1460880 – SELinux is preventing accounts-daemon from using the dac_read_search capability

Bug 1460880 - SELinux is preventing accounts-daemon from using the dac_read_search capability

Summary: SELinux is preventing accounts-daemon from using the dac_read_search capability

Keywords:
Status:	CLOSED DUPLICATE of bug 1460882
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	selinux-policy
Sub Component:
Version:	26
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Assignee:	Lukas Vrabec
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2017-06-13 03:18 UTC by Chris Murphy
Modified:	2017-06-13 12:53 UTC (History)
CC List:	7 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2017-06-13 12:53:20 UTC
Type:	Bug
Embargoed:
Dependent Products:

Attachments	(Terms of Use)
journal (329.77 KB, text/x-vhdl) 2017-06-13 03:21 UTC, Chris Murphy	no flags	Details
View All

Description Chris Murphy 2017-06-13 03:18:06 UTC

Description of problem:

SETroubleshoot notification at login appears, with this complaint.


Version-Release number of selected component (if applicable):
selinux-policy-3.13.1-254.fc26.noarch
4.12.0-0.rc5.git0.1.fc27.x86_64


How reproducible:
Each boot.


Steps to Reproduce:
1. Boot
2.
3.

Actual results:

SELinux alert notification

Raw Audit Messages
type=AVC msg=audit(1497323293.449:260): avc:  denied  { dac_read_search } for  pid=967 comm="accounts-daemon" capability=2  scontext=system_u:system_r:accountsd_t:s0 tcontext=system_u:system_r:accountsd_t:s0 tclass=capability permissive=0



Expected results:

No notification for just booting and logging in.


Additional info:

Could be related to upgrading the kernel from 4.11.3 to 4.12rc5; I don't recall these SELinux alerts happening prior to the upgrade.

Comment 1 Chris Murphy 2017-06-13 03:21:23 UTC

Created attachment 1287140 [details]
journal

Comment 2 Chris Murphy 2017-06-13 03:55:08 UTC

Also happens with selinux-policy-3.13.1-257.fc26.noarch and manually relabelled.

Comment 3 Lukas Vrabec 2017-06-13 12:53:20 UTC


*** This bug has been marked as a duplicate of bug 1460882 ***

Note You need to log in before you can comment on or make changes to this bug.