Description of problem: Happens when connecting certain Android devices, NetworkManager knows there's a new modem attached. Here's what dmesg says when I disconnect/reconnect: [194244.229562] usb 2-6.2: USB disconnect, device number 26 [194244.233234] qmi_wwan 2-6.2:1.4 wwp0s29f7u6u2i4: unregister 'qmi_wwan' usb-0000:00:1d.7-6.2, WWAN/QMI device [194248.764708] usb 2-6.2: new high-speed USB device number 27 using ehci-pci [194248.869565] usb 2-6.2: New USB device found, idVendor=05c6, idProduct=9025 [194248.869568] usb 2-6.2: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [194248.869570] usb 2-6.2: Product: Android [194248.869571] usb 2-6.2: Manufacturer: Android [194248.869572] usb 2-6.2: SerialNumber: V06000885 [194248.897135] qmi_wwan 2-6.2:1.4: cdc-wdm0: USB WDM device [194248.898406] qmi_wwan 2-6.2:1.4 wwan0: register 'qmi_wwan' at usb-0000:00:1d.7-6.2, WWAN/QMI device, (removed) [194248.898746] usb-storage 2-6.2:1.5: USB Mass Storage device detected [194248.898999] scsi host8: usb-storage 2-6.2:1.5 [194248.913942] qmi_wwan 2-6.2:1.4 wwp0s29f7u6u2i4: renamed from wwan0 [194249.945237] scsi 8:0:0:0: Direct-Access Linux File-CD Gadget 0310 PQ: 0 ANSI: 2 [194249.946352] sd 8:0:0:0: Attached scsi generic sg8 type 0 [194249.949709] sd 8:0:0:0: [sdh] Attached SCSI removable disk SELinux is preventing ModemManager from 'write' accesses on the file raw_ip. ***** Plugin catchall (100. confidence) suggests ************************** If you believe that ModemManager should be allowed write access on the raw_ip file by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # ausearch -c 'ModemManager' --raw | audit2allow -M my-ModemManager # semodule -X 300 -i my-ModemManager.pp Additional Information: Source Context system_u:system_r:modemmanager_t:s0 Target Context system_u:object_r:sysfs_t:s0 Target Objects raw_ip [ file ] Source ModemManager Source Path ModemManager Port <Unknown> Host (removed) Source RPM Packages Target RPM Packages Policy RPM selinux-policy-3.13.1-225.18.fc25.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 4.11.4-200.fc25.x86_64 #1 SMP Wed Jun 7 18:28:00 UTC 2017 x86_64 x86_64 Alert Count 3 First Seen 2017-06-21 14:12:40 BST Last Seen 2017-06-21 14:13:08 BST Local ID d59190bf-dd97-41d3-9e46-9ef1c4e2d014 Raw Audit Messages type=AVC msg=audit(1498050788.483:737): avc: denied { write } for pid=913 comm="ModemManager" name="raw_ip" dev="sysfs" ino=30097 scontext=system_u:system_r:modemmanager_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=file permissive=0 Hash: ModemManager,modemmanager_t,sysfs_t,file,write Version-Release number of selected component: selinux-policy-3.13.1-225.18.fc25.noarch Additional info: reporter: libreport-2.8.0 hashmarkername: setroubleshoot kernel: 4.11.4-200.fc25.x86_64 type: libreport
selinux-policy-3.13.1-225.19.fc25 has been submitted as an update to Fedora 25. https://bodhi.fedoraproject.org/updates/FEDORA-2017-0187b2a605
selinux-policy-3.13.1-225.19.fc25 has been pushed to the Fedora 25 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2017-0187b2a605
OK, selinux-policy-3.13.1-225.19.fc25 fixes this issue.
selinux-policy-3.13.1-225.19.fc25 has been pushed to the Fedora 25 stable repository. If problems still persist, please make note of it in this bug report.