Description of problem: SELinux is preventing /usr/lib/polkit-1/polkitd from 'read' accesses on the directory machine. ***** Plugin catchall (100. confidence) suggests *************************** If you believe that polkitd should be allowed read access on the machine directory by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # grep polkitd /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context system_u:system_r:policykit_t:s0 Target Context system_u:object_r:cgroup_t:s0 Target Objects machine [ dir ] Source polkitd Source Path /usr/lib/polkit-1/polkitd Port <Unknown> Host (removed) Source RPM Packages polkit-0.110-3.fc19.i686 Target RPM Packages Policy RPM selinux-policy-3.12.1-42.fc19.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 3.9.0-301.fc19.i686.PAE #1 SMP Mon Apr 29 13:55:54 UTC 2013 i686 i686 Alert Count 1 First Seen 2013-05-08 08:07:48 YEKT Last Seen 2013-05-08 08:07:48 YEKT Local ID 33dff53f-8267-4d08-828e-9f839cd8a484 Raw Audit Messages type=AVC msg=audit(1367978868.14:27): avc: denied { read } for pid=400 comm="polkitd" name="machine" dev="cgroup" ino=6654 scontext=system_u:system_r:policykit_t:s0 tcontext=system_u:object_r:cgroup_t:s0 tclass=dir type=SYSCALL msg=audit(1367978868.14:27): arch=i386 syscall=inotify_add_watch success=no exit=EACCES a0=7 a1=b84ab370 a2=380 a3=b84ab440 items=0 ppid=1 pid=400 auid=4294967295 uid=999 gid=999 euid=999 suid=999 fsuid=999 egid=999 sgid=999 fsgid=999 ses=4294967295 tty=(none) comm=polkitd exe=/usr/lib/polkit-1/polkitd subj=system_u:system_r:policykit_t:s0 key=(null) Hash: polkitd,policykit_t,cgroup_t,dir,read audit2allow #============= policykit_t ============== allow policykit_t cgroup_t:dir read; audit2allow -R require { type policykit_t; } #============= policykit_t ============== fs_manage_cgroup_files(policykit_t) Additional info: reporter: libreport-2.1.4 hashmarkername: setroubleshoot kernel: 3.9.0-301.fc19.i686.PAE type: libreport
954cbaf8d0345c5a74fb0068c90f4cf127fa775e 5d7b3dfd9a370a6e72864134c91974b19651c53d Allows this in git.
Description of problem: on first boot of Mate 1.60 from dd usb of f19 Beta TC4 x86_64 dd usb Additional info: hashmarkername: setroubleshoot kernel: 3.9.0-301.fc19.x86_64 type: libreport
Description of problem: I don't get this one, or really know what is going on. The only "machine" directory on my system is ls -Zd /usr/lib64/perl5/machine drwxr-xr-x. root root system_u:object_r:lib_t:s0 /usr/lib64/perl5/machine (Plus the same thing in some mock chroots). Additional info: reporter: libreport-2.1.4 hashmarkername: setroubleshoot kernel: 3.9.0-301.fc19.x86_64 type: libreport
find /sys/fs/cgroup/ -name machine /sys/fs/cgroup/systemd/machine
Description of problem: Running various commands which invoked polkit prompts, and got this randomly. Additional info: reporter: libreport-2.1.4 hashmarkername: setroubleshoot kernel: 3.9.0-301.fc19.x86_64 type: libreport
selinux-policy-3.12.1-47.fc19 has been submitted as an update for Fedora 19. https://admin.fedoraproject.org/updates/selinux-policy-3.12.1-47.fc19
Package selinux-policy-3.12.1-47.fc19: * should fix your issue, * was pushed to the Fedora 19 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing selinux-policy-3.12.1-47.fc19' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2013-9565/selinux-policy-3.12.1-47.fc19 then log in and leave karma (feedback).
selinux-policy-3.12.1-47.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report.