Description of problem: SELinux is preventing /usr/bin/systemctl from 'lock' accesses on the file /run/utmp. ***** Plugin catchall (100. confidence) suggests *************************** If you believe that systemctl should be allowed lock access on the utmp file by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # grep runlevel /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context system_u:system_r:abrt_t:s0-s0:c0.c1023 Target Context system_u:object_r:initrc_var_run_t:s0 Target Objects /run/utmp [ file ] Source runlevel Source Path /usr/bin/systemctl Port <Unknown> Host (removed) Source RPM Packages systemd-44-24.fc17.i686 systemd-44-24.fc17.x86_64 Target RPM Packages initscripts-9.37.2-1.fc17.x86_64 Policy RPM selinux-policy-3.10.0-168.fc17.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Permissive Host Name (removed) Platform Linux (removed) 3.8.4-102.fc17.x86_64 #1 SMP Sun Mar 24 13:09:09 UTC 2013 x86_64 x86_64 Alert Count 3 First Seen 2013-03-28 18:07:34 CDT Last Seen 2013-03-28 18:08:25 CDT Local ID 10e72057-6fa5-46c6-accc-b8106265dc22 Raw Audit Messages type=AVC msg=audit(1364512105.355:142): avc: denied { lock } for pid=2933 comm="runlevel" path="/run/utmp" dev="tmpfs" ino=13697 scontext=system_u:system_r:abrt_t:s0-s0:c0.c1023 tcontext=system_u:object_r:initrc_var_run_t:s0 tclass=file type=SYSCALL msg=audit(1364512105.355:142): arch=x86_64 syscall=fcntl success=yes exit=0 a0=3 a1=7 a2=7fff24f68200 a3=8 items=0 ppid=2932 pid=2933 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 ses=4294967295 tty=(none) comm=runlevel exe=/usr/bin/systemctl subj=system_u:system_r:abrt_t:s0-s0:c0.c1023 key=(null) Hash: runlevel,abrt_t,initrc_var_run_t,file,lock audit2allow #============= abrt_t ============== allow abrt_t initrc_var_run_t:file lock; audit2allow -R #============= abrt_t ============== allow abrt_t initrc_var_run_t:file lock; Additional info: hashmarkername: setroubleshoot kernel: 3.8.4-102.fc17.x86_64 type: libreport
*** Bug 928992 has been marked as a duplicate of this bug. ***
180b04b6570fead9702358f99df7dc92bf32d022 fixes this in git.
Description of problem: Opening pdf with evince. Additional info: hashmarkername: setroubleshoot kernel: 3.8.13-100.fc17.x86_64 type: libreport
Description of problem: On the first reboot after applying updates I get this SELinux denial. The target context seems reasonable, but the source context may be incorrect. I'm not sure the best fix for this, so I'll send it in as a bug report and let you all decide. :-) Additional info: hashmarkername: setroubleshoot kernel: 3.8.13-100.fc17.x86_64 type: libreport
Description of problem: Printing with evince Additional info: hashmarkername: setroubleshoot kernel: 3.8.13-100.fc17.x86_64 type: libreport
Description of problem: I started clanbomber and wanted to start a local game but clanbomber crashed. Additional info: hashmarkername: setroubleshoot kernel: 3.8.13-100.fc17.x86_64 type: libreport
Description of problem: Began after a recent update (using apper). Unknown which package update triggered this nor precisely how to duplicate (other than installing and updating to this date (Jun 2 2013) Additional info: hashmarkername: setroubleshoot kernel: 3.8.13-100.fc17.x86_64 type: libreport
Description of problem: IcedTea-Web Plugin crashed inside of google-chrome. At least that seems to be when it happened. Additional info: hashmarkername: setroubleshoot kernel: 3.8.13-100.fc17.x86_64 type: libreport
(In reply to Daniel Walsh from comment #2) > 180b04b6570fead9702358f99df7dc92bf32d022 fixes this in git. For bug reports based on policy denial, it would be helpful if you named which project's repo you're talking about. Theoretically, the fix for this could be in selinux policy, systemd, the kernel, or various other places.
selinux-policy-3.10.0-170.fc17 has been submitted as an update for Fedora 17. https://admin.fedoraproject.org/updates/selinux-policy-3.10.0-170.fc17
Package selinux-policy-3.10.0-170.fc17: * should fix your issue, * was pushed to the Fedora 17 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing selinux-policy-3.10.0-170.fc17' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2013-10302/selinux-policy-3.10.0-170.fc17 then log in and leave karma (feedback).
Description of problem: a custom program segfaultet Additional info: hashmarkername: setroubleshoot kernel: 3.8.13-100.fc17.x86_64 type: libreport
Description of problem: Exiting fullscreen in a YouTube ap. It's not regular, but happens. Additional info: hashmarkername: setroubleshoot kernel: 3.8.13-100.fc17.x86_64 type: libreport
Description of problem: Trying to start Openoffice to open a docx-document. Additional info: hashmarkername: setroubleshoot kernel: 3.8.13-100.fc17.x86_64 type: libreport
Description of problem: Happened during login, has never happened before, no recent changes other than normal updates. Additional info: hashmarkername: setroubleshoot kernel: 3.8.13-100.fc17.x86_64 type: libreport
Description of problem: The problem occurred after the last updated that i installed, sorry my basic english. cheers!! Additional info: hashmarkername: setroubleshoot kernel: 3.8.13-100.fc17.i686 type: libreport
Description of problem: Launched Evolution and it came up for about 30 seconds, then crashed and threw this SELinux alert Additional info: hashmarkername: setroubleshoot kernel: 3.8.13-100.fc17.x86_64 type: libreport
Description of problem: I tried to read a youtube video using the flash-plugin (yeah, i know), then, nothing was readed, and the SElinux window appeared Additional info: hashmarkername: setroubleshoot kernel: 3.8.13-100.fc17.i686 type: libreport
Description of problem: I don't know what happens... Additional info: hashmarkername: setroubleshoot kernel: 3.8.13-100.fc17.i686 type: libreport
Description of problem: When I close remina window, with rdp connection to the server trouht ssh tunel. Additional info: hashmarkername: setroubleshoot kernel: 3.8.13-100.fc17.x86_64 type: libreport
Description of problem: Seem to be a background task Additional info: hashmarkername: setroubleshoot kernel: 3.8.13-100.fc17.x86_64 type: libreport
Description of problem: Not sure what caused an AVC, but this looks like legit access to me. Additional info: hashmarkername: setroubleshoot kernel: 3.8.13-100.fc17.x86_64 type: libreport
Did you update to selinux-policy-3.10.0-170.fc17?
Description of problem: Clicked on the "Files" application to open it. Nothing more. Additional info: hashmarkername: setroubleshoot kernel: 3.8.13-100.fc17.x86_64 type: libreport
Description of problem: Possibley generated after rebooting the server after it had locked up. Additional info: hashmarkername: setroubleshoot kernel: 3.8.13-100.fc17.x86_64 type: libreport
selinux-policy-3.10.0-170.fc17 has been pushed to the Fedora 17 stable repository. If problems still persist, please make note of it in this bug report.