09 11:47:19 IDT Local ID 081e847e-f0f4-4a63-aa6c-b782a51fd077 Raw Audit Messages type=AVC msg=audit(1476002839.695:278): avc: denied { wake_alarm } for pid=4204 comm="pcscd" capability=35 scontext=system_u:system_r:pcscd_t:s0 tcontext=system_u:system_r:pcscd_t:s0 tclass=capability2 permissive=0 Hash: pcscd,pcscd_t,pcscd_t,capability2,wake_alarm
Description of problem: This happens everytime after starting pscd after some seconds. Additional info: reporter: libreport-2.8.0 hashmarkername: setroubleshoot kernel: 4.8.3-300.fc25.x86_64 type: libreport
I have started noticing this in Fedora 24, probably after some recent update in the passed week or two.
selinux-policy-3.13.1-222.fc25 has been submitted as an update to Fedora 25. https://bodhi.fedoraproject.org/updates/FEDORA-2016-d1908bac81
selinux-policy-3.13.1-222.fc25 has been pushed to the Fedora 25 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-d1908bac81
selinux-policy-3.13.1-222.fc25 has been pushed to the Fedora 25 stable repository. If problems still persist, please make note of it in this bug report.
Description of problem: Ran "ykneomgr -m" with a Yubikey NEO. Version-Release number of selected component: selinux-policy-3.13.1-220.fc25.noarch Additional info: reporter: libreport-2.8.0 hashmarkername: setroubleshoot kernel: 4.8.4-301.fc25.x86_64 type: libreport
Same issue on Fedora 24. Is this going to be backported?