Description of problem: SELinux is preventing fprintd from 'map' accesses on the file /usr/libexec/fprintd. ***** Plugin catchall (100. confidence) suggests ************************** If you believe that fprintd should be allowed map access on the fprintd file by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # ausearch -c 'fprintd' --raw | audit2allow -M my-fprintd # semodule -X 300 -i my-fprintd.pp Additional Information: Source Context system_u:system_r:init_t:s0 Target Context system_u:object_r:fprintd_exec_t:s0 Target Objects /usr/libexec/fprintd [ file ] Source fprintd Source Path fprintd Port <Unknown> Host (removed) Source RPM Packages Target RPM Packages fprintd-0.8.0-1.fc27.x86_64 Policy RPM selinux-policy-3.13.1-283.fc27.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 4.13.1-302.fc27.x86_64 #1 SMP Tue Sep 12 09:10:01 UTC 2017 x86_64 x86_64 Alert Count 21 First Seen 2017-09-14 15:19:24 CEST Last Seen 2017-09-14 20:03:24 CEST Local ID 9fb4687d-b23b-4cf5-b838-5416f166948d Raw Audit Messages type=AVC msg=audit(1505412204.468:441): avc: denied { map } for pid=8278 comm="fprintd" path="/usr/libexec/fprintd" dev="dm-1" ino=23883 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:fprintd_exec_t:s0 tclass=file permissive=0 Hash: fprintd,init_t,fprintd_exec_t,file,map Version-Release number of selected component: selinux-policy-3.13.1-283.fc27.noarch Additional info: component: selinux-policy reporter: libreport-2.9.2 hashmarkername: setroubleshoot kernel: 4.13.1-302.fc27.x86_64 type: libreport
Description of problem: Updated, rebooted, and logged in. Version-Release number of selected component: selinux-policy-3.13.1-283.fc27.noarch Additional info: reporter: libreport-2.9.2 hashmarkername: setroubleshoot kernel: 4.13.1-303.fc27.x86_64 type: libreport
Seems to violate: "There must be no SELinux denial notifications or crash notifications on boot of or during installation from a release-blocking live image, or at first login after a default install of a release-blocking desktop. " https://fedoraproject.org/wiki/Fedora_27_Final_Release_Criteria#SELinux_and_crash_notifications This is a default system (VM).
Description of problem: 1. open terminal (Konsole) 2. type "su -" Version-Release number of selected component: selinux-policy-3.13.1-283.fc27.noarch Additional info: reporter: libreport-2.9.2 hashmarkername: setroubleshoot kernel: 4.13.1-302.fc27.x86_64 type: libreport
Got same issue, I have normal desktop without fingerprint device, so don't know why it is trying to use it. also su, sudo something or shell login is taking around 18s to promt for a password, don't know why yet but probably some pam module related to fingerprint could be delaying it... set 15 21:35:28 192.168.1.3 dbus-daemon[922]: [system] Failed to activate service 'net.reactivated.Fprint': timed out (service_start_timeout=25000ms)
the 18s delay to prompt password was definetively fprintd-pam module, I have removed all fprintd: dnf remove fprintd =================================================================================================================================================================================================================== Paquete Arquitectura Versión Repositorio Tamaño =================================================================================================================================================================================================================== Eliminando: fprintd x86_64 0.8.0-1.fc27 @updates-testing 403 k Removing depended packages: fprintd-pam x86_64 0.8.0-1.fc27 @updates-testing 25 k Eliminando dependencias sin uso: libfprint x86_64 0.7.0-3.fc27 @fedora 491 k And now password promt is very fast!
selinux-policy-3.13.1-283.3.fc27 has been submitted as an update to Fedora 27. https://bodhi.fedoraproject.org/updates/FEDORA-2017-a1b4dab97d
*** Bug 1492359 has been marked as a duplicate of this bug. ***
selinux-policy-3.13.1-283.3.fc27 has been pushed to the Fedora 27 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2017-a1b4dab97d
The login prompt delay (gdm, sudo, su) seems to be gone with the update. Proposing as BetaFreezeException, the login delays are very very annoying.
+1 FE
I'm also +1 FE. Moving to accepted FE
selinux-policy-3.13.1-283.3.fc27 has been pushed to the Fedora 27 stable repository. If problems still persist, please make note of it in this bug report.