Bug 742785 - SELinux is preventing /usr/bin/gnome-keyring-daemon from 'unlink' accesses on the sock_file control.
Summary: SELinux is preventing /usr/bin/gnome-keyring-daemon from 'unlink' accesses on...
Keywords:
Status: CLOSED WONTFIX
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy
Version: 15
Hardware: x86_64
OS: Linux
unspecified
medium
Target Milestone: ---
Assignee: Miroslav Grepl
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard: setroubleshoot_trace_hash:746d2d282d3...
: 742788 742789 742790 742792 742794 742795 742796 742797 742798 742799 (view as bug list)
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2011-10-02 19:58 UTC by Elias Oliveira de Jesus
Modified: 2012-10-02 08:42 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2012-10-02 08:42:59 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)

Description Elias Oliveira de Jesus 2011-10-02 19:58:54 UTC 
SELinux is preventing /usr/bin/gnome-keyring-daemon from 'unlink' accesses on the sock_file control.

*****  Plugin catchall (100. confidence) suggests  ***************************

If you believe that gnome-keyring-daemon should be allowed unlink access on the control sock_file by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# grep gnome-keyring-d /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp

Additional Information:
Source Context                system_u:system_r:xdm_dbusd_t:s0-s0:c0.c1023
Target Context                system_u:object_r:session_dbusd_tmp_t:s0
Target Objects                control [ sock_file ]
Source                        gnome-keyring-d
Source Path                   /usr/bin/gnome-keyring-daemon
Port                          <Desconhecido>
Host                          (removed)
Source RPM Packages           gnome-keyring-3.0.3-1.fc15
Target RPM Packages           
Policy RPM                    selinux-policy-3.9.16-38.fc15
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Permissive
Host Name                     (removed)
Platform                      Linux (removed) 2.6.40.4-5.fc15.x86_64 #1 SMP Tue Aug
                              30 14:38:32 UTC 2011 x86_64 x86_64
Alert Count                   1
First Seen                    Ter 20 Set 2011 00:34:01 BRT
Last Seen                     Ter 20 Set 2011 00:34:01 BRT
Local ID                      44d4db03-cddf-4743-a9f0-184ac8313f46

Raw Audit Messages
type=AVC msg=audit(1316489641.557:122): avc:  denied  { unlink } for  pid=2020 comm="gnome-keyring-d" name="control" dev=sda7 ino=2235011 scontext=system_u:system_r:xdm_dbusd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:session_dbusd_tmp_t:s0 tclass=sock_file


type=SYSCALL msg=audit(1316489641.557:122): arch=x86_64 syscall=unlink success=yes exit=0 a0=2772790 a1=0 a2=2783ec0 a3=1 items=0 ppid=1 pid=2020 auid=4294967295 uid=42 gid=42 euid=42 suid=42 fsuid=42 egid=42 sgid=42 fsgid=42 tty=(none) ses=4294967295 comm=gnome-keyring-d exe=/usr/bin/gnome-keyring-daemon subj=system_u:system_r:xdm_dbusd_t:s0-s0:c0.c1023 key=(null)

Hash: gnome-keyring-d,xdm_dbusd_t,session_dbusd_tmp_t,sock_file,unlink

audit2allow

#============= xdm_dbusd_t ==============
allow xdm_dbusd_t session_dbusd_tmp_t:sock_file unlink;

audit2allow -R

#============= xdm_dbusd_t ==============
allow xdm_dbusd_t session_dbusd_tmp_t:sock_file unlink;
Comment 1 Miroslav Grepl 2011-10-03 08:36:45 UTC 
Could you try to re-install the policy and make sure nothing blows up

# yum reinstall selinux-policy-targeted
Comment 2 Miroslav Grepl 2011-10-03 08:37:14 UTC 
*** Bug 742788 has been marked as a duplicate of this bug. ***
Comment 3 Miroslav Grepl 2011-10-03 08:37:50 UTC 
*** Bug 742789 has been marked as a duplicate of this bug. ***
Comment 4 Miroslav Grepl 2011-10-03 08:38:29 UTC 
*** Bug 742790 has been marked as a duplicate of this bug. ***
Comment 5 Miroslav Grepl 2011-10-03 08:38:54 UTC 
*** Bug 742792 has been marked as a duplicate of this bug. ***
Comment 6 Miroslav Grepl 2011-10-03 08:39:17 UTC 
*** Bug 742794 has been marked as a duplicate of this bug. ***
Comment 7 Miroslav Grepl 2011-10-03 08:39:39 UTC 
*** Bug 742795 has been marked as a duplicate of this bug. ***
Comment 8 Miroslav Grepl 2011-10-03 08:40:03 UTC 
*** Bug 742796 has been marked as a duplicate of this bug. ***
Comment 9 Miroslav Grepl 2011-10-03 08:40:22 UTC 
*** Bug 742797 has been marked as a duplicate of this bug. ***
Comment 10 Miroslav Grepl 2011-10-03 08:40:42 UTC 
*** Bug 742798 has been marked as a duplicate of this bug. ***
Comment 11 Miroslav Grepl 2011-10-03 08:41:00 UTC 
*** Bug 742799 has been marked as a duplicate of this bug. ***
Comment 12 Fedora End Of Life 2012-08-07 17:20:43 UTC 
This message is a notice that Fedora 15 is now at end of life. Fedora
has stopped maintaining and issuing updates for Fedora 15. It is
Fedora's policy to close all bug reports from releases that are no
longer maintained. At this time, all open bugs with a Fedora 'version'
of '15' have been closed as WONTFIX.

(Please note: Our normal process is to give advanced warning of this
occurring, but we forgot to do that. A thousand apologies.)

Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained version, feel free to reopen
this bug and simply change the 'version' to a later Fedora version.

Bug Reporter: Thank you for reporting this issue and we are sorry that
we were unable to fix it before Fedora 15 reached end of life. If you
would still like to see this bug fixed and are able to reproduce it
against a later version of Fedora, you are encouraged to click on
"Clone This Bug" (top right of this page) and open it against that
version of Fedora.

Although we aim to fix as many bugs as possible during every release's
lifetime, sometimes those efforts are overtaken by events. Often a
more recent Fedora release includes newer upstream software that fixes
bugs or makes them obsolete.

The process we are following is described here:
http://fedoraproject.org/wiki/BugZappers/HouseKeeping
Comment 13 Elad Alfassa 2012-10-01 17:52:26 UTC 
I've just seen this issue (or at least, a similar issue, which the reporting tool said is a duplicate of this bug) with Fedora 18. Re-opening.



-- 
Fedora Bugzappers volunteer triage team
https://fedoraproject.org/wiki/BugZappers
Comment 14 Elad Alfassa 2012-10-01 17:53:16 UTC 
login

Package: (null)
OS Release: Fedora release 18 (Spherical Cow)
Comment 15 Elad Alfassa 2012-10-01 17:54:22 UTC 
login.

Package: (null)
OS Release: Fedora release 18 (Spherical Cow)
Comment 16 Elad Alfassa 2012-10-01 17:56:24 UTC 
Sorry for extra comments, this is setroubleshoot's fault.



-- 
Fedora Bugzappers volunteer triage team
https://fedoraproject.org/wiki/BugZappers
Comment 17 Miroslav Grepl 2012-10-02 08:42:59 UTC 
I see you opened new bugs. Closing this F15 bug.
Note You need to log in before you can comment on or make changes to this bug.