libreport version: 2.0.10 executable: /usr/bin/python2.7 hashmarkername: setroubleshoot kernel: 3.3.7-3.fc17.x86_64 time: sab 02 giu 2012 19:27:27 CEST description: :SELinux is preventing /opt/google/talkplugin/GoogleTalkPlugin from 'getattr' accesses on the fifo_file /dev/initctl. : :***** Plugin catchall (100. confidence) suggests *************************** : :If si crede che GoogleTalkPlugin dovrebbe avere possibilità di accesso getattr sui initctl fifo_file in modo predefinito. :Then si dovrebbe riportare il problema come bug. :E' possibile generare un modulo di politica locale per consentire questo accesso. :Do :consentire questo accesso per il momento eseguendo: :# grep GoogleTalkPlugi /var/log/audit/audit.log | audit2allow -M mypol :# semodule -i mypol.pp : :Additional Information: :Source Context unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c : 0.c1023 :Target Context system_u:object_r:initctl_t:s0 :Target Objects /dev/initctl [ fifo_file ] :Source GoogleTalkPlugi :Source Path /opt/google/talkplugin/GoogleTalkPlugin :Port <Sconosciuto> :Host (removed) :Source RPM Packages google-talkplugin-2.9.10.0-1.x86_64 :Target RPM Packages :Policy RPM selinux-policy-3.10.0-128.fc17.noarch :Selinux Enabled True :Policy Type targeted :Enforcing Mode Permissive :Host Name (removed) :Platform Linux (removed) 3.3.7-3.fc17.x86_64 #1 SMP Thu : May 31 21:19:46 UTC 2012 x86_64 x86_64 :Alert Count 1 :First Seen sab 02 giu 2012 19:26:52 CEST :Last Seen sab 02 giu 2012 19:26:52 CEST :Local ID dc5ee8b0-a273-44b3-8959-d0ac6415b37f : :Raw Audit Messages :type=AVC msg=audit(1338658012.4:111): avc: denied { getattr } for pid=17589 comm="GoogleTalkPlugi" path="/dev/initctl" dev="devtmpfs" ino=1871 scontext=unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c0.c1023 tcontext=system_u:object_r:initctl_t:s0 tclass=fifo_file : : :type=SYSCALL msg=audit(1338658012.4:111): arch=x86_64 syscall=stat success=yes exit=0 a0=263d248 a1=26371f0 a2=26371f0 a3=25 items=0 ppid=1 pid=17589 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=(none) ses=2 comm=GoogleTalkPlugi exe=/opt/google/talkplugin/GoogleTalkPlugin subj=unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c0.c1023 key=(null) : :Hash: GoogleTalkPlugi,mozilla_plugin_t,initctl_t,fifo_file,getattr : :audit2allowunable to open /sys/fs/selinux/policy: Permission denied : : :audit2allow -Runable to open /sys/fs/selinux/policy: Permission denied : :
Fixed in selinux-policy-3.10.0-129.fc17
selinux-policy-3.10.0-130.fc17 has been submitted as an update for Fedora 17. https://admin.fedoraproject.org/updates/selinux-policy-3.10.0-130.fc17
Package selinux-policy-3.10.0-130.fc17: * should fix your issue, * was pushed to the Fedora 17 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing selinux-policy-3.10.0-130.fc17' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2012-9520/selinux-policy-3.10.0-130.fc17 then log in and leave karma (feedback).
selinux-policy-3.10.0-130.fc17 has been pushed to the Fedora 17 stable repository. If problems still persist, please make note of it in this bug report.
I keep getting this problem in F17: SELinux is preventing /opt/google/talkplugin/GoogleTalkPlugin from getattr access on the fifo_file /dev/initctl. ***** Plugin catchall (100. confidence) suggests *************************** If si crede che GoogleTalkPlugin dovrebbe avere possibilità di accesso getattr sui initctl fifo_file in modo predefinito. Then si dovrebbe riportare il problema come bug. E' possibile generare un modulo di politica locale per consentire questo accesso. Do consentire questo accesso per il momento eseguendo: # grep GoogleTalkPlugi /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c 0.c1023 Target Context system_u:object_r:initctl_t:s0 Target Objects /dev/initctl [ fifo_file ] Source GoogleTalkPlugi Source Path /opt/google/talkplugin/GoogleTalkPlugin Port <Sconosciuto> Host (removed) Source RPM Packages google-talkplugin-3.7.1.0-1.x86_64 Target RPM Packages Policy RPM selinux-policy-3.10.0-153.fc17.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Permissive Host Name (removed) Platform Linux dario-laptop 3.5.6-1.fc17.x86_64 #1 SMP Sun Oct 7 19:31:14 UTC 2012 x86_64 x86_64 Alert Count 2 First Seen 2012-10-09 22:24:59 CEST Last Seen 2012-10-09 22:24:59 CEST Local ID e368a9fa-7993-45b6-a586-87256112ab8d Raw Audit Messages type=AVC msg=audit(1349814299.886:127): avc: denied { getattr } for pid=4512 comm="GoogleTalkPlugi" path="/dev/initctl" dev="devtmpfs" ino=1950 scontext=unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c0.c1023 tcontext=system_u:object_r:initctl_t:s0 tclass=fifo_file type=SYSCALL msg=audit(1349814299.886:127): arch=x86_64 syscall=stat success=yes exit=0 a0=2b97c28 a1=2b95ed0 a2=2b95ed0 a3=25 items=0 ppid=1 pid=4512 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=(none) ses=8 comm=GoogleTalkPlugi exe=/opt/google/talkplugin/GoogleTalkPlugin subj=unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c0.c1023 key=(null) Hash: GoogleTalkPlugi,mozilla_plugin_t,initctl_t,fifo_file,getattr audit2allow #============= mozilla_plugin_t ============== allow mozilla_plugin_t initctl_t:fifo_file getattr; audit2allow -R #============= mozilla_plugin_t ============== allow mozilla_plugin_t initctl_t:fifo_file getattr;
I apologize. It has been fixed in F18. Backport fixed also to F17.
selinux-policy-3.10.0-156.fc17 has been submitted as an update for Fedora 17. https://admin.fedoraproject.org/updates/selinux-policy-3.10.0-156.fc17
Package selinux-policy-3.10.0-156.fc17: * should fix your issue, * was pushed to the Fedora 17 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing selinux-policy-3.10.0-156.fc17' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2012-16347/selinux-policy-3.10.0-156.fc17 then log in and leave karma (feedback).