SELinux is preventing /usr/libexec/fprintd from 'read' accesses on the plik /proc/<pid>/cmdline. ***** Plugin catchall (100. confidence) suggests *************************** If aby fprintd powinno mieć domyślnie read dostęp do cmdline file. Then proszę to zgłosić jako błąd. Można utworzyć lokalny moduł polityki, aby umożliwić ten dostęp. Do można tymczasowo zezwolić na ten dostęp wykonując polecenia: # grep fprintd /var/log/audit/audit.log | audit2allow -M moja_polityka # semodule -i moja_polityka.pp Additional Information: Source Context system_u:system_r:fprintd_t:s0-s0:c0.c1023 Target Context system_u:system_r:xdm_t:s0-s0:c0.c1023 Target Objects /proc/<pid>/cmdline [ file ] Source fprintd Source Path /usr/libexec/fprintd Port <Nieznane> Host (removed) Source RPM Packages fprintd-0.2.0-3.fc15 Target RPM Packages Policy RPM selinux-policy-3.9.16-35.fc15 Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 2.6.40.3-0.fc15.x86_64 #1 SMP Tue Aug 16 04:10:59 UTC 2011 x86_64 x86_64 Alert Count 19 First Seen czw, 25 sie 2011, 06:30:21 Last Seen nie, 4 wrz 2011, 22:07:36 Local ID bfffda5f-fadd-4174-920f-027e17d9010e Raw Audit Messages type=AVC msg=audit(1315166856.294:276): avc: denied { read } for pid=9849 comm="fprintd" path="/proc/9565/cmdline" dev=proc ino=291270 scontext=system_u:system_r:fprintd_t:s0-s0:c0.c1023 tcontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tclass=file type=SYSCALL msg=audit(1315166856.294:276): arch=x86_64 syscall=execve success=yes exit=0 a0=1629780 a1=16296a0 a2=1628010 a3=0 items=0 ppid=9848 pid=9849 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=fprintd exe=/usr/libexec/fprintd subj=system_u:system_r:fprintd_t:s0-s0:c0.c1023 key=(null) Hash: fprintd,fprintd_t,xdm_t,file,read audit2allow #============= fprintd_t ============== allow fprintd_t xdm_t:file read; audit2allow -R #============= fprintd_t ============== allow fprintd_t xdm_t:file read;
This is a leak file descriptor. Which display manager do you use?
Hello! I use Gnome version 3.0.1 with gnome-shell. Maciej
I believe this is part of the dbus protocol and I have allowed it in b3392c8e5ed77eecff4bfd3d53e66ca7b5a9f41c
Ok, the fix is added to F16 and F15.
selinux-policy-3.9.16-50.fc15 has been submitted as an update for Fedora 15. https://admin.fedoraproject.org/updates/selinux-policy-3.9.16-50.fc15
Package selinux-policy-3.9.16-50.fc15: * should fix your issue, * was pushed to the Fedora 15 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing selinux-policy-3.9.16-50.fc15' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2011-17089/selinux-policy-3.9.16-50.fc15 then log in and leave karma (feedback).
selinux-policy-3.9.16-50.fc15 has been pushed to the Fedora 15 stable repository. If problems still persist, please make note of it in this bug report.
This evidently requires a mirror. Evidently I'm out of mirrors after I added Arora web browser. Are there any such thing as installing mirrors or fetching mirrors from somewhere? Because I tried installing this update testing but it keeps reading: Trying other mirror. Wonder how I ran out of mirrors anyways? I just have Firefox and Arora.
[root@toshiba tonybrowning]# su -c 'yum update --enablerepo=updates-testing selinux-policy-3.9.16-50.fc15' Loaded plugins: langpacks, presto, refresh-packagekit updates-testing/metalink | 8.2 kB 00:00 updates-testing | 4.5 kB 00:00 http://mirror.itc.virginia.edu/fedora/updates/testing/16/i386/repodata/01cd634d8601afe972a5dc88f017a6c564b438acb3fc1c9063fd9c6a5f8c8b57-primary.sqlite.bz2: [Errno 12] Timeout on http://mirror.itc.virginia.edu/fedora/updates/testing/16/i386/repodata/01cd634d8601afe972a5dc88f017a6c564b438acb3fc1c9063fd9c6a5f8c8b57-primary.sqlite.bz2: (28, '') Trying other mirror. http://mirror.pnl.gov/fedora/linux/updates/testing/16/i386/repodata/01cd634d8601afe972a5dc88f017a6c564b438acb3fc1c9063fd9c6a5f8c8b57-primary.sqlite.bz2: [Errno 12] Timeout on http://mirror.pnl.gov/fedora/linux/updates/testing/16/i386/repodata/01cd634d8601afe972a5dc88f017a6c564b438acb3fc1c9063fd9c6a5f8c8b57-primary.sqlite.bz2: (28, '') Trying other mirror. updates-testing/primary_db | 867 kB 02:28 updates-testing/group_gz | 431 kB 01:31 Setting up Update Process No Match for argument: selinux-policy-3.9.16-50.fc15 No package selinux-policy-3.9.16-50.fc15 available. No Packages marked for Update [root@toshiba tonybrowning]#
Fixed-For-Me. Thanks.