Bug 1460880 - SELinux is preventing accounts-daemon from using the dac_read_search capability
SELinux is preventing accounts-daemon from using the dac_read_search capability
Status: CLOSED DUPLICATE of bug 1460882
Product: Fedora
Classification: Fedora
Component: selinux-policy (Show other bugs)
Unspecified Unspecified
unspecified Severity unspecified
: ---
: ---
Assigned To: Lukas Vrabec
Fedora Extras Quality Assurance
Depends On:
  Show dependency treegraph
Reported: 2017-06-12 23:18 EDT by Chris Murphy
Modified: 2017-06-13 08:53 EDT (History)
7 users (show)

See Also:
Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2017-06-13 08:53:20 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
journal (329.77 KB, text/x-vhdl)
2017-06-12 23:21 EDT, Chris Murphy
no flags Details

  None (edit)
Description Chris Murphy 2017-06-12 23:18:06 EDT
Description of problem:

SETroubleshoot notification at login appears, with this complaint.

Version-Release number of selected component (if applicable):

How reproducible:
Each boot.

Steps to Reproduce:
1. Boot

Actual results:

SELinux alert notification

Raw Audit Messages
type=AVC msg=audit(1497323293.449:260): avc:  denied  { dac_read_search } for  pid=967 comm="accounts-daemon" capability=2  scontext=system_u:system_r:accountsd_t:s0 tcontext=system_u:system_r:accountsd_t:s0 tclass=capability permissive=0

Expected results:

No notification for just booting and logging in.

Additional info:

Could be related to upgrading the kernel from 4.11.3 to 4.12rc5; I don't recall these SELinux alerts happening prior to the upgrade.
Comment 1 Chris Murphy 2017-06-12 23:21 EDT
Created attachment 1287140 [details]
Comment 2 Chris Murphy 2017-06-12 23:55:08 EDT
Also happens with selinux-policy-3.13.1-257.fc26.noarch and manually relabelled.
Comment 3 Lukas Vrabec 2017-06-13 08:53:20 EDT

*** This bug has been marked as a duplicate of bug 1460882 ***

Note You need to log in before you can comment on or make changes to this bug.