Hide Forgot
libreport version: 2.0.5.982 executable: /usr/bin/python hashmarkername: setroubleshoot kernel: 3.1.0-0.rc6.git0.3.fc16.x86_64 reason: SELinux is preventing /bin/bash from 'sendto' accesses on the unix_stream_socket Unknown. time: Wed Sep 28 22:48:22 2011 description: :SELinux is preventing /bin/bash from 'sendto' accesses on the unix_stream_socket Unknown. : :***** Plugin catchall (100. confidence) suggests *************************** : :If you believe that bash should be allowed sendto access on the Unknown unix_stream_socket by default. :Then you should report this as a bug. :You can generate a local policy module to allow this access. :Do :allow this access for now by executing: :# grep service /var/log/audit/audit.log | audit2allow -M mypol :# semodule -i mypol.pp : :Additional Information: :Source Context system_u:system_r:gnomeclock_t:s0-s0:c0.c1023 :Target Context system_u:system_r:init_t:s0 :Target Objects Unknown [ unix_stream_socket ] :Source service :Source Path /bin/bash :Port <Unknown> :Host (removed) :Source RPM Packages bash-4.2.10-4.fc16 :Target RPM Packages :Policy RPM selinux-policy-3.10.0-32.fc16 :Selinux Enabled True :Policy Type targeted :Enforcing Mode Enforcing :Host Name (removed) :Platform Linux (removed) : 3.1.0-0.rc6.git0.3.fc16.x86_64 #1 SMP Fri Sep 16 : 12:26:22 UTC 2011 x86_64 x86_64 :Alert Count 4 :First Seen Wed 28 Sep 2011 10:47:30 PM EDT :Last Seen Wed 28 Sep 2011 10:47:30 PM EDT :Local ID 93d7fa1c-0cb8-4804-958f-d5f895589bcd : :Raw Audit Messages :type=AVC msg=audit(1317264450.639:78): avc: denied { sendto } for pid=1816 comm="service" dev=sockfs ino=15557 scontext=system_u:system_r:gnomeclock_t:s0-s0:c0.c1023 tcontext=system_u:system_r:init_t:s0 tclass=unix_stream_socket : : :type=SYSCALL msg=audit(1317264450.639:78): arch=x86_64 syscall=open success=no exit=EACCES a0=1977060 a1=201 a2=1b6 a3=0 items=0 ppid=1814 pid=1816 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=service exe=/bin/bash subj=system_u:system_r:gnomeclock_t:s0-s0:c0.c1023 key=(null) : :Hash: service,gnomeclock_t,init_t,unix_stream_socket,sendto : :audit2allow : :#============= gnomeclock_t ============== :allow gnomeclock_t init_t:unix_stream_socket sendto; : :audit2allow -R : :#============= gnomeclock_t ============== :allow gnomeclock_t init_t:unix_stream_socket sendto; :
Fixed in selinux-policy-3.10.0-34.fc16
selinux-policy-3.10.0-36.fc16 has been submitted as an update for Fedora 16. https://admin.fedoraproject.org/updates/selinux-policy-3.10.0-36.fc16
Package selinux-policy-3.10.0-36.fc16: * should fix your issue, * was pushed to the Fedora 16 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing selinux-policy-3.10.0-36.fc16' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/selinux-policy-3.10.0-36.fc16 then log in and leave karma (feedback).
Syste was updated but error still persists (isn't it necessary to reload something in SElinux?) [deviant@localhost ~]$ rpm -qa | grep selinux-policy selinux-policy-targeted-3.10.0-36.fc16.noarch selinux-policy-3.10.0-36.fc16.noarch Error occurs each time I open 'Date and Time' settings. System is running from live-cd (Fedora 16 Beta RC4)
What avc are you seeing now?
Well, it looks like this is not fixed. sesearch -AC -s gnomeclock_t -t init_t -c unix_stream_socket -p sendto returns nothing. I probably added a fix which fixed something else related to this.
Fixed in selinux-policy-3.10.0-38.fc16
Hello, you are fast with fix updates :) Thanks for that! Selinux updated to the latest version available in koji (v 3.10.0-38) [liveuser@localhost ~]$ rpm -qa | grep selinux-policy selinux-policy-targeted-3.10.0-38.fc16.noarch selinux-policy-3.10.0-38.fc16.noarch When I opened "Date and Time" settings, this bug was not reported anymore. There was another bug reported instead of that (see log from ABRT pasted below): Bug is already reported: #674032 Bug #674032 is a duplicate, using parent bug #675278 https://bugzilla.redhat.com/show_bug.cgi?id=675278 Herewith, I would say, this bug is fixed. Let's kill the one reported in the log above.
I can see now (after the previous comment has been submitted) that the bugs are closed. Not sure if it is still valid now (?)
selinux-policy-3.10.0-38.fc16 has been pushed to the Fedora 16 stable repository. If problems still persist, please make note of it in this bug report.