Bug 785629 - SELinux is preventing /usr/libexec/fprintd from 'read' accesses on the None /etc/ld.so.cache.
Summary: SELinux is preventing /usr/libexec/fprintd from 'read' accesses on the None /...
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy
Version: 16
Hardware: x86_64
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Miroslav Grepl
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard: abrt_hash:5d57cbcd3094cc66104103f05d3...
: 785498 785499 785500 785554 (view as bug list)
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2012-01-30 04:42 UTC by bsfmig
Modified: 2012-02-07 20:00 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2012-01-30 10:53:59 UTC
Type: ---


Attachments (Terms of Use)
File: description (2.65 KB, text/plain)
2012-01-30 04:42 UTC, bsfmig
no flags Details
SELinux alert windows (91.50 KB, image/png)
2012-02-06 01:46 UTC, Mikhail
no flags Details

Description bsfmig 2012-01-30 04:42:53 UTC
libreport version: 2.0.8
executable:     /usr/bin/python
hashmarkername: setroubleshoot
kernel:         3.2.2-1.fc16.x86_64
reason:         SELinux is preventing /usr/libexec/fprintd from 'read' accesses on the None /etc/ld.so.cache.
time:           2012年01月30日 星期一 12时42分27秒

description:    Binary file, 2717 bytes

Comment 1 bsfmig 2012-01-30 04:42:56 UTC
Created attachment 558260 [details]
File: description

Comment 2 bsfmig 2012-01-30 04:45:00 UTC
Also I see a lot of "SELinux is preventing someapp from 'read' accesses on the None /etc/ld.so.cache." errors.

Comment 3 Miroslav Grepl 2012-01-30 10:53:59 UTC
file_t indicates that the file has no label. You will need to relabel all machine how sealert tells you.

--

If you think this is caused by a badly mislabeled machine.
Then you need to fully relabel.
Do
touch /.autorelabel; reboot

---

Comment 4 Miroslav Grepl 2012-01-30 12:11:12 UTC
*** Bug 785554 has been marked as a duplicate of this bug. ***

Comment 5 Miroslav Grepl 2012-01-30 12:12:01 UTC
*** Bug 785500 has been marked as a duplicate of this bug. ***

Comment 6 Miroslav Grepl 2012-01-30 12:12:22 UTC
*** Bug 785499 has been marked as a duplicate of this bug. ***

Comment 7 Miroslav Grepl 2012-01-30 12:12:35 UTC
*** Bug 785498 has been marked as a duplicate of this bug. ***

Comment 8 Mikhail 2012-02-06 01:45:42 UTC
Why not a bug? I see SELinux alert windows after every boot.

Comment 9 Mikhail 2012-02-06 01:46:53 UTC
Created attachment 559528 [details]
SELinux alert windows

Comment 10 Miroslav Grepl 2012-02-06 08:13:04 UTC
So /tmp/.com.google.Chrome.vwMBIF/SingletonSocket is still labeled as user_home_dir_t?

Comment 11 Daniel Walsh 2012-02-06 16:34:48 UTC
Mikhail, 

rm -rf /tmp/.com*
Then reboot and see if the AVC goes away.

Comment 12 Miroslav Grepl 2012-02-06 17:56:38 UTC
This could work.

Comment 13 Mikhail 2012-02-07 18:49:53 UTC
Thanks, But how these files appears in /tmp directory?

Comment 14 Daniel Walsh 2012-02-07 20:00:43 UTC
If I was to guess, you were running in permissive mode or potentially mislabeled and google application created a direcory in a homedir and then that got mv'd to /tmp/


Note You need to log in before you can comment on or make changes to this bug.