Description of problem: SELinux is preventing /usr/libexec/colord from 'read' accesses on the file 2. ***** Plugin catchall (100. confidence) suggests *************************** If you believe that colord should be allowed read access on the 2 file by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # grep colord /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context system_u:system_r:colord_t:s0 Target Context system_u:object_r:systemd_logind_sessions_t:s0 Target Objects 2 [ file ] Source colord Source Path /usr/libexec/colord Port <Unknown> Host (removed) Source RPM Packages colord-0.1.28-1.fc18.x86_64 Target RPM Packages Policy RPM selinux-policy-3.11.1-73.fc18.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Permissive Host Name (removed) Platform Linux (removed) 3.8.0-rc4 #3 SMP Fri Jan 18 13:06:29 CET 2013 x86_64 x86_64 Alert Count 2 First Seen 2013-01-23 11:33:56 CET Last Seen 2013-01-23 12:27:33 CET Local ID c82bcd76-9858-4d5c-a595-92542fa19cfa Raw Audit Messages type=AVC msg=audit(1358940453.140:72): avc: denied { read } for pid=1757 comm="colord" name="2" dev="tmpfs" ino=21935 scontext=system_u:system_r:colord_t:s0 tcontext=system_u:object_r:systemd_logind_sessions_t:s0 tclass=file type=AVC msg=audit(1358940453.140:72): avc: denied { open } for pid=1757 comm="colord" path="/run/systemd/sessions/2" dev="tmpfs" ino=21935 scontext=system_u:system_r:colord_t:s0 tcontext=system_u:object_r:systemd_logind_sessions_t:s0 tclass=file type=SYSCALL msg=audit(1358940453.140:72): arch=x86_64 syscall=open success=yes exit=ENOTBLK a0=2123900 a1=80000 a2=1b6 a3=238 items=0 ppid=1 pid=1757 auid=4294967295 uid=998 gid=997 euid=998 suid=998 fsuid=998 egid=997 sgid=997 fsgid=997 ses=4294967295 tty=(none) comm=colord exe=/usr/libexec/colord subj=system_u:system_r:colord_t:s0 key=(null) Hash: colord,colord_t,systemd_logind_sessions_t,file,read audit2allow #============= colord_t ============== allow colord_t systemd_logind_sessions_t:file { read open }; audit2allow -R #============= colord_t ============== allow colord_t systemd_logind_sessions_t:file { read open }; Additional info: hashmarkername: setroubleshoot kernel: 3.8.0-rc4 type: libreport
Fixed in selinux-policy-3.11.1-74.fc18.noarch
selinux-policy-3.11.1-74.fc18 has been submitted as an update for Fedora 18. https://admin.fedoraproject.org/updates/selinux-policy-3.11.1-74.fc18
Package selinux-policy-3.11.1-74.fc18: * should fix your issue, * was pushed to the Fedora 18 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing selinux-policy-3.11.1-74.fc18' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2013-1693/selinux-policy-3.11.1-74.fc18 then log in and leave karma (feedback).
I have updates-testing enabled and selinux-policy-3.11.1-74.fc18 installed but still getting this SeLinux alert. I'va also tried to relabel all system doing #touch /.autorelabel
Fixed in selinux-policy-3.11.1-75.fc18
*** Bug 906970 has been marked as a duplicate of this bug. ***
*** Bug 907437 has been marked as a duplicate of this bug. ***
Laptop did not start from suspended state, Had to force shut down. Package: (null) OS Release: Fedora release 18 (Spherical Cow)
AVC denial happens consistently when logging in. Package: (null) OS Release: Fedora release 18 (Spherical Cow)
Booted into GNOME 3, and noticed the sealert message. Package: (null) OS Release: Fedora release 18 (Spherical Cow)
selinux-policy-3.11.1-76.fc18 has been submitted as an update for Fedora 18. https://admin.fedoraproject.org/updates/selinux-policy-3.11.1-76.fc18
just at startup, like every day Package: (null) OS Release: Fedora release 18 (Spherical Cow)
No steps, just session startup and I got this alert. That's it. Package: (null) OS Release: Fedora release 18 (Spherical Cow)
This happened when I turned on the lap. Package: (null) Architecture: i686 OS Release: Fedora release 18 (Spherical Cow)
Happens right after login. Package: (null) OS Release: Fedora release 18 (Spherical Cow)
Happends everytime I log into the Gnome desktop. Package: (null) OS Release: Fedora release 18 (Spherical Cow)
Alert keeps coming right after startup. Package: (null) OS Release: Fedora release 18 (Spherical Cow)
selinux-policy-3.11.1-74.fc18 has been pushed to the Fedora 18 stable repository. If problems still persist, please make note of it in this bug report.
The problem still persists.
Please update to the latest policy # yum update selinux-policy-targeted --enablerepo=updates-testing
Updating to 3.11.1-76 solved the problem.
type=AVC msg=audit(1360406105.149:368): avc: denied { search } for pid=2517 comm="colord" name="sessions" dev="tmpfs" ino=13931 scontext=system_u:system_r:colord_t:s0 tcontext=system_u:object_r:systemd_logind_sessions_t:s0 tclass=dir search is denied now with 3.11.1-76
Observed this bug on selinux-policy-3.11.1-74.fc18. type=AVC msg=audit(1360427076.051:363): avc: denied { search } for pid=803 comm="colord" name="sessions" dev="tmpfs" ino=15045 scontext=system_u:system_r:colord_t:s0 tcontext=system_u:object_r:systemd_logind_sessions_t:s0 tclass=dir Resolved for me by updating to selinux-policy-3.11.1-76.fc18: no new entries in SELinux Troubleshooter or in audit.log after a reboot.
selinux-policy-3.11.1-76.fc18 has been pushed to the Fedora 18 stable repository. If problems still persist, please make note of it in this bug report.