Description of problem: SELinux is preventing (o-bridge) from 'ioctl' accesses on the unix_stream_socket unix_stream_socket. ***** Plugin catchall (100. confidence) suggests ************************** Se ci credi (o-bridge) dovrebbe essere consentito ioctl accesso al unix_stream_socket unix_stream_socket per impostazione predefinita. Then si dovrebbe riportare il problema come bug. E' possibile generare un modulo di politica locale per consentire questo accesso. Do consentire questo accesso per ora eseguendo: # ausearch -c '(o-bridge)' --raw | audit2allow -M my-$MODULE_NOME # semodule -X 300 -i miei-obridge.pp Additional Information: Source Context system_u:system_r:init_t:s0 Target Context unconfined_u:unconfined_r:rpm_script_t:s0- s0:c0.c1023 Target Objects unix_stream_socket [ unix_stream_socket ] Source (o-bridge) Source Path (o-bridge) Port <Sconosciuto> Host (removed) Source RPM Packages Target RPM Packages SELinux Policy RPM selinux-policy-targeted-35.5-1.fc35.noarch Local Policy RPM selinux-policy-targeted-35.5-1.fc35.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Permissive Host Name (removed) Platform Linux (removed) 5.14.17-301.fc35.x86_64 #1 SMP Mon Nov 8 13:57:43 UTC 2021 x86_64 x86_64 Alert Count 3 First Seen 2021-11-18 07:53:12 CET Last Seen 2021-11-18 07:53:18 CET Local ID 7455d334-0def-4cbe-9bec-c9d1c98624d0 Raw Audit Messages type=AVC msg=audit(1637218398.533:2223): avc: denied { ioctl } for pid=346362 comm="(o-bridge)" path="socket:[14969251]" dev="sockfs" ino=14969251 ioctlcmd=0x5401 scontext=system_u:system_r:init_t:s0 tcontext=unconfined_u:unconfined_r:rpm_script_t:s0-s0:c0.c1023 tclass=unix_stream_socket permissive=1 Hash: (o-bridge),init_t,rpm_script_t,unix_stream_socket,ioctl Version-Release number of selected component: selinux-policy-targeted-35.5-1.fc35.noarch Additional info: component: selinux-policy reporter: libreport-2.15.2 hashmarkername: setroubleshoot kernel: 5.14.17-301.fc35.x86_64 type: libreport
Similar problem has been detected: This denial happened during a "dnf upgrde" thich tuched: corosync-3.1.6-1.fc35.x86_64 corosynclib-3.1.6-1.fc35.x86_64 google-chrome-beta-97.0.4692.20-1.x86_64 ibus-typing-booster-2.15.0-1.fc35.noarch java-1.8.0-openjdk-1:1.8.0.312.b07-2.fc35.x86_64 java-1.8.0-openjdk-headless-1:1.8.0.312.b07-2.fc35.x86_64 libqb-2.0.4-1.fc35.x86_64 libsmbclient-2:4.15.2-3.fc35.x86_64 libwbclient-2:4.15.2-3.fc35.x86_64 perl-HTTP-Tiny-0.080-1.fc35.noarch python-pip-wheel-21.2.3-4.fc35.noarch python3-pip-21.2.3-4.fc35.noarch python3-reportlab-3.6.2-2.fc35.x86_64 python3-samba-2:4.15.2-3.fc35.x86_64 samba-2:4.15.2-3.fc35.x86_64 samba-client-2:4.15.2-3.fc35.x86_64 samba-client-libs-2:4.15.2-3.fc35.x86_64 samba-common-2:4.15.2-3.fc35.noarch samba-common-libs-2:4.15.2-3.fc35.x86_64 samba-common-tools-2:4.15.2-3.fc35.x86_64 samba-dc-libs-2:4.15.2-3.fc35.x86_64 samba-libs-2:4.15.2-3.fc35.x86_64 samba-winbind-2:4.15.2-3.fc35.x86_64 samba-winbind-clients-2:4.15.2-3.fc35.x86_64 samba-winbind-modules-2:4.15.2-3.fc35.x86_64 swtpm-0.7.0-1.20211109gitb79fd91.fc35.x86_64 swtpm-libs-0.7.0-1.20211109gitb79fd91.fc35.x86_64 swtpm-tools-0.7.0-1.20211109gitb79fd91.fc35.x86_64 hashmarkername: setroubleshoot kernel: 5.14.17-301.fc35.x86_64 package: selinux-policy-targeted-35.5-1.fc35.noarch reason: SELinux is preventing (o-bridge) from 'ioctl' accesses on the unix_stream_socket unix_stream_socket. type: libreport
I'm also seeing this on Rawhide (36).
Similar problem has been detected: Gt this during this dnf upgrade: [davide@dave ~]$ dnf history info last ID transazione : 165 Ora inizio : lun 20 dic 2021, 15:27:03 rpmdb iniziale : 4699:cd5413e1521b873fad026ad62e510e5fd6b55a56 Ora termine : lun 20 dic 2021, 15:27:30 (27 secondi) rpmdb finale : 4699:c8d309c738778e5c8751e9959f3c3ce7d9d41959 Utente : Davide <davide> Codice di uscita : Completato Rilascio: 35 Linea di comando : -y upgrade Commento : Pacchetti modificati: Upgrade cmake-3.22.1-4.fc35.x86_64 @updates Upgraded cmake-3.22.1-1.fc35.x86_64 @@System Upgrade cmake-data-3.22.1-4.fc35.noarch @updates Upgraded cmake-data-3.22.1-1.fc35.noarch @@System Upgrade cmake-filesystem-3.22.1-4.fc35.x86_64 @updates Upgraded cmake-filesystem-3.22.1-1.fc35.x86_64 @@System Upgrade cmake-rpm-macros-3.22.1-4.fc35.noarch @updates Upgraded cmake-rpm-macros-3.22.1-1.fc35.noarch @@System Upgrade fwupd-1.7.3-1.fc35.x86_64 @updates Upgraded fwupd-1.7.2-1.fc35.x86_64 @@System Upgrade fwupd-plugin-flashrom-1.7.3-1.fc35.x86_64 @updates Upgraded fwupd-plugin-flashrom-1.7.2-1.fc35.x86_64 @@System Upgrade fwupd-plugin-modem-manager-1.7.3-1.fc35.x86_64 @updates Upgraded fwupd-plugin-modem-manager-1.7.2-1.fc35.x86_64 @@System Upgrade fwupd-plugin-uefi-capsule-data-1.7.3-1.fc35.x86_64 @updates Upgraded fwupd-plugin-uefi-capsule-data-1.7.2-1.fc35.x86_64 @@System Upgrade guestfs-tools-1.47.3-1.fc35.x86_64 @updates Upgraded guestfs-tools-1.47.2-2.fc35.x86_64 @@System Upgrade libvmaf-2.1.1-3.fc35.x86_64 @updates Upgraded libvmaf-2.1.1-2.fc35.x86_64 @@System Upgrade libxcrypt-4.4.27-1.fc35.i686 @updates Upgraded libxcrypt-4.4.26-4.fc35.i686 @@System Upgrade libxcrypt-4.4.27-1.fc35.x86_64 @updates Upgraded libxcrypt-4.4.26-4.fc35.x86_64 @@System Upgrade libxcrypt-compat-4.4.27-1.fc35.i686 @updates Upgraded libxcrypt-compat-4.4.26-4.fc35.i686 @@System Upgrade libxcrypt-compat-4.4.27-1.fc35.x86_64 @updates Upgraded libxcrypt-compat-4.4.26-4.fc35.x86_64 @@System Upgrade libxcrypt-devel-4.4.27-1.fc35.x86_64 @updates Upgraded libxcrypt-devel-4.4.26-4.fc35.x86_64 @@System Upgrade mesa-dri-drivers-21.3.2-1.fc35.i686 @updates Upgraded mesa-dri-drivers-21.3.1-2.fc35.i686 @@System Upgrade mesa-dri-drivers-21.3.2-1.fc35.x86_64 @updates Upgraded mesa-dri-drivers-21.3.1-2.fc35.x86_64 @@System Upgrade mesa-filesystem-21.3.2-1.fc35.i686 @updates Upgraded mesa-filesystem-21.3.1-2.fc35.i686 @@System Upgrade mesa-filesystem-21.3.2-1.fc35.x86_64 @updates Upgraded mesa-filesystem-21.3.1-2.fc35.x86_64 @@System Upgrade mesa-libEGL-21.3.2-1.fc35.i686 @updates Upgraded mesa-libEGL-21.3.1-2.fc35.i686 @@System Upgrade mesa-libEGL-21.3.2-1.fc35.x86_64 @updates Upgraded mesa-libEGL-21.3.1-2.fc35.x86_64 @@System Upgrade mesa-libGL-21.3.2-1.fc35.i686 @updates Upgraded mesa-libGL-21.3.1-2.fc35.i686 @@System Upgrade mesa-libGL-21.3.2-1.fc35.x86_64 @updates Upgraded mesa-libGL-21.3.1-2.fc35.x86_64 @@System Upgrade mesa-libOSMesa-21.3.2-1.fc35.i686 @updates Upgraded mesa-libOSMesa-21.3.1-2.fc35.i686 @@System Upgrade mesa-libOSMesa-21.3.2-1.fc35.x86_64 @updates Upgraded mesa-libOSMesa-21.3.1-2.fc35.x86_64 @@System Upgrade mesa-libOpenCL-21.3.2-1.fc35.i686 @updates Upgraded mesa-libOpenCL-21.3.1-2.fc35.i686 @@System Upgrade mesa-libOpenCL-21.3.2-1.fc35.x86_64 @updates Upgraded mesa-libOpenCL-21.3.1-2.fc35.x86_64 @@System Upgrade mesa-libgbm-21.3.2-1.fc35.i686 @updates Upgraded mesa-libgbm-21.3.1-2.fc35.i686 @@System Upgrade mesa-libgbm-21.3.2-1.fc35.x86_64 @updates Upgraded mesa-libgbm-21.3.1-2.fc35.x86_64 @@System Upgrade mesa-libglapi-21.3.2-1.fc35.i686 @updates Upgraded mesa-libglapi-21.3.1-2.fc35.i686 @@System Upgrade mesa-libglapi-21.3.2-1.fc35.x86_64 @updates Upgraded mesa-libglapi-21.3.1-2.fc35.x86_64 @@System Upgrade mesa-libxatracker-21.3.2-1.fc35.x86_64 @updates Upgraded mesa-libxatracker-21.3.1-2.fc35.x86_64 @@System Upgrade mesa-vdpau-drivers-21.3.2-1.fc35.x86_64 @updates Upgraded mesa-vdpau-drivers-21.3.1-2.fc35.x86_64 @@System Upgrade mesa-vulkan-drivers-21.3.2-1.fc35.i686 @updates Upgraded mesa-vulkan-drivers-21.3.1-2.fc35.i686 @@System Upgrade mesa-vulkan-drivers-21.3.2-1.fc35.x86_64 @updates Upgraded mesa-vulkan-drivers-21.3.1-2.fc35.x86_64 @@System Upgrade openvpn-2.5.5-2.fc35.x86_64 @updates Upgraded openvpn-2.5.4-1.fc35.x86_64 @@System Upgrade osinfo-db-20211216-1.fc35.noarch @updates Upgraded osinfo-db-20211013-1.fc35.noarch @@System Upgrade pdfarranger-1.8.1-1.fc35.noarch @updates Upgraded pdfarranger-1.7.1-3.fc35.noarch @@System Upgrade python3-pyatspi-2.38.2-1.fc35.noarch @updates Upgraded python3-pyatspi-2.38.1-3.fc35.noarch @@System Upgrade rb_libtorrent-2.0.5-1.fc35.x86_64 @updates Upgraded rb_libtorrent-2.0.4-5.fc35.x86_64 @@System hashmarkername: setroubleshoot kernel: 5.15.8-200.fc35.x86_64 package: selinux-policy-targeted-35.6-1.fc35.noarch reason: SELinux is preventing (o-bridge) from 'ioctl' accesses on the unix_stream_socket unix_stream_socket. type: libreport
Similar problem has been detected: This appeared during a dnf update of the following: bluez-5.63-1.fc35.x86_64 bluez-cups-5.63-1.fc35.x86_64 bluez-libs-5.63-1.fc35.i686 bluez-libs-5.63-1.fc35.x86_64 bluez-obexd-5.63-1.fc35.x86_64 gegl04-0.4.34-1.fc35.x86_64 libwebp-1.2.1-3.fc35.i686 libwebp-1.2.1-3.fc35.x86_64 netpbm-10.97.00-1.fc35.x86_64 netpbm-progs-10.97.00-1.fc35.x86_64 python3-paramiko-2.9.1-1.fc35.noarch python3-requests-2.27.0-1.fc35.noarch python3-requests+socks-2.27.0-1.fc35.noarch python3-urllib3-1.26.7-2.fc35.noarch vivaldi-stable-5.0.2497.35-1.x86_64 hashmarkername: setroubleshoot kernel: 5.15.12-200.fc35.x86_64 package: selinux-policy-targeted-35.7-1.fc35.noarch reason: SELinux is preventing (o-bridge) from 'ioctl' accesses on the unix_stream_socket unix_stream_socket. type: libreport
Similar problem has been detected: (after the dnf upgrade) This also appears after closing the mate session and loggin back in. hashmarkername: setroubleshoot kernel: 5.15.12-200.fc35.x86_64 package: selinux-policy-targeted-35.7-1.fc35.noarch reason: SELinux is preventing (o-bridge) from 'ioctl' accesses on the unix_stream_socket unix_stream_socket. type: libreport
Similar problem has been detected: I am seeing this each time I run `sudo dnf upgrade` the past couple weeks. I am using permissive mode at the moment, so I have not noticed anything breaking. I was not able to find much about o-bridge online, and am therfor not sure what it is for/what might be different. hashmarkername: setroubleshoot kernel: 5.15.12-200.fc35.x86_64 package: selinux-policy-targeted-35.8-1.fc35.noarch reason: SELinux is preventing (o-bridge) from 'ioctl' accesses on the unix_stream_socket unix_stream_socket. type: libreport
Similar problem has been detected: while doing these upgrades; #dnf upgrade Fedora 35 - x86_64 - Updates 48 kB/s | 15 kB 00:00 Fedora 35 - x86_64 - Updates 897 kB/s | 2.1 MB 00:02 Fedora Modular 35 - x86_64 - Updates 44 kB/s | 22 kB 00:00 Dependencies resolved. ================================================================================ Package Architecture Version Repository Size ================================================================================ Upgrading: gnome-desktop3 x86_64 41.3-1.fc35 updates 601 k gnome-shell x86_64 41.3-1.fc35 updates 1.6 M mutter x86_64 41.3-1.fc35 updates 2.3 M Transaction Summary ================================================================================ Upgrade 3 Packages Total download size: 4.5 M Is this ok [y/N]: y Downloading Packages: (1/3): gnome-desktop3-41.2-1.fc35_41.3-1.fc35.x 233 kB/s | 80 kB 00:00 (2/3): gnome-shell-41.2-1.fc35_41.3-1.fc35.x86_ 390 kB/s | 173 kB 00:00 (3/3): mutter-41.2-2.fc35_41.3-1.fc35.x86_64.dr 387 kB/s | 217 kB 00:00 [DRPM 1/3] gnome-desktop3-41.2-1.fc35_41.3-1.fc35.x86_64.drpm: done [DRPM 2/3] gnome-shell-41.2-1.fc35_41.3-1.fc35.x86_64.drpm: done [DRPM 3/3] mutter-41.2-2.fc35_41.3-1.fc35.x86_64.drpm: done -------------------------------------------------------------------------------- Total 71 kB/s | 470 kB 00:06 Delta RPMs reduced 4.5 MB of updates to 0.5 MB (89.9% saved) Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Upgrading : gnome-desktop3-41.3-1.fc35.x86_64 1/6 Upgrading : mutter-41.3-1.fc35.x86_64 2/6 Upgrading : gnome-shell-41.3-1.fc35.x86_64 3/6 Cleanup : gnome-shell-41.2-1.fc35.x86_64 4/6 Cleanup : mutter-41.2-2.fc35.x86_64 5/6 Cleanup : gnome-desktop3-41.2-1.fc35.x86_64 6/6 Running scriptlet: gnome-desktop3-41.2-1.fc35.x86_64 6/6 Verifying : gnome-desktop3-41.3-1.fc35.x86_64 1/6 Verifying : gnome-desktop3-41.2-1.fc35.x86_64 2/6 Verifying : gnome-shell-41.3-1.fc35.x86_64 3/6 Verifying : gnome-shell-41.2-1.fc35.x86_64 4/6 Verifying : mutter-41.3-1.fc35.x86_64 5/6 Verifying : mutter-41.2-2.fc35.x86_64 6/6 Upgraded: gnome-desktop3-41.3-1.fc35.x86_64 gnome-shell-41.3-1.fc35.x86_64 mutter-41.3-1.fc35.x86_64 Complete! hashmarkername: setroubleshoot kernel: 5.15.13-200.fc35.x86_64 package: selinux-policy-targeted-35.8-1.fc35.noarch reason: SELinux is preventing (o-bridge) from 'ioctl' accesses on the unix_stream_socket unix_stream_socket. type: libreport
I've submitted a Fedora PR to address the issue: https://github.com/fedora-selinux/selinux-policy/pull/1000 Unfortunately I cannot reproduce it, so it may be incomplete. For further details on similar problems refer to https://github.com/fedora-selinux/selinux-policy/commit/6a6fff9f00a02723d3a9c58e892e12a527df8efa
*** Bug 2024445 has been marked as a duplicate of this bug. ***
*** Bug 2039987 has been marked as a duplicate of this bug. ***
FEDORA-2022-41fa7610dd has been submitted as an update to Fedora 35. https://bodhi.fedoraproject.org/updates/FEDORA-2022-41fa7610dd
FEDORA-2022-41fa7610dd has been pushed to the Fedora 35 stable repository. If problem still persists, please make note of it in this bug report.