Bug 702071 - SELinux is preventing /usr/libexec/telepathy-haze from 'read' accesses on the unix_stream_socket Unknown.
Summary: SELinux is preventing /usr/libexec/telepathy-haze from 'read' accesses on the...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy
Version: 15
Hardware: x86_64
OS: Linux
unspecified
low
Target Milestone: ---
Assignee: Miroslav Grepl
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
: 702066 702068 702069 (view as bug list)
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2011-05-04 16:59 UTC by Ankur Sinha (FranciscoD)
Modified: 2011-05-05 07:34 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2011-05-05 07:34:08 UTC
Type: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Ankur Sinha (FranciscoD) 2011-05-04 16:59:55 UTC 
SELinux is preventing /usr/libexec/telepathy-haze from 'read' accesses on the unix_stream_socket Unknown.

*****  Plugin catchall (100. confidence) suggests  ***************************

If you believe that telepathy-haze should be allowed read access on the Unknown unix_stream_socket by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# grep telepathy-haze /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp

Additional Information:
Source Context                system_u:object_r:unlabeled_t:s0
Target Context                system_u:object_r:unlabeled_t:s0
Target Objects                Unknown [ unix_stream_socket ]
Source                        telepathy-haze
Source Path                   /usr/libexec/telepathy-haze
Port                          <Unknown>
Host                          (removed)
Source RPM Packages           telepathy-mission-control-5.7.9-1.fc15
Target RPM Packages           
Policy RPM                    selinux-policy-3.9.16-15.fc15
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Enforcing
Host Name                     (removed)
Platform                      Linux (removed) 2.6.38.2-9.fc15.x86_64 #1 SMP Wed
                              Mar 30 16:55:57 UTC 2011 x86_64 x86_64
Alert Count                   2
First Seen                    Sun 24 Apr 2011 14:04:42 IST
Last Seen                     Sun 24 Apr 2011 14:04:42 IST
Local ID                      eb1ccbbe-1755-40c3-ba5a-d04014108aec

Raw Audit Messages
type=AVC msg=audit(1303634082.535:123): avc:  denied  { read } for  pid=1824 comm="mission-control" scontext=system_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=unix_stream_socket


type=SYSCALL msg=audit(1303634082.535:123): arch=x86_64 syscall=recvmsg success=no exit=EACCES a0=3 a1=7fffa7bd3d10 a2=40000000 a3=0 items=0 ppid=1 pid=1824 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) ses=1 comm=mission-control exe=/usr/libexec/mission-control-5 subj=system_u:object_r:unlabeled_t:s0 key=(null)

Hash: telepathy-haze,unlabeled_t,unlabeled_t,unix_stream_socket,read

audit2allow

#============= unlabeled_t ==============
allow unlabeled_t self:unix_stream_socket read;

audit2allow -R

#============= unlabeled_t ==============
allow unlabeled_t self:unix_stream_socket read;
Comment 1 Miroslav Grepl 2011-05-05 05:42:52 UTC 
This is fixed in the latest policy. Please update your policy.

# yum update --enablerepo=updates-testing selinux-policy
Comment 2 Miroslav Grepl 2011-05-05 05:43:29 UTC 
*** Bug 702069 has been marked as a duplicate of this bug. ***
Comment 3 Miroslav Grepl 2011-05-05 05:43:56 UTC 
*** Bug 702068 has been marked as a duplicate of this bug. ***
Comment 4 Miroslav Grepl 2011-05-05 05:44:21 UTC 
*** Bug 702066 has been marked as a duplicate of this bug. ***
Comment 5 Miroslav Grepl 2011-05-05 07:34:08 UTC 
selinux-policy-3.9.16-21.fc15 has been pushed to the Fedora 15 stable
repository.  If problems still persist, please make note of it in this bug
report.
Note You need to log in before you can comment on or make changes to this bug.