Additional Information: Source Context system_u:system_r:modemmanager_t:s0 Target Context system_u:system_r:modemmanager_t:s0 Target Objects Unknown [ qipcrtr_socket ] Source ModemManager Source Path ModemManager Port <Unknown> Host <Unknown> Source RPM Packages Target RPM Packages SELinux Policy RPM selinux-policy-targeted-34.16-1.fc35.noarch Local Policy RPM selinux-policy-targeted-34.16-1.fc35.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Permissive Host Name fedora Platform Linux fedora 5.14.0-0.rc6.46.fc35.x86_64 #1 SMP Mon Aug 16 20:02:52 UTC 2021 x86_64 x86_64 Alert Count 2 First Seen 2021-08-23 16:03:55 PDT Last Seen 2021-08-23 16:05:50 PDT Local ID da9e859d-2b6f-4546-a2d7-c224c0810954 Raw Audit Messages type=AVC msg=audit(1629759950.322:163): avc: denied { create } for pid=769 comm="ModemManager" scontext=system_u:system_r:modemmanager_t:s0 tcontext=system_u:system_r:modemmanager_t:s0 tclass=qipcrtr_socket permissive=1 Hash: ModemManager,modemmanager_t,modemmanager_t,qipcrtr_socket,create Appears on first boot of a freshly installed Fedora 35 Workstation VM. Reporting manually as sealert/setroubleshoot seem to be broken and show no alerts. Booted with permissive to get system to boot and show all alerts (without permissive, it doesn't make it to gnome-initial-setup).
There's also a denial for `getopt` which is otherwise similar: Additional Information: Source Context system_u:system_r:modemmanager_t:s0 Target Context system_u:system_r:modemmanager_t:s0 Target Objects Unknown [ qipcrtr_socket ] Source ModemManager Source Path ModemManager Port <Unknown> Host <Unknown> Source RPM Packages Target RPM Packages SELinux Policy RPM selinux-policy-targeted-34.16-1.fc35.noarch Local Policy RPM selinux-policy-targeted-34.16-1.fc35.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Permissive Host Name fedora Platform Linux fedora 5.14.0-0.rc6.46.fc35.x86_64 #1 SMP Mon Aug 16 20:02:52 UTC 2021 x86_64 x86_64 Alert Count 1 First Seen 2021-08-23 16:05:50 PDT Last Seen 2021-08-23 16:05:50 PDT Local ID bd3abac2-db79-4f77-972d-fdb342ec173a Raw Audit Messages type=AVC msg=audit(1629759950.336:165): avc: denied { getopt } for pid=769 comm="ModemManager" scontext=system_u:system_r:modemmanager_t:s0 tcontext=system_u:system_r:modemmanager_t:s0 tclass=qipcrtr_socket permissive=1 Hash: ModemManager,modemmanager_t,modemmanager_t,qipcrtr_socket,getopt
...and `getattr`.
Following SELinux denials appear in permissive mode: ---- type=PROCTITLE msg=audit(09/07/2021 15:34:20.937:355) : proctitle=/usr/sbin/ModemManager type=SYSCALL msg=audit(09/07/2021 15:34:20.937:355) : arch=x86_64 syscall=socket success=yes exit=9 a0=qipcrtr a1=SOCK_DGRAM a2=ip a3=0x10 items=0 ppid=1 pid=3067 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=ModemManager exe=/usr/sbin/ModemManager subj=system_u:system_r:modemmanager_t:s0 key=(null) type=AVC msg=audit(09/07/2021 15:34:20.937:355) : avc: denied { module_request } for pid=3067 comm=ModemManager kmod="net-pf-42" scontext=system_u:system_r:modemmanager_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=system permissive=1 type=AVC msg=audit(09/07/2021 15:34:20.937:355) : avc: denied { create } for pid=3067 comm=ModemManager scontext=system_u:system_r:modemmanager_t:s0 tcontext=system_u:system_r:modemmanager_t:s0 tclass=qipcrtr_socket permissive=1 ---- type=PROCTITLE msg=audit(09/07/2021 15:34:20.956:356) : proctitle=/usr/sbin/ModemManager type=SYSCALL msg=audit(09/07/2021 15:34:20.956:356) : arch=x86_64 syscall=getsockopt success=yes exit=0 a0=0x9 a1=SOL_SOCKET a2=SO_TYPE a3=0x7fff32a58a64 items=0 ppid=1 pid=3067 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=ModemManager exe=/usr/sbin/ModemManager subj=system_u:system_r:modemmanager_t:s0 key=(null) type=AVC msg=audit(09/07/2021 15:34:20.956:356) : avc: denied { getopt } for pid=3067 comm=ModemManager scontext=system_u:system_r:modemmanager_t:s0 tcontext=system_u:system_r:modemmanager_t:s0 tclass=qipcrtr_socket permissive=1 ---- type=PROCTITLE msg=audit(09/07/2021 15:34:20.956:357) : proctitle=/usr/sbin/ModemManager type=SOCKADDR msg=audit(09/07/2021 15:34:20.956:357) : saddr={ saddr_fam=qipcrtr (unsupported) } type=SYSCALL msg=audit(09/07/2021 15:34:20.956:357) : arch=x86_64 syscall=getsockname success=yes exit=0 a0=0x9 a1=0x7fff32a58a70 a2=0x7fff32a58a60 a3=0x7fff32a58a64 items=0 ppid=1 pid=3067 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=ModemManager exe=/usr/sbin/ModemManager subj=system_u:system_r:modemmanager_t:s0 key=(null) type=AVC msg=audit(09/07/2021 15:34:20.956:357) : avc: denied { getattr } for pid=3067 comm=ModemManager scontext=system_u:system_r:modemmanager_t:s0 tcontext=system_u:system_r:modemmanager_t:s0 tclass=qipcrtr_socket permissive=1 ---- # rpm -qa selinux\* Modem\* | sort ModemManager-1.17.900-1.fc35.x86_64 ModemManager-glib-1.17.900-1.fc35.x86_64 selinux-policy-34.16-1.fc35.noarch selinux-policy-targeted-34.16-1.fc35.noarch #
*** Bug 2001141 has been marked as a duplicate of this bug. ***
*** Bug 2001143 has been marked as a duplicate of this bug. ***
*** Bug 2001144 has been marked as a duplicate of this bug. ***
*** Bug 2001145 has been marked as a duplicate of this bug. ***
*** Bug 2002580 has been marked as a duplicate of this bug. ***
Similar problem has been detected: First boot - Immediately after a clean install. hashmarkername: setroubleshoot kernel: 5.14.0-60.fc35.x86_64 package: selinux-policy-targeted-34.16-1.fc35.noarch reason: SELinux is preventing ModemManager from 'create' accesses on the qipcrtr_socket Sconosciuto. type: libreport
FEDORA-2021-bcef06e629 has been submitted as an update to Fedora 35. https://bodhi.fedoraproject.org/updates/FEDORA-2021-bcef06e629
FEDORA-2021-bcef06e629 has been pushed to the Fedora 35 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2021-bcef06e629` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2021-bcef06e629 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
FEDORA-2021-bcef06e629 has been pushed to the Fedora 35 stable repository. If problem still persists, please make note of it in this bug report.