785629 – SELinux is preventing /usr/libexec/fprintd from 'read' accesses on the None /etc/ld.so.cache.

Bug 785629 - SELinux is preventing /usr/libexec/fprintd from 'read' accesses on the None /etc/ld.so.cache.

Summary: SELinux is preventing /usr/libexec/fprintd from 'read' accesses on the None /...

Keywords:
Status:	CLOSED NOTABUG
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	selinux-policy
Sub Component:
Version:	16
Hardware:	x86_64
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Assignee:	Miroslav Grepl
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:	abrt_hash:5d57cbcd3094cc66104103f05d3...
Duplicates (4):	785498 785499 785500 785554 (view as bug list)
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2012-01-30 04:42 UTC by bsfmig
Modified:	2012-02-07 20:00 UTC (History)
CC List:	5 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2012-01-30 10:53:59 UTC
Type:	---
Dependent Products:

Attachments	(Terms of Use)
File: description (2.65 KB, text/plain) 2012-01-30 04:42 UTC, bsfmig	no flags	Details
SELinux alert windows (91.50 KB, image/png) 2012-02-06 01:46 UTC, Mikhail	no flags	Details
View All Add an attachment (proposed patch, testcase, etc.)

Description bsfmig 2012-01-30 04:42:53 UTC

libreport version: 2.0.8
executable:     /usr/bin/python
hashmarkername: setroubleshoot
kernel:         3.2.2-1.fc16.x86_64
reason:         SELinux is preventing /usr/libexec/fprintd from 'read' accesses on the None /etc/ld.so.cache.
time:           2012年01月30日 星期一 12时42分27秒

description:    Binary file, 2717 bytes

Comment 1 bsfmig 2012-01-30 04:42:56 UTC

Created attachment 558260 [details]
File: description

Comment 2 bsfmig 2012-01-30 04:45:00 UTC

Also I see a lot of "SELinux is preventing someapp from 'read' accesses on the None /etc/ld.so.cache." errors.

Comment 3 Miroslav Grepl 2012-01-30 10:53:59 UTC

file_t indicates that the file has no label. You will need to relabel all machine how sealert tells you.

--

If you think this is caused by a badly mislabeled machine.
Then you need to fully relabel.
Do
touch /.autorelabel; reboot

---

Comment 4 Miroslav Grepl 2012-01-30 12:11:12 UTC

*** Bug 785554 has been marked as a duplicate of this bug. ***

Comment 5 Miroslav Grepl 2012-01-30 12:12:01 UTC

*** Bug 785500 has been marked as a duplicate of this bug. ***

Comment 6 Miroslav Grepl 2012-01-30 12:12:22 UTC

*** Bug 785499 has been marked as a duplicate of this bug. ***

Comment 7 Miroslav Grepl 2012-01-30 12:12:35 UTC

*** Bug 785498 has been marked as a duplicate of this bug. ***

Comment 8 Mikhail 2012-02-06 01:45:42 UTC

Why not a bug? I see SELinux alert windows after every boot.

Comment 9 Mikhail 2012-02-06 01:46:53 UTC

Created attachment 559528 [details]
SELinux alert windows

Comment 10 Miroslav Grepl 2012-02-06 08:13:04 UTC

So /tmp/.com.google.Chrome.vwMBIF/SingletonSocket is still labeled as user_home_dir_t?

Comment 11 Daniel Walsh 2012-02-06 16:34:48 UTC

Mikhail, 

rm -rf /tmp/.com*
Then reboot and see if the AVC goes away.

Comment 12 Miroslav Grepl 2012-02-06 17:56:38 UTC

This could work.

Comment 13 Mikhail 2012-02-07 18:49:53 UTC

Thanks, But how these files appears in /tmp directory?

Comment 14 Daniel Walsh 2012-02-07 20:00:43 UTC

If I was to guess, you were running in permissive mode or potentially mislabeled and google application created a direcory in a homedir and then that got mv'd to /tmp/

Note You need to log in before you can comment on or make changes to this bug.