739301 – SELinux is preventing /usr/bin/passwd from 'getattr' accesses on the chr_file /dev/autofs.

Bug 739301 - SELinux is preventing /usr/bin/passwd from 'getattr' accesses on the chr_file /dev/autofs.

Summary: SELinux is preventing /usr/bin/passwd from 'getattr' accesses on the chr_file...

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	selinux-policy
Sub Component:
Version:	16
Hardware:	x86_64
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Assignee:	Miroslav Grepl
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:	abrt_hash:df837202987928496be98e8a423...
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2011-09-17 11:45 UTC by Mads Kiilerich
Modified:	2011-10-09 19:35 UTC (History)
CC List:	4 users (show)
Fixed In Version:	selinux-policy-3.10.0-38.fc16
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2011-10-09 19:35:54 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Mads Kiilerich 2011-09-17 11:45:51 UTC

abrt version: 2.0.5
executable:     /usr/bin/python
hashmarkername: setroubleshoot
kernel:         3.1.0-0.rc6.git0.0.fc16.x86_64
reason:         SELinux is preventing /usr/bin/passwd from 'getattr' accesses on the chr_file /dev/autofs.
time:           Sat Sep 17 13:45:18 2011

description:
:SELinux is preventing /usr/bin/passwd from 'getattr' accesses on the chr_file /dev/autofs.
:
:*****  Plugin catchall (100. confidence) suggests  ***************************
:
:If you believe that passwd should be allowed getattr access on the autofs chr_file by default.
:Then you should report this as a bug.
:You can generate a local policy module to allow this access.
:Do
:allow this access for now by executing:
:# grep passwd /var/log/audit/audit.log | audit2allow -M mypol
:# semodule -i mypol.pp
:
:Additional Information:
:Source Context                unconfined_u:unconfined_r:passwd_t:s0-s0:c0.c1023
:Target Context                system_u:object_r:autofs_device_t:s0
:Target Objects                /dev/autofs [ chr_file ]
:Source                        passwd
:Source Path                   /usr/bin/passwd
:Port                          <Unknown>
:Host                          (removed)
:Source RPM Packages           passwd-0.78-3.fc15
:Target RPM Packages           
:Policy RPM                    selinux-policy-3.10.0-28.fc16
:Selinux Enabled               True
:Policy Type                   targeted
:Enforcing Mode                Enforcing
:Host Name                     (removed)
:Platform                      Linux (removed) 3.1.0-0.rc6.git0.0.fc16.x86_64 #1 SMP
:                              Mon Sep 12 22:46:15 UTC 2011 x86_64 x86_64
:Alert Count                   7
:First Seen                    Sat 17 Sep 2011 01:43:22 PM CEST
:Last Seen                     Sat 17 Sep 2011 01:44:10 PM CEST
:Local ID                      03ab46fb-ecca-4c35-a51b-52b98ce5be41
:
:Raw Audit Messages
:type=AVC msg=audit(1316259850.563:742): avc:  denied  { getattr } for  pid=2214 comm="passwd" path="/dev/autofs" dev=devtmpfs ino=1121 scontext=unconfined_u:unconfined_r:passwd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:autofs_device_t:s0 tclass=chr_file
:
:
:type=SYSCALL msg=audit(1316259850.563:742): arch=x86_64 syscall=stat success=no exit=EACCES a0=7fffdb767ce0 a1=7fffdb7635b0 a2=7fffdb7635b0 a3=0 items=0 ppid=2213 pid=2214 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=4 comm=passwd exe=/usr/bin/passwd subj=unconfined_u:unconfined_r:passwd_t:s0-s0:c0.c1023 key=(null)
:
:Hash: passwd,passwd_t,autofs_device_t,chr_file,getattr
:
:audit2allow
:
:#============= passwd_t ==============
:allow passwd_t autofs_device_t:chr_file getattr;
:
:audit2allow -R
:
:#============= passwd_t ==============
:allow passwd_t autofs_device_t:chr_file getattr;
:

Comment 1 Mads Kiilerich 2011-09-17 11:59:13 UTC

See also Bug 739302 - passwd will stat all files in /dev

This shows up as one of many avcs:

type=SYSCALL msg=audit(1316260343.422:3158): arch=c000003e syscall=4 success=no exit=-13 a0=7fff129292a0 a1=7fff12924b70 a2=7fff12924b70 a3=0 items=0 ppid=2398 pid=2399 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=4 comm="passwd" exe="/usr/bin/passwd" subj=unconfined_u:unconfined_r:passwd_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1316260343.422:3159): avc:  denied  { getattr } for  pid=2399 comm="passwd" path="/dev/mem" dev=devtmpfs ino=1027 scontext=unconfined_u:unconfined_r:passwd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:memory_device_t:s0 tclass=chr_file
type=SYSCALL msg=audit(1316260343.422:3159): arch=c000003e syscall=4 success=no exit=-13 a0=7fff129292a0 a1=7fff12924b70 a2=7fff12924b70 a3=0 items=0 ppid=2398 pid=2399 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=4 comm="passwd" exe="/usr/bin/passwd" subj=unconfined_u:unconfined_r:passwd_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1316260343.422:3160): avc:  denied  { getattr } for  pid=2399 comm="passwd" path="/dev/vga_arbiter" dev=devtmpfs ino=1026 scontext=unconfined_u:unconfined_r:passwd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:xserver_misc_device_t:s0 tclass=chr_file
type=SYSCALL msg=audit(1316260343.422:3160): arch=c000003e syscall=4 success=no exit=-13 a0=7fff129292a0 a1=7fff12924b70 a2=7fff12924b70 a3=0 items=0 ppid=2398 pid=2399 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=4 comm="passwd" exe="/usr/bin/passwd" subj=unconfined_u:unconfined_r:passwd_t:s0-s0:c0.c1023 key=(null)
type=USER_CHAUTHTOK msg=audit(1316260343.423:3161): user pid=2399 uid=0 auid=500 ses=4 subj=unconfined_u:unconfined_r:passwd_t:s0-s0:c0.c1023 msg='op=change password id=501 exe="/usr/bin/passwd" hostname=? addr=? terminal=? res=success'
type=AVC msg=audit(1316260346.075:3162): avc:  denied  { getattr } for  pid=2230 comm="setroubleshootd" path="/dev/media0" dev=devtmpfs ino=12644 scontext=system_u:system_r:setroubleshootd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:device_t:s0 tclass=chr_file
type=SYSCALL msg=audit(1316260346.075:3162): arch=c000003e syscall=6 success=no exit=-13 a0=7f88921df2a0 a1=7f88921df1c0 a2=7f88921df1c0 a3=35fb33f770 items=0 ppid=1 pid=2230 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="setroubleshootd" exe="/usr/bin/python" subj=system_u:system_r:setroubleshootd_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1316260348.793:3163): avc:  denied  { getattr } for  pid=2230 comm="setroubleshootd" path="/dev/media0" dev=devtmpfs ino=12644 scontext=system_u:system_r:setroubleshootd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:device_t:s0 tclass=chr_file
type=SYSCALL msg=audit(1316260348.793:3163): arch=c000003e syscall=6 success=no exit=-13 a0=7f88921df2a0 a1=7f88921df1c0 a2=7f88921df1c0 a3=35fb33f770 items=0 ppid=1 pid=2230 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="setroubleshootd" exe="/usr/bin/python" subj=system_u:system_r:setroubleshootd_t:s0-s0:c0.c1023 key=(null)


















type=USER_AUTH msg=audit(1316260641.376:3164): user pid=2441 uid=0 auid=500 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:authentication acct="mk" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/1 res=success'
type=USER_ACCT msg=audit(1316260641.379:3165): user pid=2441 uid=0 auid=500 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:accounting acct="mk" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/1 res=success'
type=USER_CMD msg=audit(1316260641.382:3166): user pid=2441 uid=0 auid=500 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='cwd="/home/mk" cmd=70617373776420626F62 terminal=pts/1 res=success'
type=CRED_ACQ msg=audit(1316260641.383:3167): user pid=2447 uid=0 auid=500 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/1 res=success'
type=USER_START msg=audit(1316260641.385:3168): user pid=2447 uid=0 auid=500 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/1 res=success'
type=AVC msg=audit(1316260641.392:3169): avc:  denied  { getattr } for  pid=2447 comm="passwd" path="/dev/hidraw1" dev=devtmpfs ino=26523 scontext=unconfined_u:unconfined_r:passwd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:usb_device_t:s0 tclass=chr_file
type=SYSCALL msg=audit(1316260641.392:3169): arch=c000003e syscall=4 success=no exit=-13 a0=8fea50 a1=7fff1582d320 a2=7fff1582d320 a3=0 items=0 ppid=2441 pid=2447 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 ses=4 comm="passwd" exe="/usr/bin/passwd" subj=unconfined_u:unconfined_r:passwd_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1316260641.392:3170): avc:  denied  { getattr } for  pid=2447 comm="passwd" path="/dev/hidraw0" dev=devtmpfs ino=26520 scontext=unconfined_u:unconfined_r:passwd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:usb_device_t:s0 tclass=chr_file
type=SYSCALL msg=audit(1316260641.392:3170): arch=c000003e syscall=4 success=no exit=-13 a0=8fea50 a1=7fff1582d320 a2=7fff1582d320 a3=0 items=0 ppid=2441 pid=2447 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 ses=4 comm="passwd" exe="/usr/bin/passwd" subj=unconfined_u:unconfined_r:passwd_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1316260641.392:3171): avc:  denied  { getattr } for  pid=2447 comm="passwd" path="/dev/video0" dev=devtmpfs ino=12645 scontext=unconfined_u:unconfined_r:passwd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:v4l_device_t:s0 tclass=chr_file
type=SYSCALL msg=audit(1316260641.392:3171): arch=c000003e syscall=4 success=no exit=-13 a0=8fea50 a1=7fff1582d320 a2=7fff1582d320 a3=0 items=0 ppid=2441 pid=2447 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 ses=4 comm="passwd" exe="/usr/bin/passwd" subj=unconfined_u:unconfined_r:passwd_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1316260641.392:3172): avc:  denied  { getattr } for  pid=2447 comm="passwd" path="/dev/media0" dev=devtmpfs ino=12644 scontext=unconfined_u:unconfined_r:passwd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:device_t:s0 tclass=chr_file
type=SYSCALL msg=audit(1316260641.392:3172): arch=c000003e syscall=4 success=no exit=-13 a0=8fea50 a1=7fff1582d320 a2=7fff1582d320 a3=0 items=0 ppid=2441 pid=2447 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 ses=4 comm="passwd" exe="/usr/bin/passwd" subj=unconfined_u:unconfined_r:passwd_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1316260641.393:3173): avc:  denied  { getattr } for  pid=2447 comm="passwd" path="/dev/rfkill" dev=devtmpfs ino=12642 scontext=unconfined_u:unconfined_r:passwd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:wireless_device_t:s0 tclass=chr_file
type=SYSCALL msg=audit(1316260641.393:3173): arch=c000003e syscall=4 success=no exit=-13 a0=8fea50 a1=7fff1582d320 a2=7fff1582d320 a3=0 items=0 ppid=2441 pid=2447 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 ses=4 comm="passwd" exe="/usr/bin/passwd" subj=unconfined_u:unconfined_r:passwd_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1316260641.393:3174): avc:  denied  { getattr } for  pid=2447 comm="passwd" path="/dev/watchdog" dev=devtmpfs ino=11687 scontext=unconfined_u:unconfined_r:passwd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:watchdog_device_t:s0 tclass=chr_file
type=SYSCALL msg=audit(1316260641.393:3174): arch=c000003e syscall=4 success=no exit=-13 a0=8fea50 a1=7fff1582d320 a2=7fff1582d320 a3=0 items=0 ppid=2441 pid=2447 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 ses=4 comm="passwd" exe="/usr/bin/passwd" subj=unconfined_u:unconfined_r:passwd_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1316260641.393:3175): avc:  denied  { getattr } for  pid=2447 comm="passwd" path="/dev/sr0" dev=devtmpfs ino=1171 scontext=unconfined_u:unconfined_r:passwd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:removable_device_t:s0 tclass=blk_file
type=SYSCALL msg=audit(1316260641.393:3175): arch=c000003e syscall=4 success=no exit=-13 a0=8fea50 a1=7fff1582d320 a2=7fff1582d320 a3=0 items=0 ppid=2441 pid=2447 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 ses=4 comm="passwd" exe="/usr/bin/passwd" subj=unconfined_u:unconfined_r:passwd_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1316260641.393:3176): avc:  denied  { getattr } for  pid=2447 comm="passwd" path="/dev/sr0" dev=devtmpfs ino=1171 scontext=unconfined_u:unconfined_r:passwd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:removable_device_t:s0 tclass=blk_file
type=SYSCALL msg=audit(1316260641.393:3176): arch=c000003e syscall=4 success=no exit=-13 a0=8fea50 a1=7fff1582d320 a2=7fff1582d320 a3=0 items=0 ppid=2441 pid=2447 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 ses=4 comm="passwd" exe="/usr/bin/passwd" subj=unconfined_u:unconfined_r:passwd_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1316260641.393:3177): avc:  denied  { getattr } for  pid=2447 comm="passwd" path="/dev/sr0" dev=devtmpfs ino=1171 scontext=unconfined_u:unconfined_r:passwd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:removable_device_t:s0 tclass=blk_file
type=SYSCALL msg=audit(1316260641.393:3177): arch=c000003e syscall=4 success=no exit=-13 a0=8fea50 a1=7fff1582d320 a2=7fff1582d320 a3=0 items=0 ppid=2441 pid=2447 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 ses=4 comm="passwd" exe="/usr/bin/passwd" subj=unconfined_u:unconfined_r:passwd_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1316260641.393:3178): avc:  denied  { getattr } for  pid=2447 comm="passwd" path="/dev/sr0" dev=devtmpfs ino=1171 scontext=unconfined_u:unconfined_r:passwd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:removable_device_t:s0 tclass=blk_file
type=SYSCALL msg=audit(1316260641.393:3178): arch=c000003e syscall=4 success=no exit=-13 a0=8fea50 a1=7fff1582d320 a2=7fff1582d320 a3=0 items=0 ppid=2441 pid=2447 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 ses=4 comm="passwd" exe="/usr/bin/passwd" subj=unconfined_u:unconfined_r:passwd_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1316260641.393:3179): avc:  denied  { getattr } for  pid=2447 comm="passwd" path="/dev/uinput" dev=devtmpfs ino=10881 scontext=unconfined_u:unconfined_r:passwd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:event_device_t:s0 tclass=chr_file
type=SYSCALL msg=audit(1316260641.393:3179): arch=c000003e syscall=4 success=no exit=-13 a0=8fea50 a1=7fff1582d320 a2=7fff1582d320 a3=0 items=0 ppid=2441 pid=2447 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 ses=4 comm="passwd" exe="/usr/bin/passwd" subj=unconfined_u:unconfined_r:passwd_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1316260641.393:3180): avc:  denied  { getattr } for  pid=2447 comm="passwd" path="/dev/ppp" dev=devtmpfs ino=10873 scontext=unconfined_u:unconfined_r:passwd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:ppp_device_t:s0 tclass=chr_file
type=SYSCALL msg=audit(1316260641.393:3180): arch=c000003e syscall=4 success=no exit=-13 a0=8fea50 a1=7fff1582d320 a2=7fff1582d320 a3=0 items=0 ppid=2441 pid=2447 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 ses=4 comm="passwd" exe="/usr/bin/passwd" subj=unconfined_u:unconfined_r:passwd_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1316260641.393:3181): avc:  denied  { getattr } for  pid=2447 comm="passwd" path="/dev/lp0" dev=devtmpfs ino=10751 scontext=unconfined_u:unconfined_r:passwd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:printer_device_t:s0 tclass=chr_file
type=SYSCALL msg=audit(1316260641.393:3181): arch=c000003e syscall=4 success=no exit=-13 a0=8fea50 a1=7fff1582d320 a2=7fff1582d320 a3=0 items=0 ppid=2441 pid=2447 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 ses=4 comm="passwd" exe="/usr/bin/passwd" subj=unconfined_u:unconfined_r:passwd_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1316260641.393:3182): avc:  denied  { getattr } for  pid=2447 comm="passwd" path="/dev/lp1" dev=devtmpfs ino=10750 scontext=unconfined_u:unconfined_r:passwd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:printer_device_t:s0 tclass=chr_file
type=SYSCALL msg=audit(1316260641.393:3182): arch=c000003e syscall=4 success=no exit=-13 a0=8fea50 a1=7fff1582d320 a2=7fff1582d320 a3=0 items=0 ppid=2441 pid=2447 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 ses=4 comm="passwd" exe="/usr/bin/passwd" subj=unconfined_u:unconfined_r:passwd_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1316260641.393:3183): avc:  denied  { getattr } for  pid=2447 comm="passwd" path="/dev/lp2" dev=devtmpfs ino=10749 scontext=unconfined_u:unconfined_r:passwd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:printer_device_t:s0 tclass=chr_file
type=SYSCALL msg=audit(1316260641.393:3183): arch=c000003e syscall=4 success=no exit=-13 a0=8fea50 a1=7fff1582d320 a2=7fff1582d320 a3=0 items=0 ppid=2441 pid=2447 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 ses=4 comm="passwd" exe="/usr/bin/passwd" subj=unconfined_u:unconfined_r:passwd_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1316260641.393:3184): avc:  denied  { getattr } for  pid=2447 comm="passwd" path="/dev/lp3" dev=devtmpfs ino=10748 scontext=unconfined_u:unconfined_r:passwd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:printer_device_t:s0 tclass=chr_file
type=SYSCALL msg=audit(1316260641.393:3184): arch=c000003e syscall=4 success=no exit=-13 a0=8fea50 a1=7fff1582d320 a2=7fff1582d320 a3=0 items=0 ppid=2441 pid=2447 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 ses=4 comm="passwd" exe="/usr/bin/passwd" subj=unconfined_u:unconfined_r:passwd_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1316260641.394:3185): avc:  denied  { getattr } for  pid=2447 comm="passwd" path="/dev/initctl" dev=devtmpfs ino=10559 scontext=unconfined_u:unconfined_r:passwd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:initctl_t:s0 tclass=fifo_file
type=SYSCALL msg=audit(1316260641.394:3185): arch=c000003e syscall=4 success=no exit=-13 a0=8fea50 a1=7fff1582d320 a2=7fff1582d320 a3=0 items=0 ppid=2441 pid=2447 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 ses=4 comm="passwd" exe="/usr/bin/passwd" subj=unconfined_u:unconfined_r:passwd_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1316260641.394:3186): avc:  denied  { getattr } for  pid=2447 comm="passwd" path="/dev/sda4" dev=devtmpfs ino=1169 scontext=unconfined_u:unconfined_r:passwd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=blk_file
type=SYSCALL msg=audit(1316260641.394:3186): arch=c000003e syscall=4 success=no exit=-13 a0=8fea50 a1=7fff1582d320 a2=7fff1582d320 a3=0 items=0 ppid=2441 pid=2447 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 ses=4 comm="passwd" exe="/usr/bin/passwd" subj=unconfined_u:unconfined_r:passwd_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1316260641.394:3187): avc:  denied  { getattr } for  pid=2447 comm="passwd" path="/dev/sr0" dev=devtmpfs ino=1171 scontext=unconfined_u:unconfined_r:passwd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:removable_device_t:s0 tclass=blk_file
type=SYSCALL msg=audit(1316260641.394:3187): arch=c000003e syscall=4 success=no exit=-13 a0=8fea50 a1=7fff1582d320 a2=7fff1582d320 a3=0 items=0 ppid=2441 pid=2447 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 ses=4 comm="passwd" exe="/usr/bin/passwd" subj=unconfined_u:unconfined_r:passwd_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1316260641.394:3188): avc:  denied  { getattr } for  pid=2447 comm="passwd" path="/dev/rtc0" dev=devtmpfs ino=1155 scontext=unconfined_u:unconfined_r:passwd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:clock_device_t:s0 tclass=chr_file
type=SYSCALL msg=audit(1316260641.394:3188): arch=c000003e syscall=4 success=no exit=-13 a0=8fea50 a1=7fff1582d320 a2=7fff1582d320 a3=0 items=0 ppid=2441 pid=2447 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 ses=4 comm="passwd" exe="/usr/bin/passwd" subj=unconfined_u:unconfined_r:passwd_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1316260641.394:3189): avc:  denied  { getattr } for  pid=2447 comm="passwd" path="/dev/fb0" dev=devtmpfs ino=7089 scontext=unconfined_u:unconfined_r:passwd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:framebuf_device_t:s0 tclass=chr_file
type=SYSCALL msg=audit(1316260641.394:3189): arch=c000003e syscall=4 success=no exit=-13 a0=8fea50 a1=7fff1582d320 a2=7fff1582d320 a3=0 items=0 ppid=2441 pid=2447 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 ses=4 comm="passwd" exe="/usr/bin/passwd" subj=unconfined_u:unconfined_r:passwd_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1316260641.394:3190): avc:  denied  { getattr } for  pid=2447 comm="passwd" path="/dev/fb0" dev=devtmpfs ino=7089 scontext=unconfined_u:unconfined_r:passwd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:framebuf_device_t:s0 tclass=chr_file
type=SYSCALL msg=audit(1316260641.394:3190): arch=c000003e syscall=4 success=no exit=-13 a0=8fea50 a1=7fff1582d320 a2=7fff1582d320 a3=0 items=0 ppid=2441 pid=2447 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 ses=4 comm="passwd" exe="/usr/bin/passwd" subj=unconfined_u:unconfined_r:passwd_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1316260641.394:3191): avc:  denied  { getattr } for  pid=2447 comm="passwd" path="/dev/fuse" dev=devtmpfs ino=9897 scontext=unconfined_u:unconfined_r:passwd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:fuse_device_t:s0 tclass=chr_file
type=SYSCALL msg=audit(1316260641.394:3191): arch=c000003e syscall=4 success=no exit=-13 a0=8fea50 a1=7fff1582d320 a2=7fff1582d320 a3=0 items=0 ppid=2441 pid=2447 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 ses=4 comm="passwd" exe="/usr/bin/passwd" subj=unconfined_u:unconfined_r:passwd_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1316260641.394:3192): avc:  denied  { getattr } for  pid=2447 comm="passwd" path="/dev/btrfs-control" dev=devtmpfs ino=9896 scontext=unconfined_u:unconfined_r:passwd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:lvm_control_t:s0 tclass=chr_file
type=SYSCALL msg=audit(1316260641.394:3192): arch=c000003e syscall=4 success=no exit=-13 a0=905570 a1=7fff1582d320 a2=7fff1582d320 a3=0 items=0 ppid=2441 pid=2447 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 ses=4 comm="passwd" exe="/usr/bin/passwd" subj=unconfined_u:unconfined_r:passwd_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1316260641.394:3193): avc:  denied  { getattr } for  pid=2447 comm="passwd" path="/proc/kcore" dev=proc ino=4026532032 scontext=unconfined_u:unconfined_r:passwd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:proc_kcore_t:s0 tclass=file
type=SYSCALL msg=audit(1316260641.394:3193): arch=c000003e syscall=4 success=no exit=-13 a0=905570 a1=7fff1582d320 a2=7fff1582d320 a3=0 items=0 ppid=2441 pid=2447 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 ses=4 comm="passwd" exe="/usr/bin/passwd" subj=unconfined_u:unconfined_r:passwd_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1316260641.394:3194): avc:  denied  { getattr } for  pid=2447 comm="passwd" path="/dev/sg1" dev=devtmpfs ino=1172 scontext=unconfined_u:unconfined_r:passwd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:scsi_generic_device_t:s0 tclass=chr_file
type=SYSCALL msg=audit(1316260641.394:3194): arch=c000003e syscall=4 success=no exit=-13 a0=905570 a1=7fff1582d320 a2=7fff1582d320 a3=0 items=0 ppid=2441 pid=2447 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 ses=4 comm="passwd" exe="/usr/bin/passwd" subj=unconfined_u:unconfined_r:passwd_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1316260641.394:3195): avc:  denied  { getattr } for  pid=2447 comm="passwd" path="/dev/sr0" dev=devtmpfs ino=1171 scontext=unconfined_u:unconfined_r:passwd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:removable_device_t:s0 tclass=blk_file
type=SYSCALL msg=audit(1316260641.394:3195): arch=c000003e syscall=4 success=no exit=-13 a0=905570 a1=7fff1582d320 a2=7fff1582d320 a3=0 items=0 ppid=2441 pid=2447 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 ses=4 comm="passwd" exe="/usr/bin/passwd" subj=unconfined_u:unconfined_r:passwd_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1316260641.395:3196): avc:  denied  { getattr } for  pid=2447 comm="passwd" path="/dev/sda4" dev=devtmpfs ino=1169 scontext=unconfined_u:unconfined_r:passwd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=blk_file
type=SYSCALL msg=audit(1316260641.395:3196): arch=c000003e syscall=4 success=no exit=-13 a0=905570 a1=7fff1582d320 a2=7fff1582d320 a3=0 items=0 ppid=2441 pid=2447 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 ses=4 comm="passwd" exe="/usr/bin/passwd" subj=unconfined_u:unconfined_r:passwd_t:s0-s0:c0.c1023 key=(null)

Comment 2 Miroslav Grepl 2011-09-19 10:06:08 UTC

Did you run restorecon on /dev when this happened?

Comment 3 Mads Kiilerich 2011-09-19 12:27:27 UTC

No, I didn't run restorecon. The system has just been rebooted and relabeled:

[root@fladmast ~]# restorecon -rvn /dev
restorecon reset /dev/pts/ptmx context system_u:object_r:devpts_t:s0->system_u:object_r:ptmx_t:s0

[root@fladmast ~]# rpm -q selinux-policy systemd dracut
selinux-policy-3.10.0-30.fc16.noarch
systemd-35-1.fc16.x86_64
dracut-013-8.fc16.noarch

[root@fladmast ~]# useradd aa

[root@fladmast ~]# passwd aa
Changing password for user aa.

Sep 19 08:21:23 fladmast kernel: [ 4038.534940] type=1400 audit(1316434883.228:4): avc:  denied  { getattr } for  pid=1500 comm="passwd" path="/dev/uinput" dev=devtmpfs ino=11284 scontext=unconfined_u:unconfined_r:passwd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:event_device_t:s0 tclass=chr_file
Sep 19 08:21:23 fladmast kernel: [ 4038.534975] type=1400 audit(1316434883.228:5): avc:  denied  { getattr } for  pid=1500 comm="passwd" path="/dev/ppp" dev=devtmpfs ino=11276 scontext=unconfined_u:unconfined_r:passwd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:ppp_device_t:s0 tclass=chr_file
Sep 19 08:21:23 fladmast kernel: [ 4038.535013] type=1400 audit(1316434883.228:6): avc:  denied  { getattr } for  pid=1500 comm="passwd" path="/dev/lp2" dev=devtmpfs ino=10458 scontext=unconfined_u:unconfined_r:passwd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:printer_device_t:s0 tclass=chr_file
Sep 19 08:21:23 fladmast kernel: [ 4038.535038] type=1400 audit(1316434883.228:7): avc:  denied  { getattr } for  pid=1500 comm="passwd" path="/dev/lp0" dev=devtmpfs ino=10457 scontext=unconfined_u:unconfined_r:passwd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:printer_device_t:s0 tclass=chr_file
Sep 19 08:21:23 fladmast kernel: [ 4038.535063] type=1400 audit(1316434883.228:8): avc:  denied  { getattr } for  pid=1500 comm="passwd" path="/dev/lp3" dev=devtmpfs ino=10456 scontext=unconfined_u:unconfined_r:passwd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:printer_device_t:s0 tclass=chr_file
Sep 19 08:21:23 fladmast kernel: [ 4038.535087] type=1400 audit(1316434883.228:9): avc:  denied  { getattr } for  pid=1500 comm="passwd" path="/dev/lp1" dev=devtmpfs ino=10455 scontext=unconfined_u:unconfined_r:passwd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:printer_device_t:s0 tclass=chr_file
Sep 19 08:21:23 fladmast kernel: [ 4038.535144] type=1400 audit(1316434883.228:10): avc:  denied  { getattr } for  pid=1500 comm="passwd" path="/dev/initctl" dev=devtmpfs ino=10267 scontext=unconfined_u:unconfined_r:passwd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:initctl_t:s0 tclass=fifo_file
Sep 19 08:21:23 fladmast kernel: [ 4038.535246] type=1400 audit(1316434883.229:11): avc:  denied  { getattr } for  pid=1500 comm="passwd" path="/dev/dm-2" dev=devtmpfs ino=6966 scontext=unconfined_u:unconfined_r:passwd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=blk_file
Sep 19 08:21:23 fladmast kernel: [ 4038.535289] type=1400 audit(1316434883.229:12): avc:  denied  { getattr } for  pid=1500 comm="passwd" path="/dev/sdb1" dev=devtmpfs ino=1497 scontext=unconfined_u:unconfined_r:passwd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=blk_file
Sep 19 08:21:23 fladmast kernel: [ 4038.535331] type=1400 audit(1316434883.229:13): avc:  denied  { getattr } for  pid=1500 comm="passwd" path="/dev/sdb" dev=devtmpfs ino=7781 scontext=unconfined_u:unconfined_r:passwd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=blk_file

New password: 
Retype new password: 

Sep 19 08:21:36 fladmast kernel: [ 4051.879476] audit_printk_skb: 156 callbacks suppressed
Sep 19 08:21:36 fladmast kernel: [ 4051.879485] type=1400 audit(1316434896.579:66): avc:  denied  { getattr } for  pid=1500 comm="passwd" path="/dev/uinput" dev=devtmpfs ino=11284 scontext=unconfined_u:unconfined_r:passwd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:event_device_t:s0 tclass=chr_file
Sep 19 08:21:36 fladmast kernel: [ 4051.879587] type=1400 audit(1316434896.580:67): avc:  denied  { getattr } for  pid=1500 comm="passwd" path="/dev/ppp" dev=devtmpfs ino=11276 scontext=unconfined_u:unconfined_r:passwd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:ppp_device_t:s0 tclass=chr_file
Sep 19 08:21:36 fladmast kernel: [ 4051.879678] type=1400 audit(1316434896.580:68): avc:  denied  { getattr } for  pid=1500 comm="passwd" path="/dev/lp2" dev=devtmpfs ino=10458 scontext=unconfined_u:unconfined_r:passwd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:printer_device_t:s0 tclass=chr_file
Sep 19 08:21:36 fladmast kernel: [ 4051.879769] type=1400 audit(1316434896.580:69): avc:  denied  { getattr } for  pid=1500 comm="passwd" path="/dev/lp0" dev=devtmpfs ino=10457 scontext=unconfined_u:unconfined_r:passwd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:printer_device_t:s0 tclass=chr_file
Sep 19 08:21:36 fladmast kernel: [ 4051.879858] type=1400 audit(1316434896.580:70): avc:  denied  { getattr } for  pid=1500 comm="passwd" path="/dev/lp3" dev=devtmpfs ino=10456 scontext=unconfined_u:unconfined_r:passwd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:printer_device_t:s0 tclass=chr_file
Sep 19 08:21:36 fladmast kernel: [ 4051.879948] type=1400 audit(1316434896.580:71): avc:  denied  { getattr } for  pid=1500 comm="passwd" path="/dev/lp1" dev=devtmpfs ino=10455 scontext=unconfined_u:unconfined_r:passwd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:printer_device_t:s0 tclass=chr_file
Sep 19 08:21:36 fladmast kernel: [ 4051.880042] type=1400 audit(1316434896.580:72): avc:  denied  { getattr } for  pid=1500 comm="passwd" path="/dev/initctl" dev=devtmpfs ino=10267 scontext=unconfined_u:unconfined_r:passwd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:initctl_t:s0 tclass=fifo_file
Sep 19 08:21:36 fladmast kernel: [ 4051.880233] type=1400 audit(1316434896.580:73): avc:  denied  { getattr } for  pid=1500 comm="passwd" path="/dev/dm-2" dev=devtmpfs ino=6966 scontext=unconfined_u:unconfined_r:passwd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=blk_file
Sep 19 08:21:36 fladmast kernel: [ 4051.880326] type=1400 audit(1316434896.580:74): avc:  denied  { getattr } for  pid=1500 comm="passwd" path="/dev/sdb1" dev=devtmpfs ino=1497 scontext=unconfined_u:unconfined_r:passwd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=blk_file
Sep 19 08:21:36 fladmast kernel: [ 4051.880445] type=1400 audit(1316434896.580:75): avc:  denied  { getattr } for  pid=1500 comm="passwd" path="/dev/sdb" dev=devtmpfs ino=7781 scontext=unconfined_u:unconfined_r:passwd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=blk_file

passwd: all authentication tokens updated successfully.

Comment 4 Miroslav Grepl 2011-09-19 12:54:52 UTC

Ok, I will add

dev_dontaudit_getattr_all(passwd_t)

Comment 5 Mads Kiilerich 2011-09-21 14:56:05 UTC

This might have shown up as a consequence of bug 739307. I don't know if the workaround is necessary when that has been solved.

Comment 6 Daniel Walsh 2011-09-21 15:00:32 UTC

No I actually think this is caused by a pam module

Comment 7 Daniel Walsh 2011-09-21 15:05:12 UTC

Fixed in selinux-policy-3.10.0-33.fc16

Comment 8 Mads Kiilerich 2011-09-21 15:17:08 UTC

(In reply to comment #6)
> No I actually think this is caused by a pam module

Bug 739302 agree that it is caused by a pam module (calling glibc ttyname), but also that it stats everything because the first stat fails.

Comment 9 Tomas Mraz 2011-09-21 15:19:47 UTC

What pam module caused what? I do not think so as there was no related change in a pam module.

Again, I have to repeat that the passwd_t must be able to getattr on user_devpts_t, otherwise ttyname() as called by passwd and pam modules will not work correctly.

Comment 10 Daniel Walsh 2011-09-21 15:31:51 UTC

RIght, but there was a labeling problem, so It was denied and then went nuts searching for a device it could write.

Comment 11 Tomas Mraz 2011-09-21 15:40:14 UTC

Is user_devpts_t correct labelling? If so, then passwd_t is still prevented from getattr it on my F16 install.

Comment 12 Daniel Walsh 2011-09-21 16:11:19 UTC

sesearch -A -s passwd_t -t user_devpts_t -C
Found 2 semantic av rules:
   allow passwd_t user_devpts_t : chr_file { ioctl read write getattr append } ;

THis is what I see.  What AVC are you seeing?  What policy do you have installed?

Comment 13 Tomas Mraz 2011-09-21 19:39:37 UTC

Hmm maybe the real reason is that the passwd_t is not allowed to search devpts_t dir?
sesearch -A -s passwd_t -t devpts_t -C
Found 1 semantic av rules:
   allow passwd_t devpts_t : chr_file { ioctl read write getattr append } ; 

No dir class above and the /dev/pts is directory with devpts_t type.

Comment 14 Daniel Walsh 2011-09-21 19:52:03 UTC

Ok I will allow this access.

Fixed in selinux-policy-3.10.0-33.fc16

Comment 15 Mads Kiilerich 2011-09-21 23:24:37 UTC

Just another observation - that might be implied by your discussion above:

There is no problem when running passwd as root logged in on tty2 - passwd can do what it wants to do without statting everything.

When logged in as an ordinary user in X and running "su -" in a console I see the reported behaviour with 28 AVCs.

That is using selinux-policy-3.10.0.32, which (except for /dev/pts/ptmx) works fine.

Comment 16 Daniel Walsh 2011-09-29 19:07:58 UTC

Mads have you tried this with the latest policy?

Comment 17 Mads Kiilerich 2011-09-29 20:16:29 UTC

I don't see this any more after upgrading to selinux-policy-3.10.0-35.fc16.noarch

When I upgraded I saw:

Sep 29 15:19:11 fladmast setroubleshoot: Deleting alert 058b5219-80ff-4a3f-a7fd-5428e131f648, it is dontaudit'd in current policy
Sep 29 15:19:11 fladmast setroubleshoot: Deleting alert d353df85-ec9f-4f8b-9120-bb738b0e297c, it is dontaudit'd in current policy
Sep 29 15:19:12 fladmast setroubleshoot: [server.ERROR] Unable to add audit event: node=fladmast type=AVC msg=audit(1317323878.830:1284): avc:  denied  { getattr } for  pid=7938 comm="passwd" path="/dev/vga_arbiter" dev=devtmpfs ino=1026 scontext=unconfined_u:unconfined_r:passwd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:xserver_misc_device_t:s0 tclass=chr_file#012 #012**** Invalid AVC dontaudited in current policy.  'semodule -B' will turn on dontaudit rules. ***

The last one seems a bit strange - I don't know if it indicates a real problem.

Comment 18 Fedora Update System 2011-10-04 11:16:49 UTC

selinux-policy-3.10.0-36.fc16 has been submitted as an update for Fedora 16.
https://admin.fedoraproject.org/updates/selinux-policy-3.10.0-36.fc16

Comment 19 Fedora Update System 2011-10-04 20:49:26 UTC

Package selinux-policy-3.10.0-36.fc16:
* should fix your issue,
* was pushed to the Fedora 16 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing selinux-policy-3.10.0-36.fc16'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/selinux-policy-3.10.0-36.fc16
then log in and leave karma (feedback).

Comment 20 Fedora Update System 2011-10-09 19:35:54 UTC

selinux-policy-3.10.0-38.fc16 has been pushed to the Fedora 16 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.