Description of problem: This happens frequently when using RFCOMM devices from Python. I do not know the exact cause of the problem. SELinux is preventing ps from 'search' accesses on the directory 31981. ***** Plugin catchall (100. confidence) suggests ************************** If you believe that ps should be allowed search access on the 31981 directory by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # ausearch -c 'ps' --raw | audit2allow -M my-ps # semodule -X 300 -i my-ps.pp Additional Information: Source Context system_u:system_r:blueman_t:s0 Target Context system_u:system_r:kernel_t:s0 Target Objects 31981 [ dir ] Source ps Source Path ps Port <Unknown> Host (removed) Source RPM Packages Target RPM Packages Policy RPM selinux-policy-3.14.2-59.fc29.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 5.1.8-200.fc29.x86_64 #1 SMP Sun Jun 9 17:20:17 UTC 2019 x86_64 x86_64 Alert Count 3055 First Seen 2019-01-13 15:42:58 CST Last Seen 2019-06-20 22:18:34 CDT Local ID 03fb2cf6-59ae-4cf8-b8b9-8f388582d9e6 Raw Audit Messages type=AVC msg=audit(1561087114.482:1931): avc: denied { search } for pid=7714 comm="ps" name="31981" dev="proc" ino=1135374 scontext=system_u:system_r:blueman_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=dir permissive=0 Hash: ps,blueman_t,kernel_t,dir,search Something is blueman is running a 'ps' process that is prevented from from accessing /proc entries. This is causing AVC denials -- hundreds of them -- frequently when using the Bluetooth RFCOMM from Python. Version-Release number of selected component: selinux-policy-3.14.2-59.fc29.noarch Additional info: component: selinux-policy reporter: libreport-2.10.0 hashmarkername: setroubleshoot kernel: 5.1.8-200.fc29.x86_64 type: libreport
Description of problem: Using bluetooth from Python... happens every time. Have hundreds of these a day. Annoying as heck. Version-Release number of selected component: selinux-policy-3.14.2-59.fc29.noarch selinux-policy-3.14.2-60.fc29.noarch Additional info: reporter: libreport-2.10.0 hashmarkername: setroubleshoot kernel: 5.1.8-200.fc29.x86_64 type: libreport
commit 33a12731abd7a7671470f50fc902733f606739cc (HEAD -> rawhide) Author: Lukas Vrabec <lvrabec> Date: Mon Jul 1 20:55:42 2019 +0200 Dontaudit blueman to read state of all domains on system BZ(1722696)
FEDORA-2019-2eec328cc1 has been submitted as an update to Fedora 29. https://bodhi.fedoraproject.org/updates/FEDORA-2019-2eec328cc1
selinux-policy-3.14.2-62.fc29 has been pushed to the Fedora 29 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2019-2eec328cc1
FEDORA-2019-8071724c9b has been submitted as an update to Fedora 29. https://bodhi.fedoraproject.org/updates/FEDORA-2019-8071724c9b
selinux-policy-3.14.2-63.fc29 has been pushed to the Fedora 29 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2019-8071724c9b
FEDORA-2019-b51794f502 has been submitted as an update to Fedora 29. https://bodhi.fedoraproject.org/updates/FEDORA-2019-b51794f502
selinux-policy-3.14.2-64.fc29 has been pushed to the Fedora 29 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2019-b51794f502
selinux-policy-3.14.2-64.fc29 has been pushed to the Fedora 29 stable repository. If problems still persist, please make note of it in this bug report.