Description of problem: When starting 'system-configfirewall' the gui hangs about 30 seconds before requesting root authentication. After given this the gui freezes completely and must be killed. Version-Release number of selected component (if applicable): Name : selinux-policy Arch : noarch Version : 3.6.32 Release : 55.fc12 Size : 6.4 M Repo : installed From repo : updates-testing How reproducible: Always Steps to Reproduce: 1. call system-config-firewall 2. wait until it asks for root password 3. type in root passwort Actual results: 1. freeze for about 30 seconds until one is asked for password 2. complete freeze after authentication Expected results: 1. No freezes Additional info: Obviously this issue is related to changes introduced into selinux-policy because of bug 544343. 'audit2allow -i /var/log/audit/audit.log' says: #============= firewallgui_t ============== allow firewallgui_t unconfined_t:dbus send_msg; #============= fprintd_t ============== allow fprintd_t policykit_auth_t:dbus send_msg; allow fprintd_t unconfined_t:dbus send_msg; #============= policykit_auth_t ============== allow policykit_auth_t fprintd_t:dbus send_msg; Calling the following commands fixed it for me: # audit2allow -M firewalls -l -i /var/log/audit/audit.log # semodule -i firewalls.pp
You can add these rules for now using # grep avc /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Fixed in selinux-policy-3.6.32-56.fc12.noarch
selinux-policy-3.6.32-56.fc12 has been submitted as an update for Fedora 12. http://admin.fedoraproject.org/updates/selinux-policy-3.6.32-56.fc12
selinux-policy-3.6.32-56.fc12 has been pushed to the Fedora 12 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update selinux-policy'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F12/FEDORA-2009-12990
*** Bug 546698 has been marked as a duplicate of this bug. ***
*** Bug 545680 has been marked as a duplicate of this bug. ***
VERIFIED as fixed in selinux-policy-3.6.32-58.fc12.noarch
selinux-policy-3.6.32-56.fc12 has been pushed to the Fedora 12 stable repository. If problems still persist, please make note of it in this bug report.