SELinux is preventing /usr/libexec/mission-control-5 from 'read' accesses on the unix_stream_socket Unknown. ***** Plugin catchall (100. confidence) suggests *************************** If you believe that mission-control-5 should be allowed read access on the Unknown unix_stream_socket by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # grep mission-control /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context system_u:object_r:unlabeled_t:s0 Target Context system_u:object_r:unlabeled_t:s0 Target Objects Unknown [ unix_stream_socket ] Source mission-control Source Path /usr/libexec/mission-control-5 Port <Unknown> Host (removed) Source RPM Packages telepathy-mission-control-5.7.9-1.fc15 Target RPM Packages Policy RPM selinux-policy-3.9.16-15.fc15 Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 2.6.38.2-9.fc15.x86_64 #1 SMP Wed Mar 30 16:55:57 UTC 2011 x86_64 x86_64 Alert Count 1 First Seen Fri 22 Apr 2011 09:24:24 AM CEST Last Seen Fri 22 Apr 2011 09:24:24 AM CEST Local ID 6268ad90-e2af-4b23-a04a-1970661e86cc Raw Audit Messages type=AVC msg=audit(1303457064.588:51): avc: denied { read } for pid=1890 comm="mission-control" scontext=system_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=unix_stream_socket type=SYSCALL msg=audit(1303457064.588:51): arch=x86_64 syscall=recvmsg success=no exit=EACCES a0=3 a1=7ffff819f440 a2=40000000 a3=0 items=0 ppid=1 pid=1890 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) ses=1 comm=mission-control exe=/usr/libexec/mission-control-5 subj=system_u:object_r:unlabeled_t:s0 key=(null) Hash: mission-control,unlabeled_t,unlabeled_t,unix_stream_socket,read audit2allow #============= unlabeled_t ============== allow unlabeled_t self:unix_stream_socket read; audit2allow -R #============= unlabeled_t ============== allow unlabeled_t self:unix_stream_socket read;
Did you remove telepathy policy module?
*** Bug 698887 has been marked as a duplicate of this bug. ***
*** Bug 698888 has been marked as a duplicate of this bug. ***
(In reply to comment #1) > Did you remove telepathy policy module? I have the same problem, and it's a new install of fedora 15, I haven't removed anything.
I was just doing the update in F15 this morning. Telepathy was not launched.
When the transition was removed in policy, Suddenly unconfined_r:telepathy* context is no longer valid. If you kill all your telepathy processes, and restart them, the problem will go away.
You can just log out and back in to make sure.
Yes, the transition was removed in selinux-policy-3.9.16-16.fc15.
(In reply to comment #6) > When the transition was removed in policy, Suddenly unconfined_r:telepathy* > context is no longer valid. > > > If you kill all your telepathy processes, and restart them, the problem will go > away. Hmmm, I've been getting hammered with bug reports and emails about empathy (or more specifically telepathy-mission-control) no longer working after installing this policy (selinux-policy-3.9.16-16) from the updates-testing repo. I installed it myself, and haven't been able to get empathy to work since then.
You have to killall the telepathy sessions and restart, or logout and everything shoudl work. https://bugzilla.redhat.com/show_bug.cgi?id=699099
(In reply to comment #10) > You have to killall the telepathy sessions and restart, or logout and > everything shoudl work. > > https://bugzilla.redhat.com/show_bug.cgi?id=699099 Did that (and also rebooted) and telepathy-mission-control is still being prevented from starting.
(In reply to comment #11) > (In reply to comment #10) > > You have to killall the telepathy sessions and restart, or logout and > > everything shoudl work. > > > > https://bugzilla.redhat.com/show_bug.cgi?id=699099 > > Did that (and also rebooted) and telepathy-mission-control is still being > prevented from starting. Same here.
Could you attach the AVC's after reboot?
Created attachment 494685 [details] SELinux log messages Dan, I've downgraded my version of selinux-policy to get empathy working again, but I grepped my logs from the days I had the *-16 version installed for references to 'avc' & 'SELinux' in the hopes it will provide you with the information you're looking for. If there is any other info you need just contact me. Thanks!
It was discussed in the different bug and I don't remember where. This should help: sudo chcon -t bin_t /usr/libexec/mission-control* /usr/libexec/telepathy* I haven't any problem now.
I just recreated it also. I made some updates to selinux policy pool that will allow the transition and allow telepathy to connect to any port for now.
*** Bug 699567 has been marked as a duplicate of this bug. ***
*** Bug 699157 has been marked as a duplicate of this bug. ***
*** Bug 698932 has been marked as a duplicate of this bug. ***
Fixed in selinux-policy-3.9.16-17.fc15 which is available from koji for now.
Package: telepathy-mission-control-5.7.9-1.fc15 Architecture: x86_64 OS Release: Fedora release 15 (Lovelock) Comment ----- Logging into my system
Package: telepathy-mission-control-5.7.9-1.fc15 Architecture: x86_64 OS Release: Fedora release 15 (Lovelock) Comment ----- Tried to start Empathy and it crashed
Package: telepathy-mission-control-5.7.9-1.fc15 Architecture: x86_64 OS Release: Fedora release 15 (Lovelock) Comment ----- Happens everytime I launch empathy.
Have you tried the new policy?
(In reply to comment #24) > Have you tried the new policy? Yes, I've installed selinux-policy-3.9.16-17, and it does fix the telepathy bug introduced from selinux-policy-3.9.16-16. It would probably be worthwhile to push selinux-policy-*.17 to bodhi so this bug doesn't keep getting dup bug comments.
Yes, which I will do today.
selinux-policy-3.9.16-18.fc15 has been submitted as an update for Fedora 15. https://admin.fedoraproject.org/updates/selinux-policy-3.9.16-18.fc15
Package: telepathy-mission-control-5.7.9-1.fc15 Architecture: x86_64 OS Release: Fedora release 15 (Lovelock) Comment ----- Starting up Empathy
Package selinux-policy-3.9.16-18.fc15: * should fix your issue, * was pushed to the Fedora 15 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing selinux-policy-3.9.16-18.fc15' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/selinux-policy-3.9.16-18.fc15 then log in and leave karma (feedback).
Package: telepathy-mission-control-5.7.9-1.fc15 Architecture: x86_64 OS Release: Fedora release 15 (Lovelock) Comment ----- I Run Fedora 15 x86_64 and every time I start empathy I get this error
What version of selinux-policy are you running?
selinux-policy-3.9.16-18.fc15 has been pushed to the Fedora 15 stable repository. If problems still persist, please make note of it in this bug report.