Description of problem: Waking up from standby SELinux is preventing x86_energy_perf from 'read' accesses on the chr_file msr. ***** Plugin device (91.4 confidence) suggests **************************** Wenn Sie erlauben wollen, dass x86_energy_perf read Zugriff auf msr chr_file Then sie müssen die Kennzeichnung von msr auf einen Typ eines ähnlichen Elementes ändern Do # semanage fcontext -a -t SIMILAR_TYPE 'msr' # restorecon -v 'msr' ***** Plugin catchall (9.59 confidence) suggests ************************** If you believe that x86_energy_perf should be allowed read access on the msr chr_file by default. Then sie sollten dies als Fehler melden. Um diesen Zugriff zu erlauben, können Sie ein lokales Richtlinien-Modul erstellen. Do allow this access for now by executing: # ausearch -c 'x86_energy_perf' --raw | audit2allow -M my-x86energyperf # semodule -X 300 -i my-x86energyperf.pp Additional Information: Source Context system_u:system_r:tlp_t:s0 Target Context system_u:object_r:device_t:s0 Target Objects msr [ chr_file ] Source x86_energy_perf Source Path x86_energy_perf Port <Unbekannt> Host (removed) Source RPM Packages Target RPM Packages Policy RPM selinux-policy-3.14.2-40.fc29.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 4.18.16-300.fc29.x86_64 #1 SMP Sat Oct 20 23:24:08 UTC 2018 x86_64 x86_64 Alert Count 1 First Seen 2018-12-06 21:06:40 CET Last Seen 2018-12-06 21:06:40 CET Local ID cccf45af-3817-4ff3-bfdd-57df013ef26d Raw Audit Messages type=AVC msg=audit(1544126800.782:2110): avc: denied { read } for pid=31430 comm="x86_energy_perf" name="msr" dev="devtmpfs" ino=5344125 scontext=system_u:system_r:tlp_t:s0 tcontext=system_u:object_r:device_t:s0 tclass=chr_file permissive=0 Hash: x86_energy_perf,tlp_t,device_t,chr_file,read Version-Release number of selected component: selinux-policy-3.14.2-40.fc29.noarch Additional info: component: selinux-policy reporter: libreport-2.9.6 hashmarkername: setroubleshoot kernel: 4.18.16-300.fc29.x86_64 type: libreport Potential duplicate: bug 1579373
Hi, Are you able to reproduce it wit the latest selinux-policy rpm package? https://koji.fedoraproject.org/koji/buildinfo?buildID=1170559
Description of problem: Seems to happen when waking from sleep. I suspect this might be triggered by package "tlp-rdw". Version-Release number of selected component: selinux-policy-3.14.2-44.fc29.noarch Additional info: reporter: libreport-2.9.7 hashmarkername: setroubleshoot kernel: 4.19.15-300.fc29.x86_64 type: libreport
Likely related: < https://bugzilla.redhat.com/show_bug.cgi?id=1667656 >
Description of problem: This happens on waking up the laptop from suspend-to-ram Version-Release number of selected component: selinux-policy-3.14.2-47.fc29.noarch Additional info: reporter: libreport-2.9.7 hashmarkername: setroubleshoot kernel: 4.20.5-200.fc29.x86_64 type: libreport
Description of problem: I see this error from SELinux when my laptop (Lenovo ThinkPad X250) wakes up from hibernate. I hibernate the laptop by holding down the power button from 1-2 seconds. Version-Release number of selected component: selinux-policy-3.14.2-47.fc29.noarch Additional info: reporter: libreport-2.9.7 hashmarkername: setroubleshoot kernel: 4.19.14-300.fc29.x86_64 type: libreport
Me too. SELinux is preventing x86_energy_perf from read access on the chr_file msr. Additional Information: Source Context system_u:system_r:tlp_t:s0 Target Context system_u:object_r:device_t:s0 Target Objects msr [ chr_file ] Source x86_energy_perf Source Path x86_energy_perf Port <Unknown> Source RPM Packages Target RPM Packages Policy RPM selinux-policy-3.14.3-23.fc30.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Platform Linux paulbook 5.0.0-300.fc30.x86_64 #1 SMP Mon Mar 4 22:46:48 UTC 2019 x86_64 x86_64 Alert Count 1 First Seen 2019-03-27 17:22:36 PDT Last Seen 2019-03-27 17:22:36 PDT Local ID f9d2cee5-2dbe-48ca-8e7c-2efd1d3760b3 Raw Audit Messages type=AVC msg=audit(1553732556.818:782): avc: denied { read } for pid=2426 comm="x86_energy_perf" name="msr" dev="devtmpfs" ino=815277 scontext=system_u:system_r:tlp_t:s0 tcontext=system_u:object_r:device_t:s0 tclass=chr_file permissive=0 Hash: x86_energy_perf,tlp_t,device_t,chr_file,read
commit 5aa05f16e304eb3b23d9088ccc6c07a9a3d2f638 (HEAD -> rawhide) Author: Lukas Vrabec <lvrabec> Date: Thu Mar 28 13:27:58 2019 +0100 Update dev_filetrans_all_named_dev() interface Allow caller domains to create msr device with label cpu_device_t BZ(1657005)
selinux-policy-3.14.2-53.fc29 has been submitted as an update to Fedora 29. https://bodhi.fedoraproject.org/updates/FEDORA-2019-bf377d92c7
selinux-policy-3.14.2-53.fc29 has been pushed to the Fedora 29 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2019-bf377d92c7
selinux-policy-3.14.2-53.fc29 has been pushed to the Fedora 29 stable repository. If problems still persist, please make note of it in this bug report.