Description of problem: SELinux is preventing colord from 'map' accesses on the arquivo /home/robinson/.local/share/icc/edid-250f1a28fe7af6f8910c63034b4f9bb3.icc. ***** Plugin restorecon (99.5 confidence) suggests ************************ If you want to fix the label. /home/robinson/.local/share/icc/edid-250f1a28fe7af6f8910c63034b4f9bb3.icc default label should be icc_data_home_t. Then you can run restorecon. The access attempt may have been stopped due to insufficient permissions to access a parent directory in which case try to change the following command accordingly. Do # /sbin/restorecon -v /home/robinson/.local/share/icc/edid-250f1a28fe7af6f8910c63034b4f9bb3.icc ***** Plugin catchall (1.49 confidence) suggests ************************** If you believe that colord should be allowed map access on the edid-250f1a28fe7af6f8910c63034b4f9bb3.icc file by default. Then você deve informar que este é um erro. Você pode gerar um módulo de política local para permitir este acesso. Do allow this access for now by executing: # ausearch -c 'colord' --raw | audit2allow -M my-colord # semodule -X 300 -i my-colord.pp Additional Information: Source Context system_u:system_r:colord_t:s0 Target Context system_u:object_r:ecryptfs_t:s0 Target Objects /home/robinson/.local/share/icc/edid-250f1a28fe7af 6f8910c63034b4f9bb3.icc [ file ] Source colord Source Path colord Port <Desconhecido> Host (removed) Source RPM Packages Target RPM Packages Policy RPM selinux-policy-3.14.1-32.fc28.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 4.16.15-300.fc28.x86_64 #1 SMP Tue Jun 12 00:42:35 UTC 2018 x86_64 x86_64 Alert Count 51 First Seen 2018-06-15 14:48:22 -03 Last Seen 2018-06-19 00:04:51 -03 Local ID dce120c5-3842-4e78-aa57-fc9ccb9e7762 Raw Audit Messages type=AVC msg=audit(1529377491.134:255): avc: denied { map } for pid=1164 comm="colord" path="/home/robinson/.local/share/icc/edid-250f1a28fe7af6f8910c63034b4f9bb3.icc" dev="ecryptfs" ino=23334323 scontext=system_u:system_r:colord_t:s0 tcontext=system_u:object_r:ecryptfs_t:s0 tclass=file permissive=0 Hash: colord,colord_t,ecryptfs_t,file,map Version-Release number of selected component: selinux-policy-3.14.1-32.fc28.noarch Additional info: component: selinux-policy reporter: libreport-2.9.5 hashmarkername: setroubleshoot kernel: 4.16.15-300.fc28.x86_64 type: libreport
selinux-policy-3.14.1-36.fc28 has been submitted as an update to Fedora 28. https://bodhi.fedoraproject.org/updates/FEDORA-2018-1050fb248b
selinux-policy-3.14.1-36.fc28 has been pushed to the Fedora 28 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-1050fb248b
selinux-policy-3.14.1-36.fc28 has been pushed to the Fedora 28 stable repository. If problems still persist, please make note of it in this bug report.
Still present, but is being dealt with in bug 1645822.