Bug 1485471 - SELinux is preventing systemd-logind from 'read' accesses on the directory dbus-1.
Summary: SELinux is preventing systemd-logind from 'read' accesses on the directory db...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy
Version: 26
Hardware: x86_64
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Lukas Vrabec
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard: abrt_hash:3ae89f1f4e5eeb22d0c8baf0c9b...
: 1486517 1486912 1486919 1487435 1487919 (view as bug list)
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2017-08-25 20:52 UTC by Mike Simms
Modified: 2017-09-19 03:14 UTC (History)
52 users (show)

Fixed In Version: selinux-policy-3.13.1-260.8.fc26
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2017-09-03 08:33:58 UTC
Type: ---


Attachments (Terms of Use)

Description Mike Simms 2017-08-25 20:52:45 UTC
Description of problem:
started notebook and logged into mate-compiz desktop. selinux alert just appeared
SELinux is preventing systemd-logind from 'read' accesses on the directory dbus-1.

*****  Plugin catchall (100. confidence) suggests   **************************

If you believe that systemd-logind should be allowed read access on the dbus-1 directory by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# ausearch -c 'systemd-logind' --raw | audit2allow -M my-systemdlogind
# semodule -X 300 -i my-systemdlogind.pp

Additional Information:
Source Context                system_u:system_r:systemd_logind_t:s0
Target Context                unconfined_u:object_r:session_dbusd_tmp_t:s0
Target Objects                dbus-1 [ dir ]
Source                        systemd-logind
Source Path                   systemd-logind
Port                          <Unknown>
Host                          (removed)
Source RPM Packages           
Target RPM Packages           
Policy RPM                    <Unknown>
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Enforcing
Host Name                     (removed)
Platform                      Linux (removed) 4.11.11-300.fc26.x86_64 #1 SMP Mon
                              Jul 17 16:32:11 UTC 2017 x86_64 x86_64
Alert Count                   1
First Seen                    2017-08-25 21:48:24 BST
Last Seen                     2017-08-25 21:48:24 BST
Local ID                      f529efb8-6ef4-49d4-a290-657be72f6e86

Raw Audit Messages
type=AVC msg=audit(1503694104.936:206): avc:  denied  { read } for  pid=924 comm="systemd-logind" name="dbus-1" dev="tmpfs" ino=29508 scontext=system_u:system_r:systemd_logind_t:s0 tcontext=unconfined_u:object_r:session_dbusd_tmp_t:s0 tclass=dir permissive=0


Hash: systemd-logind,systemd_logind_t,session_dbusd_tmp_t,dir,read


Additional info:
component:      selinux-policy
reporter:       libreport-2.9.1
hashmarkername: setroubleshoot
kernel:         4.11.11-300.fc26.x86_64
type:           libreport

Potential duplicate: bug 1483164

Comment 1 Mike Simms 2017-08-25 20:58:44 UTC
duplicate of a bug in rawhide listed above BUT this is release version so not sure whether or not to close.

anyhow it also happens with kernel 4.12.8 from updates testing

Comment 2 Mirek Svoboda 2017-08-26 01:01:40 UTC
Description of problem:
running kernel-tests on 4.12.9

Version-Release number of selected component:
selinux-policy-3.13.1-260.6.fc26.noarch

Additional info:
reporter:       libreport-2.9.1
hashmarkername: setroubleshoot
kernel:         4.12.9-300.fc26.x86_64
type:           libreport

Comment 3 Andrey E. 2017-08-29 16:36:51 UTC
I see the same problem while using Fedora 26 Release (4.12.8-300.fc26.x86_64) and that components (testing updates have been installed because of troubleshooting; usually I prefer versions from "@updates" repository): 
dnfdaemon-selinux.noarch                0.3.18-3.fc26                  @updates-testing
libselinux.x86_64                       2.6-7.fc26                     @updates 
libselinux-python3.x86_64               2.6-7.fc26                     @updates 
libselinux-utils.x86_64                 2.6-7.fc26                     @updates 
rpm-plugin-selinux.x86_64               4.13.0.1-7.fc26                @updates 
selinux-policy.noarch                   3.13.1-260.6.fc26              @updates 
selinux-policy-targeted.noarch          3.13.1-260.6.fc26              @updates

Comment 4 Bohdan 2017-08-29 18:18:45 UTC
Hello everybody . I have a Fedora Mate 26, a similar problem after the upgrade, the kernel 4.12.8-300.fc26.x86_64

Comment 5 Sven Kieske 2017-08-30 01:56:45 UTC
*** Bug 1486517 has been marked as a duplicate of this bug. ***

Comment 6 Basil Eric Rabi 2017-08-30 12:45:34 UTC
Can confirm this issue in Fedora KDE.

Comment 7 Marco Guazzone 2017-08-30 18:50:15 UTC
*** Bug 1486912 has been marked as a duplicate of this bug. ***

Comment 8 Marie Irwin 2017-08-30 19:13:54 UTC
*** Bug 1486919 has been marked as a duplicate of this bug. ***

Comment 9 Ned 2017-08-31 09:10:21 UTC
Description of problem:
appeared juste after login (Mate spin, using lightDM)

Version-Release number of selected component:
selinux-policy-3.13.1-260.6.fc26.noarch

Additional info:
reporter:       libreport-2.9.1
hashmarkername: setroubleshoot
kernel:         4.12.8-300.fc26.x86_64
type:           libreport

Comment 10 Nate Over 2017-08-31 10:53:36 UTC
Description of problem:
I unfortunately am very inexperienced with Linux and I have no information I can share about what may have cause this error - I can't attach an event to the error's appearance. I haven't noticed anything else out of the ordinary.

Version-Release number of selected component:
selinux-policy-3.13.1-260.6.fc26.noarch

Additional info:
reporter:       libreport-2.9.1
hashmarkername: setroubleshoot
kernel:         4.12.8-300.fc26.x86_64
type:           libreport

Comment 11 Mike Simms 2017-08-31 11:03:53 UTC
Nate, I wouldn't be too concerned. As the update which caused this behaviour was pushed stable despite this bug, the maintainer clearly isn't that concerned about the alert and we evidently have to put up with it for now at least

Comment 12 Elvir Kuric 2017-08-31 18:25:36 UTC
Description of problem:
Selinux alert was visible after system boot on F26 with latest packages 

Version-Release number of selected component:
selinux-policy-3.13.1-260.6.fc26.noarch

Additional info:
reporter:       libreport-2.9.1
hashmarkername: setroubleshoot
kernel:         4.12.8-300.fc26.x86_64
type:           libreport

Comment 13 ipsixin3d 2017-08-31 19:49:26 UTC
Description of problem:
I just installed Fedora XFCE 26 and then updated it by "dnf upgrade" command.

Version-Release number of selected component:
selinux-policy-3.13.1-260.6.fc26.noarch

Additional info:
reporter:       libreport-2.9.1
hashmarkername: setroubleshoot
kernel:         4.12.8-300.fc26.x86_64
type:           libreport

Comment 14 Dieter 2017-08-31 22:57:15 UTC
*** Bug 1487435 has been marked as a duplicate of this bug. ***

Comment 15 Raman Gupta 2017-09-01 03:00:59 UTC
Description of problem:
On login to KDE.


Additional info:
reporter:       libreport-2.9.1
hashmarkername: setroubleshoot
kernel:         4.12.8-300.fc26.x86_64
type:           libreport

Comment 16 Andrea Boero 2017-09-01 09:30:22 UTC
Description of problem:
This error appear just after first login after system boot
Fedora 26 MATE, done a clean install and updated to 1 Sep 2017, then reboot and login. The error appear there.

Version-Release number of selected component:
selinux-policy-3.13.1-260.6.fc26.noarch

Additional info:
reporter:       libreport-2.9.1
hashmarkername: setroubleshoot
kernel:         4.12.9-300.fc26.x86_64
type:           libreport

Comment 17 Gabriel Einsdorf 2017-09-01 15:18:51 UTC
Description of problem:
I ran the following commands, after they finished successfully I got the error message

dnf config-manager --add-repo=http://negativo17.org/repos/fedora-spotify.repo
dnf install spotify

Version-Release number of selected component:
selinux-policy-3.13.1-260.6.fc26.noarch

Additional info:
reporter:       libreport-2.9.1
hashmarkername: setroubleshoot
kernel:         4.11.8-300.fc26.x86_64
type:           libreport

Comment 18 Colin J Thomson 2017-09-02 11:43:47 UTC
I have been testing selinux-policy-3.13.1-260.8.fc26 from Koji and it fixes this bug for me.. Thanks.

Comment 19 Don Swaner 2017-09-02 12:07:24 UTC
Description of problem:
This happened after logout from gnome wayland session.  Lots of "gnome-session-binary[1507]: GLib-GObject-CRITICAL: g_object_unref: assertion 'G_IS_OBJECT (object)' failed" errors in journal before SELinux problem.

Version-Release number of selected component:
selinux-policy-3.13.1-260.6.fc26.noarch

Additional info:
reporter:       libreport-2.9.1
hashmarkername: setroubleshoot
kernel:         4.12.9-300.fc26.x86_64
type:           libreport

Comment 20 Dominik 'Rathann' Mierzejewski 2017-09-02 23:35:24 UTC
Description of problem:
This just appeared after logging in after rebooting after an update (selinux-policy-targeted-3.13.1-260.6.fc26.noarch was among the updated packages).


Additional info:
reporter:       libreport-2.9.1
hashmarkername: setroubleshoot
kernel:         4.12.9-300.fc26.x86_64
type:           libreport

Comment 21 Viorel Tabara 2017-09-03 03:01:32 UTC
(In reply to Colin J Thomson from comment #18)
> I have been testing selinux-policy-3.13.1-260.8.fc26 from Koji and it fixes
> this bug for me.. Thanks.

Worked for me too.

Comment 22 Igor 2017-09-03 03:32:19 UTC
Description of problem:
put on charging. After 15 minutes, throws an error notification

Version-Release number of selected component:
selinux-policy-3.13.1-260.6.fc26.noarch

Additional info:
reporter:       libreport-2.9.1
hashmarkername: setroubleshoot
kernel:         4.12.9-300.fc26.x86_64
type:           libreport

Comment 23 Mike Simms 2017-09-03 08:33:58 UTC
Confirmed fixed here too, so closing as resolved

selinux-policy-3.13.1-260.8.fc26 is now in updates-testing folks

Comment 24 deepblu 2017-09-03 10:37:26 UTC
*** Bug 1487919 has been marked as a duplicate of this bug. ***

Comment 25 samoth 2017-09-03 18:47:38 UTC
Description of problem:
desde que instale fedora ocurrio que me pide acceso un proceso.

Version-Release number of selected component:
selinux-policy-3.13.1-260.6.fc26.noarch

Additional info:
reporter:       libreport-2.9.1
hashmarkername: setroubleshoot
kernel:         4.12.9-300.fc26.x86_64
type:           libreport

Comment 26 Dmitry Dyachenko 2017-09-04 04:11:26 UTC
Description of problem:
reboot after update


Additional info:
reporter:       libreport-2.9.1
hashmarkername: setroubleshoot
kernel:         4.12.9-300.fc26.x86_64
type:           libreport

Comment 27 Marco Coppola 2017-09-04 06:22:30 UTC
Description of problem:
Immediately at login

Version-Release number of selected component:
selinux-policy-3.13.1-260.6.fc26.noarch

Additional info:
reporter:       libreport-2.9.1
hashmarkername: setroubleshoot
kernel:         4.12.9-300.fc26.x86_64
type:           libreport

Comment 28 rfmazzini 2017-09-04 14:39:29 UTC
Description of problem:
O erro é reportado logo ao iniciar o fedora 26 cinnamon.
Não foi notado nenhum problema decorrente deste.

Version-Release number of selected component:
selinux-policy-3.13.1-260.6.fc26.noarch

Additional info:
reporter:       libreport-2.9.1
hashmarkername: setroubleshoot
kernel:         4.12.9-300.fc26.x86_64
type:           libreport

Comment 29 Alexander Heike 2017-09-04 18:36:40 UTC
Description of problem:
Happens (everytime) just after login to the mate-environment.

Version-Release number of selected component:
selinux-policy-3.13.1-260.6.fc26.noarch

Additional info:
reporter:       libreport-2.9.1
hashmarkername: setroubleshoot
kernel:         4.12.9-300.fc26.x86_64
type:           libreport

Comment 30 Mike Simms 2017-09-05 08:53:18 UTC
The following comment has been added to the selinux-policy-3.13.1-260.8.fc26 update:

bodhi - 2017-09-05 00:51:42.804586 (karma: 0)
This update has been pushed to stable.

https://bodhi.fedoraproject.org/updates/FEDORA-2017-fd93b6e5f8

This version resolves the issue folks, please update your systems!

Comment 31 Keefer Rourke 2017-09-07 13:36:47 UTC
Description of problem:
Problem arose after log-in after resume from suspend.

Version-Release number of selected component:
selinux-policy-3.13.1-260.6.fc26.noarch

Additional info:
reporter:       libreport-2.9.1
hashmarkername: setroubleshoot
kernel:         4.12.9-300.fc26.x86_64
type:           libreport


Note You need to log in before you can comment on or make changes to this bug.