Description of problem: SELinux is preventing useradd from 'write' accesses on the sock_file system_bus_socket. ***** Plugin catchall (100. confidence) suggests ************************** If aby useradd powinno mieć domyślnie write dostęp do system_bus_socket sock_file. Then proszę to zgłosić jako błąd. Można utworzyć lokalny moduł polityki, aby umożliwić ten dostęp. Do allow this access for now by executing: # ausearch -c 'useradd' --raw | audit2allow -M my-useradd # semodule -X 300 -i my-useradd.pp Additional Information: Source Context unconfined_u:unconfined_r:useradd_t:s0-s0:c0.c1023 Target Context system_u:object_r:system_dbusd_var_run_t:s0 Target Objects system_bus_socket [ sock_file ] Source useradd Source Path useradd Port <Unknown> Host (removed) Source RPM Packages Target RPM Packages Policy RPM selinux-policy-3.13.1-235.fc26.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 4.9.5-200.fc25.x86_64 #1 SMP Fri Jan 20 12:24:16 UTC 2017 x86_64 x86_64 Alert Count 1 First Seen 2017-01-26 11:30:46 CET Last Seen 2017-01-26 11:30:46 CET Local ID f1df93a1-b45b-4932-937a-1276b2be8d10 Raw Audit Messages type=AVC msg=audit(1485426646.862:312): avc: denied { write } for pid=19406 comm="useradd" name="system_bus_socket" dev="tmpfs" ino=21126 scontext=unconfined_u:unconfined_r:useradd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:system_dbusd_var_run_t:s0 tclass=sock_file permissive=0 Hash: useradd,useradd_t,system_dbusd_var_run_t,sock_file,write Version-Release number of selected component: selinux-policy-3.13.1-235.fc26.noarch Additional info: component: selinux-policy reporter: libreport-2.9.0 hashmarkername: setroubleshoot kernel: 4.10.0-0.rc5.git1.1.fc26.x86_64 type: libreport
This bug appears to have been reported against 'rawhide' during the Fedora 26 development cycle. Changing version to '26'.
Description of problem: Booting the F26 Alpha Workstation Live DVD Version-Release number of selected component: selinux-policy-3.13.1-244.fc26.noarch Additional info: reporter: libreport-2.9.0 hashmarkername: setroubleshoot kernel: 4.11.0-0.rc2.git2.2.fc26.x86_64 type: libreport
*** Bug 1442711 has been marked as a duplicate of this bug. ***
Description of problem: Found this while using a live of Fedora 26 Workstation (2060416 compose), during the installation of the new system on a qemu/kvm guest. Version-Release number of selected component: selinux-policy-3.13.1-249.fc26.noarch Additional info: reporter: libreport-2.9.1 hashmarkername: setroubleshoot kernel: 4.11.0-0.rc6.git0.1.fc26.x86_64 type: libreport
Proposing as a FE for Fedora 26 Final. The SELinux' denial is caught after the boot of the live environment. It's not strictly a blocker, since no notifications pop up and so it doesn't violate the "2.5.4 SELinux and crash notifications" Final criterion. Howewer, in my opinion, it might be a "bad presentation" for the new release, if not fixed in time.
(In reply to Giulio 'juliuxpigface' from comment #5) > Proposing as a FE for Fedora 26 Final. > > The SELinux' denial is caught after the boot of the live environment. > > It's not strictly a blocker, since no notifications pop up and so it doesn't > violate the "2.5.4 SELinux and crash notifications" Final criterion. > > Howewer, in my opinion, it might be a "bad presentation" for the new > release, if not fixed in time. +1
Description of problem: The alert appears using Fedora 26 20170504.n.1 Live Workstation, when installation reaches 100% (generating initramfs) Version-Release number of selected component: selinux-policy-3.13.1-249.fc26.noarch Additional info: reporter: libreport-2.9.1 hashmarkername: setroubleshoot kernel: 4.11.0-0.rc8.git0.1.fc26.x86_64 type: libreport
*** This bug has been marked as a duplicate of bug 1449643 ***