Created attachment 1271832 [details] SELinux problem assistant does nothing Description of problem: 1. After installing samba, samba-winbind, samba-client and samba-common-tools packages, selinux reports the following warning SELinux is preventing useradd from write access on the sock_file system_bus_socket. 2. SELinux problem assistant (sealert) does nothing when clicking on "Report error" (see attachment) Version-Release number of selected component (if applicable): samba-client-4.6.2-0.fc26.x86_64 samba-winbind-4.6.2-0.fc26.x86_64 samba-libs-4.6.2-0.fc26.x86_64 samba-client-libs-4.6.2-0.fc26.x86_64 samba-common-libs-4.6.2-0.fc26.x86_64 samba-winbind-modules-4.6.2-0.fc26.x86_64 samba-common-4.6.2-0.fc26.noarch samba-4.6.2-0.fc26.x86_64 samba-common-tools-4.6.2-0.fc26.x86_64 Steps to Reproduce: 1. Install samba and related packages Actual results: Unexpected warning. Log: SELinux is preventing useradd from write access on the sock_file system_bus_socket. ***** Plugin catchall (100. confidence) suggests ************************** If cree que de manera predeterminada, useradd debería permitir acceso write sobre system_bus_socket sock_file. Then debería reportar esto como un error. Puede generar un módulo de política local para permitir este acceso. Do allow this access for now by executing: # ausearch -c 'useradd' --raw | audit2allow -M my-useradd # semodule -X 300 -i my-useradd.pp Additional Information: Source Context system_u:system_r:useradd_t:s0 Target Context system_u:object_r:system_dbusd_var_run_t:s0 Target Objects system_bus_socket [ sock_file ] Source useradd Source Path useradd Port <Unknown> Host (removed) Source RPM Packages Target RPM Packages Policy RPM selinux-policy-3.13.1-249.fc26.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux localhost.localdomain 4.11.0-0.rc5.git0.1.fc26.x86_64 #1 SMP Mon Apr 3 17:54:15 UTC 2017 x86_64 x86_64 Alert Count 7 First Seen 2017-04-13 22:59:34 CEST Last Seen 2017-04-13 22:59:34 CEST Local ID cca7d680-6648-42bb-b398-b2159ec4e9a2 Raw Audit Messages type=AVC msg=audit(1492117174.837:262): avc: denied { write } for pid=2146 comm="useradd" name="system_bus_socket" dev="tmpfs" ino=17241 scontext=system_u:system_r:useradd_t:s0 tcontext=system_u:object_r:system_dbusd_var_run_t:s0 tclass=sock_file permissive=0 Hash: useradd,useradd_t,system_dbusd_var_run_t,sock_file,write Expected results: No warning, silent installation of samba. Additional info:
selinux-policy-3.13.1-251.fc26 has been submitted as an update to Fedora 26. https://bodhi.fedoraproject.org/updates/FEDORA-2017-f36794dd98
selinux-policy-3.13.1-251.fc26 has been pushed to the Fedora 26 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2017-f36794dd98
(In reply to Fedora Update System from comment #2) > selinux-policy-3.13.1-251.fc26 has been pushed to the Fedora 26 testing > repository. If problems still persist, please make note of it in this bug > report. > See https://fedoraproject.org/wiki/QA:Updates_Testing for > instructions on how to install test updates. > You can provide feedback for this update here: > https://bodhi.fedoraproject.org/updates/FEDORA-2017-f36794dd98 Solved. No SELinux warning anymore. However, SELinux problem assistant (sealert) does nothing yet when clicking on "Report error". Anyway this is a less important issue. Thanks.
(In reply to Rubén Lledó from comment #3) > (In reply to Fedora Update System from comment #2) > > selinux-policy-3.13.1-251.fc26 has been pushed to the Fedora 26 testing > > repository. If problems still persist, please make note of it in this bug > > report. > > See https://fedoraproject.org/wiki/QA:Updates_Testing for > > instructions on how to install test updates. > > You can provide feedback for this update here: > > https://bodhi.fedoraproject.org/updates/FEDORA-2017-f36794dd98 > > Solved. No SELinux warning anymore. However, SELinux problem assistant > (sealert) does nothing yet when clicking on "Report error". Anyway this is a > less important issue. > > Thanks. +1 at Bodhi.
selinux-policy-3.13.1-251.fc26 has been pushed to the Fedora 26 stable repository. If problems still persist, please make note of it in this bug report.