Description of problem: I installed TLP and alerts started to appear. I modified the /etc/default/tlp file to reduce cpu fequencies before starting tlp. SELinux is preventing iw from 'write' accesses on the file /run/tlp/lock_tlp. ***** Plugin catchall (100. confidence) suggests ************************** If you believe that iw should be allowed write access on the lock_tlp file by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # ausearch -c 'iw' --raw | audit2allow -M my-iw # semodule -X 300 -i my-iw.pp Additional Information: Source Context system_u:system_r:ifconfig_t:s0-s0:c0.c1023 Target Context system_u:object_r:var_run_t:s0 Target Objects /run/tlp/lock_tlp [ file ] Source iw Source Path iw Port <Unknown> Host (removed) Source RPM Packages Target RPM Packages Policy RPM selinux-policy-3.14.1-30.fc28.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 4.16.12-300.fc28.x86_64 #1 SMP Fri May 25 21:13:28 UTC 2018 x86_64 x86_64 Alert Count 8 First Seen 2018-06-05 20:57:08 -05 Last Seen 2018-06-05 20:58:08 -05 Local ID 2c4f9829-34e2-4e11-8ad3-a49fdd03beed Raw Audit Messages type=AVC msg=audit(1528250288.390:330): avc: denied { write } for pid=8623 comm="ethtool" path="/run/tlp/lock_tlp" dev="tmpfs" ino=411421 scontext=system_u:system_r:ifconfig_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_run_t:s0 tclass=file permissive=0 Hash: iw,ifconfig_t,var_run_t,file,write Version-Release number of selected component: selinux-policy-3.14.1-30.fc28.noarch Additional info: component: selinux-policy reporter: libreport-2.9.5 hashmarkername: setroubleshoot kernel: 4.16.12-300.fc28.x86_64 type: libreport Potential duplicate: bug 1373791
# ls -Z /run/tlp/lock_tlp system_u:object_r:tlp_var_run_t:s0 /run/tlp/lock_tlp # matchpathcon /run/tlp/lock_tlp /run/tlp/lock_tlp system_u:object_r:var_run_t:s0 # I believe the problem is the first fcontext pattern: # semanage fcontext -l | grep tlp /run/tlp(/.*)? all files system_u:object_r:tlp_var_run_t:s0 /usr/lib/systemd/system/((tlp-sleep.*)|(tlp.*)) regular file system_u:object_r:tlp_unit_file_t:s0 /usr/sbin/tlp regular file system_u:object_r:tlp_exec_t:s0 /var/lib/tlp(/.*)? all files system_u:object_r:tlp_var_lib_t:s0 # The fcontext pattern should look this way: /var/run/tlp(/.*)? all files system_u:object_r:tlp_var_run_t:s0 Use of restorecon does not help the reporter: # restorecon -vn /run/tlp/lock_tlp Would relabel /run/tlp/lock_tlp from system_u:object_r:tlp_var_run_t:s0 to system_u:object_r:var_run_t:s0 #
If the fcontext pattern was correctly defined, the denial would not have appeared, because appropriate rule is already present: # sesearch -s ifconfig_t -t tlp_var_run_t -c file -A allow ifconfig_t tlp_var_run_t:file { append create getattr ioctl link lock open read rename setattr unlink write }; # Tested on: # rpm -qa selinux\* | sort selinux-policy-3.14.1-30.fc28.noarch selinux-policy-devel-3.14.1-30.fc28.noarch selinux-policy-doc-3.14.1-30.fc28.noarch selinux-policy-minimum-3.14.1-30.fc28.noarch selinux-policy-mls-3.14.1-30.fc28.noarch selinux-policy-targeted-3.14.1-30.fc28.noarch #
*** Bug 1585486 has been marked as a duplicate of this bug. ***
*** Bug 1585485 has been marked as a duplicate of this bug. ***
*** Bug 1577532 has been marked as a duplicate of this bug. ***
*** Bug 1510249 has been marked as a duplicate of this bug. ***
Not solved in selinux-policy-3.14.1-32.fc28.noarch :(
Description of problem: After received the following updates: cinnamon-3.8.7-1.fc28.x86_64 Mon 09 Jul 2018 07:48:45 AM WEST nemo-3.8.4-1.fc28.x86_64 Mon 09 Jul 2018 07:48:43 AM WEST nemo-extensions-3.8.4-1.fc28.x86_64 Mon 09 Jul 2018 07:48:42 AM WEST After rebooting the machine iv start to receive the notifications on continuous loop Version-Release number of selected component: selinux-policy-3.14.1-32.fc28.noarch Additional info: reporter: libreport-2.9.5 hashmarkername: setroubleshoot kernel: 4.17.3-200.fc28.x86_64 type: libreport
selinux-policy-3.14.1-36.fc28 has been submitted as an update to Fedora 28. https://bodhi.fedoraproject.org/updates/FEDORA-2018-1050fb248b
selinux-policy-3.14.1-36.fc28 has been pushed to the Fedora 28 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-1050fb248b
The problem is still present with selinux-policy-3.14.1-36.fc28. See: 1609307
selinux-policy-3.14.1-36.fc28 has been pushed to the Fedora 28 stable repository. If problems still persist, please make note of it in this bug report.
Description of problem: Running TLP on Fedora 28. Dell XPS 9560, every time I plug in the power cable I get the SELinux error Version-Release number of selected component: selinux-policy-3.14.1-32.fc28.noarch Additional info: reporter: libreport-2.9.5 hashmarkername: setroubleshoot kernel: 4.17.7-200.fc28.x86_64 type: libreport
Description of problem: installet TLP for PowerManagment on Fedora 28 and after a wakeup from standby this came up. Version-Release number of selected component: selinux-policy-3.14.1-37.fc28.noarch Additional info: reporter: libreport-2.9.5 hashmarkername: setroubleshoot kernel: 4.17.11-200.fc28.x86_64 type: libreport
Description of problem: Installer TLP on Fedora 28 and after wake up from standby this message came up. Version-Release number of selected component: selinux-policy-3.14.1-37.fc28.noarch Additional info: reporter: libreport-2.9.5 hashmarkername: setroubleshoot kernel: 4.17.11-200.fc28.x86_64 type: libreport
Description of problem: after installing TLP after a first troubleshoot here we are with this second one good luck guys Version-Release number of selected component: selinux-policy-3.14.1-32.fc28.noarch Additional info: reporter: libreport-2.9.5 hashmarkername: setroubleshoot kernel: 4.17.6-200.fc28.x86_64 type: libreport
Still affected on Fedora 28, with selinux-policy-3.14.1-42.fc28. Running `sudo systemctl start tlp` results in an AVC and the TLP service fails to start: ● tlp.service - TLP system startup/shutdown Loaded: loaded (/usr/lib/systemd/system/tlp.service; enabled; vendor preset: enabled) Active: failed (Result: exit-code) since Mon 2018-09-24 19:34:56 CEST; 2min 54s ago Docs: http://linrunner.de/tlp Process: 21073 ExecStart=/usr/sbin/tlp init start (code=exited, status=1/FAILURE) Main PID: 21073 (code=exited, status=1/FAILURE) Sep 24 19:34:56 jl-xps systemd[1]: Starting TLP system startup/shutdown... Sep 24 19:34:56 jl-xps systemd[1]: tlp.service: Main process exited, code=exited, status=1/FAILURE Sep 24 19:34:56 jl-xps systemd[1]: tlp.service: Failed with result 'exit-code'. Sep 24 19:34:56 jl-xps systemd[1]: Failed to start TLP system startup/shutdown. The relevant part of the journal seems to be: -- Subject: Unit tlp.service has begun start-up -- Defined-By: systemd -- Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit tlp.service has begun starting up. Sep 24 19:37:53 jl-xps audit[21411]: AVC avc: denied { open } for pid=21411 comm="tlp" path="/run/tlp/lock_tlp" dev="tmpfs" ino=291918 scontext=system_u:system_r:tlp_t:s0 tcontext=unconfined_u:object_r:var_ru> Sep 24 19:37:53 jl-xps audit[21411]: AVC avc: denied { open } for pid=21411 comm="tlp" path="/run/tlp/lock_tlp" dev="tmpfs" ino=291918 scontext=system_u:system_r:tlp_t:s0 tcontext=unconfined_u:object_r:var_ru> Sep 24 19:37:53 jl-xps systemd[1]: tlp.service: Main process exited, code=exited, status=1/FAILURE Sep 24 19:37:53 jl-xps systemd[1]: tlp.service: Failed with result 'exit-code'. Sep 24 19:37:53 jl-xps systemd[1]: Failed to start TLP system startup/shutdown. -- Subject: Unit tlp.service has failed -- Defined-By: systemd -- Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit tlp.service has failed. -- -- The result is RESULT.
Description of problem: When resuming the laptop from suspend, with TLP enabled. Version-Release number of selected component: selinux-policy-3.14.1-42.fc28.noarch Additional info: reporter: libreport-2.9.5 hashmarkername: setroubleshoot kernel: 4.18.6-301.local.fc29.x86_64 type: libreport
Description of problem: 1- installed tlp 2-in each shutdown Selinux give this error 3- also tlp service is not active 4- systemctl status give a faild to running tlp 5- lock_tlp error I use fedora 27 Version-Release number of selected component: selinux-policy-3.13.1-284.37.fc27.noarch Additional info: reporter: libreport-2.9.3 hashmarkername: setroubleshoot kernel: 4.18.12-100.fc27.x86_64 type: libreport