Description of problem: SELinux is preventing pool-geoclue from 'getattr' accesses on the filesystem /sys/fs/cgroup. ***** Plugin catchall (100. confidence) suggests ************************** If you believe that pool-geoclue should be allowed getattr access on the cgroup filesystem by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # ausearch -c 'pool-geoclue' --raw | audit2allow -M my-poolgeoclue # semodule -X 300 -i my-poolgeoclue.pp Additional Information: Source Context system_u:system_r:geoclue_t:s0 Target Context system_u:object_r:cgroup_t:s0 Target Objects /sys/fs/cgroup [ filesystem ] Source pool-geoclue Source Path pool-geoclue Port <Unknown> Host (removed) Source RPM Packages Target RPM Packages SELinux Policy RPM selinux-policy-targeted-3.14.8-3.fc35.noarch Local Policy RPM selinux-policy-targeted-3.14.8-3.fc35.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Permissive Host Name (removed) Platform Linux (removed) 5.11.0-155.fc35.x86_64+debug #1 SMP Wed Feb 17 00:22:21 +05 2021 x86_64 x86_64 Alert Count 1 First Seen 2021-02-25 03:52:35 +05 Last Seen 2021-02-25 03:52:35 +05 Local ID 67d588bb-0722-4265-bff4-02b879918ef0 Raw Audit Messages type=AVC msg=audit(1614207155.917:638): avc: denied { getattr } for pid=1725 comm="pool-geoclue" name="/" dev="cgroup2" ino=1 scontext=system_u:system_r:geoclue_t:s0 tcontext=system_u:object_r:cgroup_t:s0 tclass=filesystem permissive=1 Hash: pool-geoclue,geoclue_t,cgroup_t,filesystem,getattr Version-Release number of selected component: selinux-policy-targeted-3.14.8-3.fc35.noarch Additional info: component: selinux-policy reporter: libreport-2.14.0 hashmarkername: setroubleshoot kernel: 5.11.0-155.fc35.x86_64+debug type: libreport
*** Bug 1936389 has been marked as a duplicate of this bug. ***
Similar problem has been detected: I launched redshift-gtk-1.12-11.fc34.x86_64 in LXQt (liblxqt-0.16.0-3.fc34.x86_64) with geoclue2-2.5.7-3.fc35.x86_64. hashmarkername: setroubleshoot kernel: 5.12.0-0.rc2.20210309git144c79ef3353.166.fc35.x86_64 package: selinux-policy-targeted-3.14.8-6.fc35.noarch reason: SELinux is preventing /usr/libexec/geoclue from 'getattr' accesses on the système de fichiers /sys/fs/cgroup/. type: libreport
Similar problem has been detected: Happens during boot of current Fedora 34 Workstation. hashmarkername: setroubleshoot kernel: 5.11.6-300.fc34.x86_64 package: selinux-policy-targeted-3.14.7-25.fc34.noarch reason: SELinux is preventing pool-geoclue from 'getattr' accesses on the filesystem /sys/fs/cgroup. type: libreport
Similar problem has been detected: Happens during normal use of current F34 Workstation. hashmarkername: setroubleshoot kernel: 5.11.10-300.fc34.x86_64 package: selinux-policy-targeted-3.14.7-28.fc34.noarch reason: SELinux is preventing pool-geoclue from 'getattr' accesses on the filesystem /sys/fs/cgroup. type: libreport
Similar problem has been detected: Just logged in. hashmarkername: setroubleshoot kernel: 5.11.11-300.fc34.x86_64 package: selinux-policy-targeted-34-1.fc34.noarch reason: SELinux is preventing pool-geoclue from 'getattr' accesses on the filesystem /sys/fs/cgroup. type: libreport
Merged in rawhide: commit 758687d367ef820e488f2475f1515c2207218284 Author: Zdenek Pytela <zpytela> Date: Tue Apr 6 18:20:08 2021 +0200 Allow pool-geoclue get attributes of cgroup filesystems Resolves: rhbz#1932681
FEDORA-2021-79ef7c5af6 has been submitted as an update to Fedora 34. https://bodhi.fedoraproject.org/updates/FEDORA-2021-79ef7c5af6
FEDORA-2021-79ef7c5af6 has been pushed to the Fedora 34 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2021-79ef7c5af6` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2021-79ef7c5af6 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
FEDORA-2021-79ef7c5af6 has been pushed to the Fedora 34 stable repository. If problem still persists, please make note of it in this bug report.