Description of problem: SELinux is preventing /usr/libexec/colord from 'read' accesses on the file /run/gnome-initial-setup/.local/share/icc/edid-a99d98c760ecb11e07592f0536164edc.icc. ***** Plugin restorecon (99.5 confidence) suggests ************************* If you want to fix the label. /run/gnome-initial-setup/.local/share/icc/edid-a99d98c760ecb11e07592f0536164edc.icc default label should be var_run_t. Then you can run restorecon. Do # /sbin/restorecon -v /run/gnome-initial-setup/.local/share/icc/edid-a99d98c760ecb11e07592f0536164edc.icc ***** Plugin catchall (1.49 confidence) suggests *************************** If you believe that colord should be allowed read access on the edid-a99d98c760ecb11e07592f0536164edc.icc file by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # grep gdbus /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context system_u:system_r:colord_t:s0 Target Context system_u:object_r:xdm_var_run_t:s0 Target Objects /run/gnome-initial-setup/.local/share/icc/edid- a99d98c760ecb11e07592f0536164edc.icc [ file ] Source gdbus Source Path /usr/libexec/colord Port <Unknown> Host (removed) Source RPM Packages colord-0.1.31-1.fc19.x86_64 Target RPM Packages Policy RPM selinux-policy-3.12.1-24.fc19.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 3.9.0-0.rc5.git1.301.fc19.x86_64 #1 SMP Tue Apr 2 20:37:45 UTC 2013 x86_64 x86_64 Alert Count 1 First Seen 2013-04-04 20:39:53 CDT Last Seen 2013-04-04 20:39:53 CDT Local ID 1a97ceae-6987-41b0-8657-1dec11cd44cd Raw Audit Messages type=AVC msg=audit(1365125993.133:334): avc: denied { read } for pid=892 comm="gdbus" path="/run/gnome-initial-setup/.local/share/icc/edid-a99d98c760ecb11e07592f0536164edc.icc" dev="tmpfs" ino=17812 scontext=system_u:system_r:colord_t:s0 tcontext=system_u:object_r:xdm_var_run_t:s0 tclass=file type=SYSCALL msg=audit(1365125993.133:334): arch=x86_64 syscall=recvmsg success=yes exit=EBUSY a0=9 a1=7f67b77eebb0 a2=40000000 a3=0 items=0 ppid=1 pid=892 auid=4294967295 uid=997 gid=997 euid=997 suid=997 fsuid=997 egid=997 sgid=997 fsgid=997 ses=4294967295 tty=(none) comm=gdbus exe=/usr/libexec/colord subj=system_u:system_r:colord_t:s0 key=(null) Hash: gdbus,colord_t,xdm_var_run_t,file,read audit2allow #============= colord_t ============== allow colord_t xdm_var_run_t:file read; audit2allow -R require { type colord_t; } #============= colord_t ============== colord_dbus_chat(colord_t) Additional info: hashmarkername: setroubleshoot kernel: 3.9.0-0.rc5.git1.301.fc19.x86_64 type: libreport
Has been added to selinux-policy-3.12.1-26.fc19.noarch
selinux-policy-3.12.1-28.fc19 has been submitted as an update for Fedora 19. https://admin.fedoraproject.org/updates/FEDORA-2013-5045/selinux-policy-3.12.1-28.fc19
Package selinux-policy-3.12.1-28.fc19: * should fix your issue, * was pushed to the Fedora 19 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing selinux-policy-3.12.1-28.fc19' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2013-5045/selinux-policy-3.12.1-28.fc19 then log in and leave karma (feedback).
I have verified the correction in selinux-policy-3.12.1-28.fc19 and updated the karma. Thank you for your efforts.
Description of problem: This alert occurred immediately upon login after a reboot. Additional info: hashmarkername: setroubleshoot kernel: 3.9.0-0.rc6.git0.1.fc19.x86_64 type: libreport
Oops, I spoke to soon. There is still a problem, I just did not receive a notification.
#============= colord_t ============== #!!!! This avc is allowed in the current policy allow colord_t xdm_var_run_t:file read; What AVC are you getting?
I downloaded, installed, and updated the latest Fedora 19 ISO, TC6, over the weekend. I see this morning that this problem no longer occurs. Now there is a different problem.
Which one?
https://bugzilla.redhat.com/show_bug.cgi?id=951689
selinux-policy-3.12.1-28.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report.