Bug 973849 - (accounts) SELinux is preventing /usr/libexec/accounts-daemon from 'read' accesses on the directory /var/log.
SELinux is preventing /usr/libexec/accounts-daemon from 'read' accesses on th...
Status: CLOSED ERRATA
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted (Show other bugs)
19
i686 Unspecified
unspecified Severity unspecified
: ---
: ---
Assigned To: Miroslav Grepl
Ben Levenson
abrt_hash:455f96e85c0c0e8a358b5c07e24...
:
: 973367 (view as bug list)
Depends On:
Blocks: F19Blocker/F19FinalBlocker
  Show dependency treegraph
 
Reported: 2013-06-12 19:33 EDT by hrafnkellbrimar
Modified: 2013-06-18 20:18 EDT (History)
86 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2013-06-18 20:18:41 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description hrafnkellbrimar 2013-06-12 19:33:17 EDT
Description of problem:
First boot into gnome classic session after update
SELinux is preventing /usr/libexec/accounts-daemon from 'read' accesses on the directory /var/log.

*****  Plugin catchall (100. confidence) suggests  ***************************

If you believe that accounts-daemon should be allowed read access on the log directory by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# grep accounts-daemon /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp

Additional Information:
Source Context                system_u:system_r:accountsd_t:s0
Target Context                system_u:object_r:var_log_t:s0
Target Objects                /var/log [ dir ]
Source                        accounts-daemon
Source Path                   /usr/libexec/accounts-daemon
Port                          <Unknown>
Host                          (removed)
Source RPM Packages           accountsservice-0.6.34-1.fc19.i686
Target RPM Packages           filesystem-3.2-10.fc19.i686
Policy RPM                    selinux-policy-3.12.1-48.fc19.noarch
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Enforcing
Host Name                     (removed)
Platform                      Linux (removed) 3.9.5-301.fc19.i686.PAE #1 SMP Tue
                              Jun 11 19:46:44 UTC 2013 i686 i686
Alert Count                   39
First Seen                    2013-06-12 23:28:57 GMT
Last Seen                     2013-06-12 23:31:52 GMT
Local ID                      f594b007-00b9-478b-839a-c793327e7b7a

Raw Audit Messages
type=AVC msg=audit(1371079912.935:486): avc:  denied  { read } for  pid=608 comm="accounts-daemon" name="log" dev="dm-0" ino=524325 scontext=system_u:system_r:accountsd_t:s0 tcontext=system_u:object_r:var_log_t:s0 tclass=dir


type=SYSCALL msg=audit(1371079912.935:486): arch=i386 syscall=inotify_add_watch success=no exit=EACCES a0=8 a1=b8790ce0 a2=1002fce a3=b8790cc0 items=0 ppid=1 pid=608 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 ses=4294967295 tty=(none) comm=accounts-daemon exe=/usr/libexec/accounts-daemon subj=system_u:system_r:accountsd_t:s0 key=(null)

Hash: accounts-daemon,accountsd_t,var_log_t,dir,read

Additional info:
reporter:       libreport-2.1.4
hashmarkername: setroubleshoot
kernel:         3.9.5-301.fc19.i686.PAE
type:           libreport

Potential duplicate: bug 973367
Comment 1 Giridharan GM 2013-06-12 21:20:25 EDT
Description of problem:
right after booting

Additional info:
reporter:       libreport-2.1.4
hashmarkername: setroubleshoot
kernel:         3.9.5-301.fc19.x86_64
type:           libreport
Comment 2 Heiko Adams 2013-06-13 04:16:33 EDT
Same problem here (x86_64). This problem slows down my system extremely because the exception is raised continously so I'm forced to downgrade accountsservice to have an useable system again
Comment 3 Miroslav Grepl 2013-06-13 06:31:30 EDT
Why does it need to watch /var/log?
Comment 4 Jan Sedlák 2013-06-13 06:33:39 EDT
Description of problem:
Booted and logged into Gnome 3.

Additional info:
reporter:       libreport-2.1.4
hashmarkername: setroubleshoot
kernel:         3.9.5-301.fc19.x86_64
type:           libreport
Comment 5 Pascal94 2013-06-13 07:04:06 EDT
Description of problem:
just restarted my computer after an update

Additional info:
reporter:       libreport-2.1.4
hashmarkername: setroubleshoot
kernel:         3.9.5-301.fc19.x86_64
type:           libreport
Comment 6 Michal Kovarik 2013-06-13 08:22:12 EDT
Description of problem:
After boot system to gnome shell

Additional info:
reporter:       libreport-2.1.4
hashmarkername: setroubleshoot
kernel:         3.9.5-301.fc19.x86_64
type:           libreport
Comment 7 Ray Strode [halfline] 2013-06-13 08:27:23 EDT
because it watches when accounts come and go in wtmp. This isn't new behavior though, afaik. I guess something must have changed in the release, not sure what, but I don't think it's a bug.
Comment 8 Jiří Martínek 2013-06-13 08:41:18 EDT
Description of problem:
It appeared just after reboot

Additional info:
reporter:       libreport-2.1.4
hashmarkername: setroubleshoot
kernel:         3.9.5-301.fc19.i686
type:           libreport
Comment 9 Miroslav Grepl 2013-06-13 08:41:47 EDT
Added.
Comment 10 Jeff Bastian 2013-06-13 09:59:22 EDT
Description of problem:
I'm not sure; the SELinux Alert Browser just popped up with this.

Additional info:
reporter:       libreport-2.1.4
hashmarkername: setroubleshoot
kernel:         3.9.5-301.fc19.x86_64
type:           libreport
Comment 11 Kurt Miller 2013-06-13 10:03:16 EDT
SELinux is preventing /usr/libexec/accounts-daemon from read access on the directory /var/log.

*****  Plugin catchall (100. confidence) suggests  ***************************

Additional Information:
Source Context                system_u:system_r:accountsd_t:s0
Target Context                system_u:object_r:var_log_t:s0
Target Objects                /var/log [ dir ]
Source                        accounts-daemon
Source Path                   /usr/libexec/accounts-daemon
Port                          <Unknown>
Source RPM Packages           accountsservice-0.6.34-1.fc19.x86_64
Target RPM Packages           filesystem-3.2-10.fc19.x86_64
Policy RPM                    selinux-policy-3.12.1-48.fc19.noarch
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Enforcing
Host Name                     
Platform                      Linux 
                              3.9.5-301.fc19.x86_64 #1 SMP Tue Jun 11 19:39:38
                              UTC 2013 x86_64 x86_64
Alert Count                   8226
First Seen                    2013-06-13 00:49:05 EDT
Last Seen                     2013-06-13 09:57:25 EDT
Local ID                      be5bcb9b-ad10-4683-8464-0f350bccedad

Raw Audit Messages
type=AVC msg=audit(1371131845.127:8742): avc:  denied  { read } for  pid=585 comm="accounts-daemon" name="log" dev="dm-1" ino=2883619 scontext=system_u:system_r:accountsd_t:s0 tcontext=system_u:object_r:var_log_t:s0 tclass=dir


type=SYSCALL msg=audit(1371131845.127:8742): arch=x86_64 syscall=inotify_add_watch success=no exit=EACCES a0=8 a1=7fae6947bb90 a2=1002fce a3=0 items=0 ppid=1 pid=585 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 ses=4294967295 tty=(none) comm=accounts-daemon exe=/usr/libexec/accounts-daemon subj=system_u:system_r:accountsd_t:s0 key=(null)

Hash: accounts-daemon,accountsd_t,var_log_t,dir,read
Comment 12 Tommy He 2013-06-13 10:25:17 EDT
Description of problem:
Updated to the latest accoutservice

Additional info:
reporter:       libreport-2.1.4
hashmarkername: setroubleshoot
kernel:         3.9.5-301.fc19.x86_64
type:           libreport
Comment 13 Munawar Ahmed 2013-06-13 15:01:47 EDT
Description of problem:
At system reboot

Additional info:
reporter:       libreport-2.1.4
hashmarkername: setroubleshoot
kernel:         3.9.5-301.fc19.i686
type:           libreport
Comment 14 Pascal94 2013-06-13 15:39:26 EDT
Description of problem:
just logged after an update

Additional info:
reporter:       libreport-2.1.4
hashmarkername: setroubleshoot
kernel:         3.9.5-301.fc19.x86_64
type:           libreport
Comment 15 Laurent Wandrebeck 2013-06-13 15:57:21 EDT
Description of problem:
G3 was just started. did nothing, no mouse click, no keyboard typing. F19 beta up to date.

Additional info:
reporter:       libreport-2.1.4
hashmarkername: setroubleshoot
kernel:         3.9.5-301.fc19.i686
type:           libreport
Comment 16 Adam Williamson 2013-06-13 18:39:43 EDT
Description of problem:
Just popped up after a reboot (system had hung prior to the reboot).

Additional info:
reporter:       libreport-2.1.4
hashmarkername: setroubleshoot
kernel:         3.9.5-301.fc19.x86_64
type:           libreport
Comment 17 Adam Williamson 2013-06-13 18:41:07 EDT
As this seems to hit everyone, nominating as a blocker per Final criterion "In most cases, there must be no SELinux 'AVC: denied' messages or abrt crash notifications on initial boot and subsequent login (see Blocker_Bug_FAQ)".
Comment 18 Luya Tshimbalanga 2013-06-13 21:52:52 EDT
Description of problem:
This bug occurred after update and logged session

Additional info:
reporter:       libreport-2.1.4
hashmarkername: setroubleshoot
kernel:         3.9.5-301.fc19.x86_64
type:           libreport
Comment 19 Luya Tshimbalanga 2013-06-13 21:55:51 EDT
Note the bug also affected rawhide as well running on VM using Gnome Boxes.
Comment 20 Ed Greshko 2013-06-14 00:25:45 EDT
Description of problem:
Happens immediatly after login

Additional info:
reporter:       libreport-2.1.4
hashmarkername: setroubleshoot
kernel:         3.9.5-301.fc19.x86_64
type:           libreport
Comment 21 GregVD 2013-06-14 00:47:17 EDT
Description of problem:
After the first logon screen, and when desktop is loaded.
May this problem is caused by a recent automatic system update.

Additional info:
reporter:       libreport-2.1.4
hashmarkername: setroubleshoot
kernel:         3.9.5-301.fc19.i686
type:           libreport
Comment 22 Mattia M. 2013-06-14 01:42:13 EDT
Description of problem:
This SELinux warning have been popping up at every startup of Fedora 19 for some days (2 or 3).

Additional info:
reporter:       libreport-2.1.4
hashmarkername: setroubleshoot
kernel:         3.9.5-301.fc19.x86_64
type:           libreport
Comment 23 Pascal94 2013-06-14 01:45:57 EDT
Description of problem:
just logged my computer after night shutdown

Additional info:
reporter:       libreport-2.1.4
hashmarkername: setroubleshoot
kernel:         3.9.5-301.fc19.x86_64
type:           libreport
Comment 24 Ankur Sinha (FranciscoD) 2013-06-14 02:41:20 EDT
Description of problem:
Didn't do much. Came up after login.

Additional info:
reporter:       libreport-2.1.4
hashmarkername: setroubleshoot
kernel:         3.9.5-301.fc19.x86_64
type:           libreport
Comment 25 Adam Williamson 2013-06-14 03:30:04 EDT
I recommend people hitting this (which is, pretty much, everyone using GNOME, apparently) do the 'audit2allow' operation suggested by the SELinux troubleshooter for now, otherwise this problem is just going to spam the hell out of your logs; the access is tried about every three seconds on my systems.
Comment 26 Miroslav Grepl 2013-06-14 04:00:54 EDT
The update has been submitted.
Comment 28 Adam Williamson 2013-06-14 04:38:49 EDT
The update works for me, thanks.
Comment 29 Ed Greshko 2013-06-14 05:24:04 EDT
I'm happy now, thanks....
Comment 30 Munawar Ahmed 2013-06-14 07:06:02 EDT
Description of problem:
Reboot after updates!

Additional info:
reporter:       libreport-2.1.4
hashmarkername: setroubleshoot
kernel:         3.9.5-301.fc19.i686
type:           libreport
Comment 31 sangu 2013-06-14 07:07:49 EDT
Description of problem:
After updating accountsservice-0.6.34-1.fc19.x86_64

Additional info:
reporter:       libreport-2.1.4
hashmarkername: setroubleshoot
kernel:         3.9.5-301.fc19.x86_64
type:           libreport
Comment 32 Jiri Eischmann 2013-06-14 07:54:18 EDT
Description of problem:
I installed F19 Final TC3, updated with testing updates, created another user and logged in (to GNOME).

Additional info:
reporter:       libreport-2.1.4
hashmarkername: setroubleshoot
kernel:         3.9.5-301.fc19.x86_64
type:           libreport
Comment 33 Rui Mota 2013-06-14 09:12:51 EDT
Same happens to me after update F19:

Raw Audit Messages
type=AVC msg=audit(1371215508.382:475): avc:  denied  { read } for  pid=522 comm="accounts-daemon" name="log" dev="dm-1" ino=393231 scontext=system_u:system_r:accountsd_t:s0 tcontext=system_u:object_r:var_log_t:s0 tclass=dir


Hash: accounts-daemon,accountsd_t,var_log_t,dir,read
Comment 34 Mark Tinberg 2013-06-14 10:29:21 EDT
Description of problem:
just installed recent updates for F19Beta which included some auth subsystem changes, rebooted

Additional info:
reporter:       libreport-2.1.4
hashmarkername: setroubleshoot
kernel:         3.9.5-301.fc19.x86_64
type:           libreport
Comment 35 Simon Lewis 2013-06-14 12:36:04 EDT
Description of problem:
This bug is really anoying me - abrt is flagging this every 5 seconds

Additional info:
reporter:       libreport-2.1.4
hashmarkername: setroubleshoot
kernel:         3.9.5-301.fc19.x86_64
type:           libreport
Comment 36 Simon Lewis 2013-06-14 14:57:43 EDT
Description of problem:
This is driving me crazy, my PC is running warm and is very slow.

Please publish a workaround until this item can be fixed....

Additional info:
reporter:       libreport-2.1.4
hashmarkername: setroubleshoot
kernel:         3.9.5-301.fc19.x86_64
type:           libreport
Comment 37 Adam Williamson 2013-06-14 14:59:31 EDT
Simon: there's already an update linked from this bug. Just install it.
Comment 38 Matthew Boatright 2013-06-14 15:27:55 EDT
Description of problem:
After fresh install of Fedora 19 beta Mate when starting the desktop you get many SELinux notifications. If you close one another pops up over and over and over.

Additional info:
reporter:       libreport-2.1.4
hashmarkername: setroubleshoot
kernel:         3.9.5-301.fc19.x86_64
type:           libreport
Comment 39 Al Dunsmuir 2013-06-14 16:47:06 EDT
Description of problem:
F19 beta desktop running.   2x of these alerts have popped up.

I do use the gnome log viewer, but don't know if this is related.

Additional info:
reporter:       libreport-2.1.4
hashmarkername: setroubleshoot
kernel:         3.9.5-301.fc19.x86_64
type:           libreport
Comment 40 Rui Mota 2013-06-14 17:35:21 EDT
For those who have a loop in /var/log/messages and the PC gets warm, just delete the files at /var/log/journal/ as described here
http://www.happyassassin.net/2013/06/14/fedora-1920-logfile-explosions/
Comment 41 Nuno 2013-06-14 18:11:23 EDT
Description of problem:
Just after login.

Additional info:
reporter:       libreport-2.1.4
hashmarkername: setroubleshoot
kernel:         3.9.5-301.fc19.i686.PAE
type:           libreport
Comment 42 hrafnkellbrimar 2013-06-14 19:15:51 EDT
Well, I followed the advice from http://www.happyassassin.net/2013/06/14/fedora-1920-logfile-explosions/ as suggested and installed the SELinux policy packages straight from http://koji.fedoraproject.org/koji/buildinfo?buildID=426578 and things seem to have calmed down, but I sure was drowning in logs for a while there.
Comment 43 Adam Williamson 2013-06-14 19:19:05 EDT
hraf: if your logs aren't terribly important you can follow the other advice from my post to wipe large journal files to save a bit of space and prevent your journalctl output being huge and slow.
Comment 44 Rui Mota 2013-06-14 20:14:31 EDT
I added the policy myself and deleted the journal files.
Rebooted and it worked like a charm.
Of course i didnt need the information in those files. The system created new ones with same name.
Comment 45 hrafnkellbrimar 2013-06-14 20:34:31 EDT
Already did that Adam, thanks for the tip.
Comment 46 Francisco de la Peña 2013-06-14 20:49:45 EDT
Description of problem:
Notification shown in gnome shell after rebooting.

Additional info:
reporter:       libreport-2.1.4
hashmarkername: setroubleshoot
kernel:         3.9.5-301.fc19.x86_64
type:           libreport
Comment 47 Simon Lewis 2013-06-15 00:49:13 EDT
Phew! Many thanks for the quick responses. Updating to:

http://koji.fedoraproject.org/koji/buildinfo?buildID=426578

plus,

deleting all .journal and .journal~ files found in sub-folders under /var/log/journal

and rebooting did the trick.
Comment 48 Elad Alfassa 2013-06-15 03:37:35 EDT
Description of problem:
I just logged in

Additional info:
reporter:       libreport-2.1.4
hashmarkername: setroubleshoot
kernel:         3.9.5-301.fc19.x86_64
type:           libreport
Comment 49 Antti Huhtala 2013-06-15 04:46:24 EDT
Description of problem:
The problem appeared at the very end of booting Fedora 19, about the time when the clock applet appears in the middle of the upper panel.

Additional info:
reporter:       libreport-2.1.4
hashmarkername: setroubleshoot
kernel:         3.9.5-301.fc19.x86_64
type:           libreport
Comment 50 Luca Miccini 2013-06-15 05:59:10 EDT
Description of problem:
fedora 19 yum-updated today (15/06/2013). The problem shows up after rebooting the system and logging in.

Additional info:
reporter:       libreport-2.1.4
hashmarkername: setroubleshoot
kernel:         3.9.5-301.fc19.x86_64
type:           libreport
Comment 51 Daniel Walsh 2013-06-15 06:37:20 EDT
*** Bug 973367 has been marked as a duplicate of this bug. ***
Comment 52 klaus 2013-06-15 08:04:35 EDT
Description of problem:
After logging in to Fedora 19 beta I did receive that Selinux alarm. Consultation needed here. First time I feel a bit lost
and disorientated, about how to categorize and how to decide about that specific Selinux alarm here. Very often I could decide to establish a local policy module, but very much apprehensive to do the suggested #grep accounts-daemon /var/log/audit/audit.log | audit2allow -M mypol, #semodule -i mypol.pp here. If I don't allow access, the Selinux-Alarm will be triggered again for sure. Feels almost like an autoimmune reaction of the system (joking here) Any advice?       

Additional info:
reporter:       libreport-2.1.4
hashmarkername: setroubleshoot
kernel:         3.9.5-301.fc19.i686.PAE
type:           libreport
Comment 53 Flóki Pálsson 2013-06-15 08:17:41 EDT
Description of problem:
booting after login

Additional info:
reporter:       libreport-2.1.4
hashmarkername: setroubleshoot
kernel:         3.9.5-301.fc19.x86_64
type:           libreport
Comment 54 Alen Siljak 2013-06-15 08:55:05 EDT
Description of problem:
This is an upgraded Fedora 19 system (from v18). This alert comes up after logging into Gnome shell.

Additional info:
reporter:       libreport-2.1.4
hashmarkername: setroubleshoot
kernel:         3.9.5-301.fc19.x86_64
type:           libreport
Comment 56 Matthew Miller 2013-06-15 12:21:25 EDT
(In reply to Ray Strode [halfline] from comment #7)
> because it watches when accounts come and go in wtmp. This isn't new
> behavior though, afaik. I guess something must have changed in the release,
> not sure what, but I don't think it's a bug.

Should it be migrated to use systemd-logind (at least when available?) instead of watching wtmp?
Comment 57 Alexander Bokovoy 2013-06-15 13:01:47 EDT
Description of problem:
updated for today's F19+updates-testing, rebooted for kernel changes and just logged into gnome session

Additional info:
reporter:       libreport-2.1.4
hashmarkername: setroubleshoot
kernel:         3.9.5-301.fc19.x86_64
type:           libreport
Comment 58 Paul Finnigan 2013-06-15 14:59:32 EDT
Description of problem:
The problem happens every time I boot my laptop. 

I believe that the access is required. I have not allowed the access yet as it is an anoyance rather than a real problem for me.

Additional info:
reporter:       libreport-2.1.4
hashmarkername: setroubleshoot
kernel:         3.9.5-301.fc19.x86_64
type:           libreport
Comment 59 gatlibs 2013-06-15 15:14:22 EDT
Description of problem:
I restarted the computer for the first time after the initial installation of F19Beta.

Additional info:
reporter:       libreport-2.1.4
hashmarkername: setroubleshoot
kernel:         3.9.5-301.fc19.x86_64
type:           libreport
Comment 60 Kurt Miller 2013-06-15 17:01:19 EDT
Trying this correction and I get the following errors. I'm new to linux and not sure what I'm doing wrong. Could someone suggest the correct way to get the update installed?

yum localupdate selinux-policy-3.12.1-52.fc19.noarch.rpm 
Failed to set locale, defaulting to C
Loaded plugins: langpacks, refresh-packagekit
Examining selinux-policy-3.12.1-52.fc19.noarch.rpm: selinux-policy-3.12.1-52.fc19.noarch
Marking selinux-policy-3.12.1-52.fc19.noarch.rpm as an update to selinux-policy-3.12.1-48.fc19.noarch
Resolving Dependencies
--> Running transaction check
---> Package selinux-policy.noarch 0:3.12.1-48.fc19 will be updated
--> Processing Dependency: selinux-policy = 3.12.1-48.fc19 for package: selinux-policy-targeted-3.12.1-48.fc19.noarch
--> Processing Dependency: selinux-policy = 3.12.1-48.fc19 for package: selinux-policy-targeted-3.12.1-48.fc19.noarch
---> Package selinux-policy.noarch 0:3.12.1-52.fc19 will be an update
--> Finished Dependency Resolution
Error: Package: selinux-policy-targeted-3.12.1-48.fc19.noarch (@fedora)
           Requires: selinux-policy = 3.12.1-48.fc19
           Removing: selinux-policy-3.12.1-48.fc19.noarch (@fedora)
               selinux-policy = 3.12.1-48.fc19
           Updated By: selinux-policy-3.12.1-52.fc19.noarch (/selinux-policy-3.12.1-52.fc19.noarch)
               selinux-policy = 3.12.1-52.fc19
 You could try using --skip-broken to work around the problem
 You could try running: rpm -Va --nofiles --nodigest
Comment 61 Adam Williamson 2013-06-15 17:51:25 EDT
Kurt: there's two or three packages you have to update together. If the packages haven't reached your mirror yet, the easiest thing to do is go to /tmp , run 'bodhi -D selinux-policy-3.12.1-52.fc19' , and then 'yum update selin*.rpm'. That will do what you need (might need 'yum install bodhi' first).
Comment 62 Jörg BUCHMANN 2013-06-16 03:39:44 EDT
Description of problem:
I have tried to transmit a bugreport via bugzilla (initial bug 973849) and my bugzilla id was wrong !

Additional info:
reporter:       libreport-2.1.4
hashmarkername: setroubleshoot
kernel:         3.9.5-301.fc19.x86_64
type:           libreport
Comment 63 Sergei LITVINENKO 2013-06-16 05:13:46 EDT
Description of problem:
boot the system
login to KDE

Additional info:
reporter:       libreport-2.1.4
hashmarkername: setroubleshoot
kernel:         3.9.5-301.fc19.i686.PAE
type:           libreport
Comment 64 klaus 2013-06-16 09:02:08 EDT
(In reply to Adam Williamson from comment #55)
> Klaus: just install the update.
> 
> https://admin.fedoraproject.org/updates/selinux-policy-3.12.1-52.fc19
> 
> http://koji.fedoraproject.org/koji/buildinfo?buildID=426578

Adeam, thanks for providing an update. Feels right but installation efforts with yumex deliver a message 

error resolving dependencies:

package: selinux-policy-targeted-3.12.1-48.fc19.noarch (@updates-testing)
    requires: selinux-policy = 3.12.1-48.fc19
    to remove: selinux-policy-3.12.1-48.fc19.noarch (@fedora)
        selinux-policy = 3.12.1-48.fc19
    updated by: selinux-policy-3.12.1-52.fc19.noarch (/selinux-policy-3.12.1-52.fc19.noarch(1))
        selinux-policy = 3.12.1-52.fc19
Comment 65 Jeff Layton 2013-06-16 09:02:58 EDT
Description of problem:
Updated f18-f19 with fedup, relabeled and then logged in.

Additional info:
reporter:       libreport-2.1.4
hashmarkername: setroubleshoot
kernel:         3.9.5-301.fc19.x86_64
type:           libreport
Comment 66 Heiko Adams 2013-06-16 09:05:57 EDT
(In reply to klaus from comment #64)
> (In reply to Adam Williamson from comment #55)
> > Klaus: just install the update.
> > 
> > https://admin.fedoraproject.org/updates/selinux-policy-3.12.1-52.fc19
> > 
> > http://koji.fedoraproject.org/koji/buildinfo?buildID=426578
> 
> Adeam, thanks for providing an update. Feels right but installation efforts
> with yumex deliver a message 
> 
> error resolving dependencies:
> 
> package: selinux-policy-targeted-3.12.1-48.fc19.noarch (@updates-testing)
>     requires: selinux-policy = 3.12.1-48.fc19
>     to remove: selinux-policy-3.12.1-48.fc19.noarch (@fedora)
>         selinux-policy = 3.12.1-48.fc19
>     updated by: selinux-policy-3.12.1-52.fc19.noarch
> (/selinux-policy-3.12.1-52.fc19.noarch(1))
>         selinux-policy = 3.12.1-52.fc19

execute rpm -qa selinux\* and update all packages listed to avoid that error
Comment 67 Kris 2013-06-16 10:58:41 EDT
Description of problem:
This popped up after I logged in from booting up.

Additional info:
reporter:       libreport-2.1.4
hashmarkername: setroubleshoot
kernel:         3.9.5-301.fc19.x86_64
type:           libreport
Comment 68 Kurt Miller 2013-06-16 11:03:28 EDT
(In reply to Adam Williamson from comment #61)
> Kurt: there's two or three packages you have to update together. If the
> packages haven't reached your mirror yet, the easiest thing to do is go to
> /tmp , run 'bodhi -D selinux-policy-3.12.1-52.fc19' , and then 'yum update
> selin*.rpm'. That will do what you need (might need 'yum install bodhi'
> first).

Thank you, that worked like a charm.

The update fixed the problem as well. Thanks!
Comment 69 Vesa Laitinen 2013-06-16 11:41:25 EDT
Description of problem:
You should report this as a bug.
You can generate a local policy module to allow this access.
Allow this access for now by executing:
# grep accounts-daemon /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.ppv

Additional info:
reporter:       libreport-2.1.4
hashmarkername: setroubleshoot
kernel:         3.9.5-301.fc19.x86_64
type:           libreport
Comment 70 Gunnar Hellekson 2013-06-16 23:19:48 EDT
Description of problem:
Boot F19 beta, watch setroubleshoot almost immediately start complaining.

Additional info:
reporter:       libreport-2.1.4
hashmarkername: setroubleshoot
kernel:         3.9.5-301.fc19.x86_64
type:           libreport
Comment 71 Hans de Goede 2013-06-17 01:34:48 EDT
Description of problem:
I installed all the latest updates for Fedora-19, then shut down my machine. Upon starting it up again the next day I got this selinux denial.

Additional info:
reporter:       libreport-2.1.4
hashmarkername: setroubleshoot
kernel:         3.9.5-301.fc19.x86_64
type:           libreport
Comment 72 Adam Williamson 2013-06-17 13:45:24 EDT
Discussed at 2013-06-17 blocker review meeting: http://meetbot.fedoraproject.org/fedora-blocker-review/2013-06-17/f19final-blocker-review-6.2013-06-17-16.01.log.txt . Accepted as a blocker per criterion "In most cases, there must be no SELinux 'AVC: denied' messages or abrt crash notifications on initial boot and subsequent login (see Blocker_Bug_FAQ)" .

Please, everyone who's hitting this, just install the selinux-policy update. It fixes it.
Comment 73 Chris Williams 2013-06-17 18:28:08 EDT
Description of problem:
This happened on first login after a cold boot

Additional info:
reporter:       libreport-2.1.4
hashmarkername: setroubleshoot
kernel:         3.9.5-301.fc19.x86_64
type:           libreport
Comment 74 Berend De Schouwer 2013-06-18 03:41:38 EDT
Description of problem:
automatic report?

Additional info:
reporter:       libreport-2.1.4
hashmarkername: setroubleshoot
kernel:         3.9.5-301.fc19.x86_64
type:           libreport
Comment 75 Nathanael Noblet 2013-06-18 13:17:53 EDT
Description of problem:
Just noticed it on the message tray, no idea how it occured.

Additional info:
reporter:       libreport-2.1.4
hashmarkername: setroubleshoot
kernel:         3.9.5-301.fc19.x86_64
type:           libreport
Comment 76 Adam Williamson 2013-06-18 20:18:41 EDT
https://admin.fedoraproject.org/updates/FEDORA-2013-10881/selinux-policy-3.12.1-52.fc19 has gone stable, closing.

Note You need to log in before you can comment on or make changes to this bug.