Bug 1575213 - SELinux is preventing (geoclue) from 'execute_no_trans' accesses on the file /usr/libexec/geoclue.
Summary: SELinux is preventing (geoclue) from 'execute_no_trans' accesses on the file ...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy
Version: 29
Hardware: x86_64
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Lukas Vrabec
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard: abrt_hash:84c6a6c0dfae7fa767b9e080609...
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2018-05-05 06:24 UTC by Mikhail
Modified: 2019-02-11 12:08 UTC (History)
11 users (show)

Fixed In Version: selinux-policy-3.14.2-34.fc29
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2018-09-12 02:57:36 UTC
Type: ---
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Bugzilla 1575511 0 unspecified CLOSED SELinux is preventing (geoclue) from 'execute_no_trans' accesses on the file /usr/libexec/geoclue. 2021-02-22 00:41:40 UTC

Internal Links: 1575511

Description Mikhail 2018-05-05 06:24:42 UTC
Description of problem:
SELinux is preventing (geoclue) from 'execute_no_trans' accesses on the file /usr/libexec/geoclue.

*****  Plugin catchall (100. confidence) suggests   **************************

If you believe that (geoclue) should be allowed execute_no_trans access on the geoclue file by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# ausearch -c '(geoclue)' --raw | audit2allow -M my-geoclue
# semodule -X 300 -i my-geoclue.pp

Additional Information:
Source Context                system_u:system_r:init_t:s0
Target Context                system_u:object_r:geoclue_exec_t:s0
Target Objects                /usr/libexec/geoclue [ file ]
Source                        (geoclue)
Source Path                   (geoclue)
Port                          <Unknown>
Host                          (removed)
Source RPM Packages           
Target RPM Packages           geoclue2-2.4.10-1.fc29.x86_64
Policy RPM                    selinux-policy-3.14.2-16.fc29.noarch
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Enforcing
Host Name                     (removed)
Platform                      Linux (removed) 4.17.0-0.rc3.git2.1.fc29.x86_64 #1
                              SMP Wed May 2 16:56:55 UTC 2018 x86_64 x86_64
Alert Count                   1
First Seen                    2018-05-05 11:21:58 +05
Last Seen                     2018-05-05 11:21:58 +05
Local ID                      91fdc8db-4f7c-4fcd-abc6-728cb0776756

Raw Audit Messages
type=AVC msg=audit(1525501318.483:366): avc:  denied  { execute_no_trans } for  pid=22696 comm="(geoclue)" path="/usr/libexec/geoclue" dev="sda1" ino=2102999 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:geoclue_exec_t:s0 tclass=file permissive=0


Hash: (geoclue),init_t,geoclue_exec_t,file,execute_no_trans

Version-Release number of selected component:
selinux-policy-3.14.2-16.fc29.noarch

Additional info:
component:      selinux-policy
reporter:       libreport-2.9.5
hashmarkername: setroubleshoot
kernel:         4.17.0-0.rc3.git2.1.fc29.x86_64
type:           libreport

Comment 1 Jan Kurik 2018-08-14 11:19:32 UTC
This bug appears to have been reported against 'rawhide' during the Fedora 29 development cycle.
Changing version to '29'.

Comment 2 Fedora Update System 2018-09-11 12:51:15 UTC
selinux-policy-3.14.2-34.fc29 has been submitted as an update to Fedora 29. https://bodhi.fedoraproject.org/updates/FEDORA-2018-db240a1726

Comment 3 Fedora Update System 2018-09-12 02:57:36 UTC
selinux-policy-3.14.2-34.fc29 has been pushed to the Fedora 29 stable repository. If problems still persist, please make note of it in this bug report.

Comment 4 istaff 2019-02-11 12:08:17 UTC
Description of problem:
at the boot whithout doing anything I have this alert

Version-Release number of selected component:
selinux-policy-3.14.2-48.fc29.noarch

Additional info:
reporter:       libreport-2.10.0
hashmarkername: setroubleshoot
kernel:         4.13.9-300.fc27.x86_64
type:           libreport


Note You need to log in before you can comment on or make changes to this bug.