Description of problem: * the motion service runs even if SELinux denials appeared Version-Release number of selected component (if applicable): motion-4.1.1-2.fc28.x86_64 selinux-policy-3.14.2-2.fc29.noarch selinux-policy-targeted-3.14.2-2.fc29.noarch How reproducible: * always Steps to Reproduce: 1. get a Fedora 28 machine (targeted policy is active) 2. install RPMfusion repositories 3. install the motion package 3. start the motion service 4. search for SELinux denials Actual results (enforcing mode): ---- type=AVC msg=audit(03/11/2018 16:34:37.960:381) : avc: denied { read } for pid=18412 comm=motion name=cpu dev="sysfs" ino=37 scontext=system_u:system_r:motion_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=dir permissive=0 ---- type=AVC msg=audit(03/11/2018 16:34:37.962:382) : avc: denied { read } for pid=18412 comm=motion name=node dev="sysfs" ino=690 scontext=system_u:system_r:motion_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=dir permissive=0 ---- Expected results: * no SELinux denials
Actual results (permissive mode): ---- type=AVC msg=audit(03/11/2018 16:58:26.507:391) : avc: denied { read } for pid=18485 comm=motion name=cpu dev="sysfs" ino=37 scontext=system_u:system_r:motion_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=dir permissive=1 ---- type=AVC msg=audit(03/11/2018 16:58:26.508:392) : avc: denied { read } for pid=18485 comm=motion name=meminfo dev="sysfs" ino=764 scontext=system_u:system_r:motion_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=file permissive=1 ---- type=AVC msg=audit(03/11/2018 16:58:26.508:393) : avc: denied { open } for pid=18485 comm=motion path=/sys/devices/system/node/node0/meminfo dev="sysfs" ino=764 scontext=system_u:system_r:motion_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=file permissive=1 ---- type=AVC msg=audit(03/11/2018 16:58:26.509:394) : avc: denied { getattr } for pid=18485 comm=motion path=/sys/devices/system/node/node0/meminfo dev="sysfs" ino=764 scontext=system_u:system_r:motion_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=file permissive=1 ----
selinux-policy-3.14.1-13.fc28 has been submitted as an update to Fedora 28. https://bodhi.fedoraproject.org/updates/FEDORA-2018-59cbf1effc
selinux-policy-3.14.1-13.fc28 has been pushed to the Fedora 28 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-59cbf1effc
selinux-policy-3.14.1-14.fc28 has been submitted as an update to Fedora 28. https://bodhi.fedoraproject.org/updates/FEDORA-2018-59cbf1effc
selinux-policy-3.14.1-14.fc28 has been pushed to the Fedora 28 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-59cbf1effc
selinux-policy-3.14.1-14.fc28 has been pushed to the Fedora 28 stable repository. If problems still persist, please make note of it in this bug report.