Hide Forgot
Description of problem: Just Upgraded to F25 from F24, and tried to login to GNOME (Wayland Session). SELinux is preventing gnome-shell from 'getattr' accesses on the chr_file /dev/loop-control. ***** Plugin catchall (100. confidence) suggests ************************** If you believe that gnome-shell should be allowed getattr access on the loop-control chr_file by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # ausearch -c 'gnome-shell' --raw | audit2allow -M my-gnomeshell # semodule -X 300 -i my-gnomeshell.pp Additional Information: Source Context system_u:system_r:xdm_t:s0-s0:c0.c1023 Target Context system_u:object_r:loop_control_device_t:s0 Target Objects /dev/loop-control [ chr_file ] Source gnome-shell Source Path gnome-shell Port <Unknown> Host (removed) Source RPM Packages Target RPM Packages Policy RPM <Unknown> Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 4.8.1-1.fc25.x86_64 #1 SMP Fri Oct 7 14:38:22 UTC 2016 x86_64 x86_64 Alert Count 18 First Seen 2016-10-14 19:01:25 EET Last Seen 2016-10-14 19:16:22 EET Local ID 5f0dc318-66dc-4bfe-a072-4a685618b00e Raw Audit Messages type=AVC msg=audit(1476465382.549:205): avc: denied { getattr } for pid=1344 comm="gnome-shell" path="/dev/loop-control" dev="devtmpfs" ino=17414 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:loop_control_device_t:s0 tclass=chr_file permissive=0 Hash: gnome-shell,xdm_t,loop_control_device_t,chr_file,getattr Additional info: reporter: libreport-2.8.0 hashmarkername: setroubleshoot kernel: 4.8.1-1.fc25.x86_64 type: libreport
Description of problem: Steps to reproduce: - insert usb drive (ext4 in my case) Version-Release number of selected component: selinux-policy-3.13.1-220.fc25.noarch Additional info: reporter: libreport-2.8.0 hashmarkername: setroubleshoot kernel: 4.8.6-300.fc25.x86_64 type: libreport
Description of problem: By mounting iso file by gnome auto mount, its starting to complain about this problem - note that mount is working and can be unmounted in normal way. Version-Release number of selected component: selinux-policy-3.13.1-224.fc25.noarch Additional info: reporter: libreport-2.8.0 hashmarkername: setroubleshoot kernel: 4.8.8-300.fc25.x86_64 type: libreport
Hi, Could you try to reproduce it in permissive mode and collect all SELinux denials? Thanks.
I don't know if I can reproduce it again (this means installing F24, then upgrading to F25, which I've done already and applied the policy to be able to login Wayland).
Created attachment 1226552 [details] selinux-log-loopback Logs you can get even on new installation. Just mount iso by build in gnome application e.g. Fedora 25 iso. Hope it helps.
Description of problem: mounting a win 10 iso by clicking on it Version-Release number of selected component: selinux-policy-3.13.1-225.6.fc25.noarch Additional info: reporter: libreport-2.8.0 hashmarkername: setroubleshoot kernel: 4.9.3-200.fc25.x86_64 type: libreport
Description of problem: - Mounted an ISO file in my home directory by double-clicking the file in the Files manager. Version-Release number of selected component: selinux-policy-3.13.1-225.6.fc25.noarch Additional info: reporter: libreport-2.8.0 hashmarkername: setroubleshoot kernel: 4.9.9-200.fc25.x86_64 type: libreport
type=USER_AVC msg=audit(1487425836.848:859): pid=14110 uid=0 auid=1000 ses=3 subj=unconfined_u:unconfined_r:unconfined_dbusd_t:s0-s0:c0.c1023 msg='avc: received setenforce notice (enforcing=0) exe="/usr/bin/dbus-daemon" sauid=0 hostname=? addr=? terminal=?' type=USER_AVC msg=audit(1487425836.849:860): pid=1163 uid=81 auid=4294967295 ses=4294967295 subj=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 msg='avc: received setenforce notice (enforcing=0) exe="/usr/bin/dbus-daemon" sauid=81 hostname=? addr=? terminal=?' type=AVC msg=audit(1487425855.196:861): avc: denied { getattr } for pid=1488 comm="gnome-shell" path="/dev/loop-control" dev="devtmpfs" ino=16870 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:loop_control_device_t:s0 tclass=chr_file permissive=1 type=MAC_STATUS msg=audit(1487425866.169:862): enforcing=1 old_enforcing=0 auid=1000 ses=3 type=USER_AVC msg=audit(1487425866.180:863): pid=14110 uid=0 auid=1000 ses=3 subj=unconfined_u:unconfined_r:unconfined_dbusd_t:s0-s0:c0.c1023 msg='avc: received setenforce notice (enforcing=1) exe="/usr/bin/dbus-daemon" sauid=0 hostname=? addr=? terminal=?' type=USER_AVC msg=audit(1487425866.184:864): pid=1163 uid=81 auid=4294967295 ses=4294967295 subj=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 msg='avc: received setenforce notice (enforcing=1) exe="/usr/bin/dbus-daemon" sauid=81 hostname=? addr=? terminal=?'
Description of problem: i was installing KDevelop using the appimage Version-Release number of selected component: selinux-policy-3.13.1-225.6.fc25.noarch Additional info: reporter: libreport-2.8.0 hashmarkername: setroubleshoot kernel: 4.9.10-200.fc25.x86_64 type: libreport
Description of problem: I simply tried to double click on a .iso image. That does an "Open with Disk Image Mounter" in the Gnome Shell. Version-Release number of selected component: selinux-policy-3.13.1-225.11.fc25.noarch Additional info: reporter: libreport-2.8.0 hashmarkername: setroubleshoot kernel: 4.9.14-200.fc25.i686+PAE type: libreport
Description of problem: This error appeared spontaneously. Version-Release number of selected component: selinux-policy-3.13.1-225.11.fc25.noarch Additional info: reporter: libreport-2.8.0 hashmarkername: setroubleshoot kernel: 4.10.5-200.fc25.x86_64 type: libreport
Description of problem: 1. Two clicks on an Appimage file 2. The app gets mounted, but SELinux alert appears Version-Release number of selected component: selinux-policy-3.13.1-225.11.fc25.noarch Additional info: reporter: libreport-2.8.0 hashmarkername: setroubleshoot kernel: 4.10.5-200.fc25.x86_64 type: libreport
Actually the problem was, that archive mounter tried to mount it as a disk image. When giving proper executable rights to the Appimage file, it was run properly without mounting.
Description of problem: I couldn't burn in a CD, which already has data burnt in it, but it isn't full. Version-Release number of selected component: selinux-policy-3.13.1-225.11.fc25.noarch Additional info: reporter: libreport-2.8.0 hashmarkername: setroubleshoot kernel: 4.10.8-200.fc25.x86_64 type: libreport
Description of problem: Laptop (Lenovo X240) awoke from sleep mode and displayed error Version-Release number of selected component: selinux-policy-3.13.1-225.11.fc25.noarch Additional info: reporter: libreport-2.8.0 hashmarkername: setroubleshoot kernel: 4.10.9-200.fc25.x86_64 type: libreport
Description of problem: Connected external HDD through USB 3.0 Version-Release number of selected component: selinux-policy-3.13.1-225.11.fc25.noarch Additional info: reporter: libreport-2.8.0 hashmarkername: setroubleshoot kernel: 4.10.9-200.fc25.x86_64 type: libreport
selinux-policy-3.13.1-225.13.fc25 has been submitted as an update to Fedora 25. https://bodhi.fedoraproject.org/updates/FEDORA-2017-0af0456dcc
selinux-policy-3.13.1-225.13.fc25 has been pushed to the Fedora 25 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2017-0af0456dcc
selinux-policy-3.13.1-225.13.fc25 has been pushed to the Fedora 25 stable repository. If problems still persist, please make note of it in this bug report.