Description of problem: Same as https://bugzilla.redhat.com/show_bug.cgi?id=919459 for Fedora 19 SELinux is preventing /usr/bin/boinc_client from 'connectto' accesses on the unix_stream_socket @/tmp/.X11-unix/X0. ***** Plugin catchall (100. confidence) suggests *************************** If si crede che boinc_client dovrebbe avere possibilità di accesso connectto sui X0 unix_stream_socket in modo predefinito. Then si dovrebbe riportare il problema come bug. E' possibile generare un modulo di politica locale per consentire questo accesso. Do consentire questo accesso per il momento eseguendo: # grep boinc_client /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context system_u:system_r:boinc_t:s0 Target Context system_u:system_r:xserver_t:s0-s0:c0.c1023 Target Objects @/tmp/.X11-unix/X0 [ unix_stream_socket ] Source boinc_client Source Path /usr/bin/boinc_client Port <Sconosciuto> Host (removed) Source RPM Packages boinc-client-7.0.65-1.git79b00ef.fc19.x86_64 Target RPM Packages Policy RPM selinux-policy-3.12.1-69.fc19.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 3.10.5-201.fc19.x86_64 #1 SMP Wed Aug 7 16:25:24 UTC 2013 x86_64 x86_64 Alert Count 40 First Seen 2013-08-12 19:55:02 CEST Last Seen 2013-08-19 18:52:17 CEST Local ID 6af145b1-400a-43bd-b028-4bb88785d660 Raw Audit Messages type=AVC msg=audit(1376931137.513:599): avc: denied { connectto } for pid=18965 comm="boinc_client" path=002F746D702F2E5831312D756E69782F5830 scontext=system_u:system_r:boinc_t:s0 tcontext=system_u:system_r:xserver_t:s0-s0:c0.c1023 tclass=unix_stream_socket type=SYSCALL msg=audit(1376931137.513:599): arch=x86_64 syscall=connect success=yes exit=0 a0=5 a1=7ffffea976a0 a2=14 a3=7ffffea976a3 items=0 ppid=18903 pid=18965 auid=4294967295 uid=990 gid=989 euid=990 suid=990 fsuid=990 egid=989 sgid=989 fsgid=989 ses=4294967295 tty=(none) comm=boinc_client exe=/usr/bin/boinc_client subj=system_u:system_r:boinc_t:s0 key=(null) Hash: boinc_client,boinc_t,xserver_t,unix_stream_socket,connectto Additional info: reporter: libreport-2.1.6 hashmarkername: setroubleshoot kernel: 3.10.5-201.fc19.x86_64 type: libreport Potential duplicate: bug 689205
Has been fixed. # yum update selinux-policy-targeted --enablerepo=updates-testing
It's not fixed [root@lof19 ~]# yum --enablerepo=updates-testing update selinux* Plugin abilitati:langpacks, refresh-packagekit No packages marked for update [root@lof19 ~]# yum info selinux-policy-targeted Plugin abilitati:langpacks, refresh-packagekit Pacchetti installati Nome : selinux-policy-targeted Arch : noarch Versione : 3.12.1 Rilascio : 69.fc19 Dimensione : 18 M Repo : installed Dal repo : updates Sommario : SELinux targeted base policy URL : http://oss.tresys.com/repos/refpolicy/ Licenza : GPLv2+ Descrizione : SELinux Reference policy targeted base module. Also for Fedora 18 it's not fixed though the bug has been closed: https://bugzilla.redhat.com/show_bug.cgi?id=919459
#============= boinc_t ============== #!!!! This avc is allowed in the current policy allow boinc_t xserver_t:unix_stream_socket connectto; Please run # yum update selinux-policy-targeted
Well, it's gone :) thanks