First Last Prev Next    This bug is not in your last search results.
Bug 1460880 - SELinux is preventing accounts-daemon from using the dac_read_search capability
SELinux is preventing accounts-daemon from using the dac_read_search capability
Status: CLOSED DUPLICATE of bug 1460882
Product: Fedora
Classification: Fedora
Component: selinux-policy (Show other bugs)
26
Unspecified Unspecified
unspecified Severity unspecified
: ---
: ---
Assigned To: Lukas Vrabec
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2017-06-12 23:18 EDT by Chris Murphy
Modified: 2017-06-13 08:53 EDT (History)
7 users (show)

See Also:
Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2017-06-13 08:53:20 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
journal (329.77 KB, text/x-vhdl)
2017-06-12 23:21 EDT, Chris Murphy 		no flags Details
Add an attachment (proposed patch, testcase, etc.)

  None (edit)
Description Chris Murphy 2017-06-12 23:18:06 EDT 
Description of problem:

SETroubleshoot notification at login appears, with this complaint.


Version-Release number of selected component (if applicable):
selinux-policy-3.13.1-254.fc26.noarch
4.12.0-0.rc5.git0.1.fc27.x86_64


How reproducible:
Each boot.


Steps to Reproduce:
1. Boot
2.
3.

Actual results:

SELinux alert notification

Raw Audit Messages
type=AVC msg=audit(1497323293.449:260): avc:  denied  { dac_read_search } for  pid=967 comm="accounts-daemon" capability=2  scontext=system_u:system_r:accountsd_t:s0 tcontext=system_u:system_r:accountsd_t:s0 tclass=capability permissive=0



Expected results:

No notification for just booting and logging in.


Additional info:

Could be related to upgrading the kernel from 4.11.3 to 4.12rc5; I don't recall these SELinux alerts happening prior to the upgrade.
Comment 1 Chris Murphy 2017-06-12 23:21 EDT 
Created attachment 1287140 [details]
journal
Comment 2 Chris Murphy 2017-06-12 23:55:08 EDT 
Also happens with selinux-policy-3.13.1-257.fc26.noarch and manually relabelled.
Comment 3 Lukas Vrabec 2017-06-13 08:53:20 EDT 

*** This bug has been marked as a duplicate of bug 1460882 ***
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.