Description of problem: I just logged in. SELinux is preventing pcscd from 'getattr' accesses on the filesystem /sys. ***** Plugin catchall (100. confidence) suggests ************************** If you believe that pcscd should be allowed getattr access on the sys filesystem by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # ausearch -c 'pcscd' --raw | audit2allow -M my-pcscd # semodule -X 300 -i my-pcscd.pp Additional Information: Source Context system_u:system_r:pcscd_t:s0 Target Context system_u:object_r:sysfs_t:s0 Target Objects /sys [ filesystem ] Source pcscd Source Path pcscd Port <Unknown> Host (removed) Source RPM Packages Target RPM Packages filesystem-3.14-3.fc33.x86_64 SELinux Policy RPM selinux-policy-targeted-3.14.6-34.fc33.noarch Local Policy RPM selinux-policy-targeted-3.14.6-34.fc33.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Permissive Host Name (removed) Platform Linux (removed) 5.10.15-200.fc33.x86_64 #1 SMP Wed Feb 10 17:46:55 UTC 2021 x86_64 x86_64 Alert Count 3 First Seen 2021-02-12 14:30:08 CET Last Seen 2021-02-15 07:47:29 CET Local ID 4ee2856a-6926-46de-9391-8f71d7b84a3e Raw Audit Messages type=AVC msg=audit(1613371649.274:288): avc: denied { getattr } for pid=2293 comm="pcscd" name="/" dev="sysfs" ino=1 scontext=system_u:system_r:pcscd_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=filesystem permissive=1 Hash: pcscd,pcscd_t,sysfs_t,filesystem,getattr Version-Release number of selected component: selinux-policy-targeted-3.14.6-34.fc33.noarch Additional info: component: selinux-policy reporter: libreport-2.14.0 hashmarkername: setroubleshoot kernel: 5.10.15-200.fc33.x86_64 type: libreport
Similar problem has been detected: Been hitting this when I first boot up and login the last few days. I use a "Yubico.com Yubikey 4/5 OTP+U2F+CCID" for storing the gpg key used by KDE for the stored password wallet, I am assuming this is related to that. I have not encounted actual issues as I am running in permissive mode at the moment. hashmarkername: setroubleshoot kernel: 5.10.15-200.fc33.x86_64 package: selinux-policy-targeted-3.14.6-34.fc33.noarch reason: SELinux is preventing pcscd from 'getattr' accesses on the filesystem /sys. type: libreport
Similar problem has been detected: Simply logged into Cinnamon hashmarkername: setroubleshoot kernel: 5.10.15-200.fc33.x86_64 package: selinux-policy-targeted-3.14.6-34.fc33.noarch reason: SELinux is preventing pcscd from 'getattr' accesses on the filesystem /sys. type: libreport
Hi all, same problem detected today: Additional Information: Source Context system_u:system_r:pcscd_t:s0 Target Context system_u:object_r:sysfs_t:s0 Target Objects /sys [ filesystem ] Source pcscd Source Path pcscd Port <Unknown> Host xxxxxxx Source RPM Packages Target RPM Packages filesystem-3.14-3.fc33.x86_64 SELinux Policy RPM selinux-policy-targeted-3.14.6-34.fc33.noarch Local Policy RPM selinux-policy-targeted-3.14.6-34.fc33.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name xxxxxx Platform Linux xxxxxx 5.10.15-200.fc33.x86_64 #1 SMP Wed Feb 10 17:46:55 UTC 2021 x86_64 x86_64 Alert Count 1 First Seen 2021-02-18 10:02:42 CET Last Seen 2021-02-18 10:02:42 CET Local ID 3cc866b1-8bc9-44b8-b7eb-cbb18d2a0180 Raw Audit Messages type=AVC msg=audit(1613638962.888:1052): avc: denied { getattr } for pid=2094 comm="pcscd" name="/" dev="sysfs" ino=1 scontext=system_u:system_r:pcscd_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=filesystem permissive=0 Hash: pcscd,pcscd_t,sysfs_t,filesystem,getattr
Similar problem has been detected: I am not e100% sure, but apparently it happens when I first start chrome or Firefox. hashmarkername: setroubleshoot kernel: 5.10.15-200.fc33.x86_64 package: selinux-policy-targeted-3.14.6-34.fc33.noarch reason: SELinux is preventing pcscd from 'getattr' accesses on the filesystem /sys. type: libreport
Similar problem has been detected: Tried to log in to github.com in Firefox with 2FA via Yubikey enabled. The denial occurred when Firefox showed the 2FA pop-up. hashmarkername: setroubleshoot kernel: 5.10.15-200.fc33.x86_64 package: selinux-policy-targeted-3.14.6-34.fc33.noarch reason: SELinux is preventing pcscd from 'getattr' accesses on the filesystem /sys. type: libreport
In my case it happens after I insert the USB cable of my old Athena smartcard reader. I think it's regardless of firefox or chrome.
I've submitted a Fedora PR to address the issue: https://github.com/fedora-selinux/selinux-policy/pull/605
*** Bug 1931385 has been marked as a duplicate of this bug. ***
Similar problem has been detected: Occurs at boot hashmarkername: setroubleshoot kernel: 5.10.16-200.fc33.x86_64 package: selinux-policy-targeted-3.14.6-34.fc33.noarch reason: SELinux is preventing pcscd from 'getattr' accesses on the filesystem /sys. type: libreport
*** Bug 1931334 has been marked as a duplicate of this bug. ***
Similar problem has been detected: This showed up on boot - I already made a policy to allow it run. hashmarkername: setroubleshoot kernel: 5.10.18-200.fc33.x86_64 package: selinux-policy-targeted-3.14.6-34.fc33.noarch reason: SELinux is preventing pcscd from 'getattr' accesses on the filesystem /sys. type: libreport
Similar problem has been detected: After starting the session, typing the user's password, and the desktop appears, this error occurred. I've already reported a similar error. My distribution is Fedora Mate 33. hashmarkername: setroubleshoot kernel: 5.10.17-200.fc33.x86_64 package: selinux-policy-targeted-3.14.6-34.fc33.noarch reason: SELinux is preventing pcscd from 'getattr' accesses on the sistema de arquivos /sys. type: libreport
Similar problem has been detected: Happens upon inserting a Yubi Key. hashmarkername: setroubleshoot kernel: 5.10.19-200.fc33.x86_64 package: selinux-policy-targeted-3.14.6-34.fc33.noarch reason: SELinux is preventing pcscd from 'getattr' accesses on the filesystem /sys. type: libreport
FEDORA-2021-e9050fdd5c has been submitted as an update to Fedora 33. https://bodhi.fedoraproject.org/updates/FEDORA-2021-e9050fdd5c
FEDORA-2021-e9050fdd5c has been pushed to the Fedora 33 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2021-e9050fdd5c` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2021-e9050fdd5c See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
FEDORA-2021-e9050fdd5c has been pushed to the Fedora 33 stable repository. If problem still persists, please make note of it in this bug report.
Got the same thing on F32 but I'll upgrade once F34 is out and that won't be long. Not sure if that is worth reopening and another update for F32 nearing its EOL, I'll leave that decision to you.