Description of problem: suspending laptop causes rfkill selinux denial SELinux is preventing systemd-rfkill from 'sendto' accesses on the unix_dgram_socket /run/systemd/journal/socket. ***** Plugin catchall (100. confidence) suggests ************************** Als je denkt dat systemd-rfkill standaard sendto toegang moet hebben tot de socket unix_dgram_socket. Then je moet dit melden als een fout. Je kunt een locale tactiek module genereren om deze toegang toe te staan. Do sta deze toegang nu toe door het uitvoeren van: # ausearch -c 'systemd-rfkill' --raw | audit2allow -M my-systemdrfkill # semodule -X 300 -i my-systemdrfkill.pp Additional Information: Source Context system_u:system_r:systemd_rfkill_t:s0 Target Context system_u:system_r:syslogd_t:s0 Target Objects /run/systemd/journal/socket [ unix_dgram_socket ] Source systemd-rfkill Source Path systemd-rfkill Port <Onbekend> Host (removed) Source RPM Packages Target RPM Packages Policy RPM selinux-policy-3.14.2-37.fc29.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 4.18.13-300.fc29.x86_64 #1 SMP Wed Oct 10 17:22:50 UTC 2018 x86_64 x86_64 Alert Count 19 First Seen 2018-10-10 14:58:30 CEST Last Seen 2018-10-13 20:14:47 CEST Local ID c10620cb-0774-4fa8-a292-865ca0f04ca2 Raw Audit Messages type=AVC msg=audit(1539454487.175:500): avc: denied { sendto } for pid=13470 comm="systemd-rfkill" path="/run/systemd/journal/socket" scontext=system_u:system_r:systemd_rfkill_t:s0 tcontext=system_u:system_r:syslogd_t:s0 tclass=unix_dgram_socket permissive=0 Hash: systemd-rfkill,systemd_rfkill_t,syslogd_t,unix_dgram_socket,sendto Version-Release number of selected component: selinux-policy-3.14.2-37.fc29.noarch Additional info: component: selinux-policy reporter: libreport-2.9.6 hashmarkername: setroubleshoot kernel: 4.18.13-300.fc29.x86_64 type: libreport
commit 293da65287c15b486d668b2b8265e6fbc88be0b9 (HEAD -> rawhide, origin/rawhide) Author: Lukas Vrabec <lvrabec> Date: Fri Nov 2 17:23:01 2018 +0100 Allow systemd_rfkill_t domain to comunicate via dgram sockets with syslogd BZ(1638981)
selinux-policy-3.14.2-41.fc29 has been submitted as an update to Fedora 29. https://bodhi.fedoraproject.org/updates/FEDORA-2018-506e97bb9b
selinux-policy-3.14.2-41.fc29 has been pushed to the Fedora 29 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-506e97bb9b
selinux-policy-3.14.2-41.fc29 has been pushed to the Fedora 29 stable repository. If problems still persist, please make note of it in this bug report.