Description of problem: I logged into an xfce session right after the system rebooted. I'm guessing obex-data-server is a background service. SELinux is preventing /usr/bin/obex-data-server from 'module_request' accesses on the system . ***** Plugin catchall (100. confidence) suggests *************************** If you believe that obex-data-server should be allowed module_request access on the system by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # grep obex-data-serve /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context staff_u:staff_r:obex_t:s0-s0:c0.c1023 Target Context system_u:system_r:kernel_t:s0 Target Objects [ system ] Source obex-data-serve Source Path /usr/bin/obex-data-server Port <Unknown> Host (removed) Source RPM Packages obex-data-server-0.4.6-4.fc18.x86_64 Target RPM Packages Policy RPM selinux-policy-3.11.1-71.fc18.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Permissive Host Name (removed) Platform Linux (removed) 3.7.2-204.fc18.x86_64 #1 SMP Wed Jan 16 16:22:52 UTC 2013 x86_64 x86_64 Alert Count 1 First Seen 2013-01-24 17:13:23 PST Last Seen 2013-01-24 17:13:23 PST Local ID 930b6960-0738-4912-a585-f57a35803973 Raw Audit Messages type=AVC msg=audit(1359076403.881:362): avc: denied { module_request } for pid=1912 comm="obex-data-serve" kmod="bt-proto-3" scontext=staff_u:staff_r:obex_t:s0-s0:c0.c1023 tcontext=system_u:system_r:kernel_t:s0 tclass=system type=SYSCALL msg=audit(1359076403.881:362): arch=x86_64 syscall=socket success=yes exit=E2BIG a0=1f a1=1 a2=3 a3=7fff2ec61980 items=0 ppid=1 pid=1912 auid=1000 uid=1000 gid=100 euid=1000 suid=1000 fsuid=1000 egid=100 sgid=100 fsgid=100 ses=3 tty=(none) comm=obex-data-serve exe=/usr/bin/obex-data-server subj=staff_u:staff_r:obex_t:s0-s0:c0.c1023 key=(null) Hash: obex-data-serve,obex_t,kernel_t,system,module_request audit2allow #============= obex_t ============== #!!!! This avc can be allowed using the boolean 'domain_kernel_load_modules' allow obex_t kernel_t:system module_request; audit2allow -R #============= obex_t ============== #!!!! This avc can be allowed using the boolean 'domain_kernel_load_modules' allow obex_t kernel_t:system module_request; Additional info: hashmarkername: setroubleshoot kernel: 3.7.2-204.fc18.x86_64 type: libreport
Added. commit cc312d6bb2ced2af999c642866fcd22591a128a9 Author: Miroslav Grepl <mgrepl> Date: Fri Jan 25 11:53:52 2013 +0100 Allow obex-data-server to request the kernel to load a module
selinux-policy-3.11.1-74.fc18 has been submitted as an update for Fedora 18. https://admin.fedoraproject.org/updates/selinux-policy-3.11.1-74.fc18
Package selinux-policy-3.11.1-74.fc18: * should fix your issue, * was pushed to the Fedora 18 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing selinux-policy-3.11.1-74.fc18' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2013-1693/selinux-policy-3.11.1-74.fc18 then log in and leave karma (feedback).
selinux-policy-3.11.1-74.fc18 has been pushed to the Fedora 18 stable repository. If problems still persist, please make note of it in this bug report.
I'm still seeing this with selinux-policy-3.11.1-82.fc18: type=AVC msg=audit(1363030742.538:384): avc: denied { module_request } for pid=2741 comm="obex-data-serve" kmod="bt-proto-3" scontext=staff_u:staff_r:obex_t:s0-s0:c0.c1023 tcontext=system_u:system_r:kernel_t:s0 tclass=system type=SYSCALL msg=audit(1363030742.538:384): arch=x86_64 syscall=socket success=yes exit=E2BIG a0=1f a1=1 a2=3 a3=0 items=0 ppid=1 pid=2741 auid=1000 uid=1000 gid=100 euid=1000 suid=1000 fsuid=1000 egid=100 sgid=100 fsgid=100 ses=2 tty=(none) comm=obex-data-serve exe=/usr/bin/obex-data-server subj=staff_u:staff_r:obex_t:s0-s0:c0.c1023 key=(null)
I see it in Rawhide but not in F18.
Fixed in selinux-policy-3.11.1-85.fc18.noarch
selinux-policy-3.11.1-85.fc18 has been submitted as an update for Fedora 18. https://admin.fedoraproject.org/updates/FEDORA-2013-3605/selinux-policy-3.11.1-85.fc18
Package selinux-policy-3.11.1-85.fc18: * should fix your issue, * was pushed to the Fedora 18 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing selinux-policy-3.11.1-85.fc18' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2013-3605/selinux-policy-3.11.1-85.fc18 then log in and leave karma (feedback).
selinux-policy-3.11.1-85.fc18 has been pushed to the Fedora 18 stable repository. If problems still persist, please make note of it in this bug report.