Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.

Bug 1403462

Summary: SELinux is preventing iw from 'getattr' accesses on the netlink_generic_socket Unknown.
Product: [Fedora] Fedora Reporter: Alexander Korsunsky <fat.lobyte9>
Component: selinux-policyAssignee: Lukas Vrabec <lvrabec>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 25CC: andrebrait, arturpolak1, bugzilla, david, dominick.grift, dwalsh, e.misiek, fedora.243908, jaeichle, jeroen, jneedle, jylo06g, lvrabec, mgrepl, nate, plautrba, pmoore, redhat, ssekidde, thebeardedhermit
Target Milestone: ---Keywords: Reopened
Target Release: ---   
Hardware: x86_64   
OS: Unspecified   
Whiteboard: abrt_hash:cf7c72df3d1dd77b3850645e849cbcfef428e585e0d4315a1cdfd31d26ed3462;VARIANT_ID=workstation;
Fixed In Version: selinux-policy-3.13.1-225.6.fc25 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-01-11 07:23:58 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Alexander Korsunsky 2016-12-10 14:18:27 UTC
Description of problem:
SELinux is preventing iw from 'getattr' accesses on the netlink_generic_socket Unknown.

*****  Plugin catchall (100. confidence) suggests   **************************

If sie denken, dass es iw standardmäßig erlaubt sein sollte, getattr Zugriff auf Unknown netlink_generic_socket zu erhalten.
Then sie sollten dies als Fehler melden.
Um diesen Zugriff zu erlauben, können Sie ein lokales Richtlinien-Modul erstellen.
Do
allow this access for now by executing:
# ausearch -c 'iw' --raw | audit2allow -M my-iw
# semodule -X 300 -i my-iw.pp

Additional Information:
Source Context                system_u:system_r:tlp_t:s0
Target Context                system_u:system_r:tlp_t:s0
Target Objects                Unknown [ netlink_generic_socket ]
Source                        iw
Source Path                   iw
Port                          <Unknown>
Host                          (removed)
Source RPM Packages           
Target RPM Packages           
Policy RPM                    selinux-policy-3.13.1-225.1.fc25.noarch
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Enforcing
Host Name                     (removed)
Platform                      Linux (removed) 4.8.11-300.fc25.x86_64 #1 SMP Mon
                              Nov 28 18:24:51 UTC 2016 x86_64 x86_64
Alert Count                   7
First Seen                    2016-12-09 22:39:59 CET
Last Seen                     2016-12-10 13:16:35 CET
Local ID                      a9057d86-4bf9-4dc0-b6ef-7bc2934ac446

Raw Audit Messages
type=AVC msg=audit(1481372195.591:292): avc:  denied  { getattr } for  pid=4640 comm="iw" scontext=system_u:system_r:tlp_t:s0 tcontext=system_u:system_r:tlp_t:s0 tclass=netlink_generic_socket permissive=1


Hash: iw,tlp_t,tlp_t,netlink_generic_socket,getattr

Version-Release number of selected component:
selinux-policy-3.13.1-225.1.fc25.noarch

Additional info:
reporter:       libreport-2.8.0
hashmarkername: setroubleshoot
kernel:         4.8.11-300.fc25.x86_64
type:           libreport

Comment 1 Jia Yuan Lo 2016-12-10 15:40:50 UTC
Description of problem:
Happened after 1st time install BOINC client and 1st time starting BOINC client service

Version-Release number of selected component:
selinux-policy-3.13.1-225.1.fc25.noarch

Additional info:
reporter:       libreport-2.8.0
hashmarkername: setroubleshoot
kernel:         4.8.12-300.fc25.x86_64
type:           libreport

Comment 2 Frank Büttner 2016-12-12 12:25:16 UTC
Description of problem:
Plug in power supply.

Version-Release number of selected component:
selinux-policy-3.13.1-225.1.fc25.noarch

Additional info:
reporter:       libreport-2.8.0
hashmarkername: setroubleshoot
kernel:         4.8.12-300.fc25.x86_64
type:           libreport

Comment 3 Jeff Needle 2016-12-14 21:23:02 UTC
Description of problem:
Updated to f25

Version-Release number of selected component:
selinux-policy-3.13.1-225.3.fc25.noarch

Additional info:
reporter:       libreport-2.8.0
hashmarkername: setroubleshoot
kernel:         4.8.13-300.fc25.x86_64
type:           libreport

Comment 4 Jeff Needle 2016-12-15 14:15:12 UTC
Reopening this - can you at least provide an explanation for why it's NOTABUG before closing?

Comment 6 NMueller 2016-12-17 23:03:45 UTC
Description of problem:
This occured after booting the computer.

Version-Release number of selected component:
selinux-policy-3.13.1-225.3.fc25.noarch

Additional info:
reporter:       libreport-2.8.0
hashmarkername: setroubleshoot
kernel:         4.8.14-300.fc25.x86_64
type:           libreport

Comment 7 Biji 2016-12-27 08:20:37 UTC
(In reply to Frank Büttner from comment #2)
> Description of problem:
> Plug in power supply.
> 
> Version-Release number of selected component:
> selinux-policy-3.13.1-225.1.fc25.noarch
> 
> Additional info:
> reporter:       libreport-2.8.0
> hashmarkername: setroubleshoot
> kernel:         4.8.12-300.fc25.x86_64
> type:           libreport

Probably related to TLP, I'm using it

Comment 8 Jeroen Lankheet 2016-12-27 14:28:24 UTC
Description of problem:
Problem occurred immediately after waking laptop from suspended mode. 
WIFI was connected fine

Version-Release number of selected component:
selinux-policy-3.13.1-225.3.fc25.noarch

Additional info:
reporter:       libreport-2.8.0
hashmarkername: setroubleshoot
kernel:         4.8.15-300.fc25.x86_64
type:           libreport

Comment 9 David Johnston 2016-12-31 17:23:31 UTC
Description of problem:
This se alert popped up after logging in immediately after boot.

Version-Release number of selected component:
selinux-policy-3.13.1-225.3.fc25.noarch

Additional info:
reporter:       libreport-2.8.0
hashmarkername: setroubleshoot
kernel:         4.8.15-300.fc25.x86_64
type:           libreport

Comment 10 Michał 2017-01-04 16:25:06 UTC
Description of problem:
Just booted up

Version-Release number of selected component:
selinux-policy-3.13.1-225.3.fc25.noarch

Additional info:
reporter:       libreport-2.8.0
hashmarkername: setroubleshoot
kernel:         4.8.15-300.fc25.x86_64
type:           libreport

Comment 11 Fabio R. 2017-01-06 21:30:07 UTC
Description of problem:
It happened after I disconnected the power cord from the laptop.

Version-Release number of selected component:
selinux-policy-3.13.1-225.3.fc25.noarch

Additional info:
reporter:       libreport-2.8.0
hashmarkername: setroubleshoot
kernel:         4.8.15-300.fc25.x86_64
type:           libreport

Comment 12 Janine Eichler 2017-01-07 17:41:40 UTC
Description of problem:
- installed tlp
- enabled tlp systemd service

Version-Release number of selected component:
selinux-policy-3.13.1-225.3.fc25.noarch

Additional info:
reporter:       libreport-2.8.0
hashmarkername: setroubleshoot
kernel:         4.8.14-300.fc25.x86_64
type:           libreport

Comment 13 Fedora Update System 2017-01-08 22:22:30 UTC
selinux-policy-3.13.1-225.6.fc25 has been submitted as an update to Fedora 25. https://bodhi.fedoraproject.org/updates/FEDORA-2017-66d634473a

Comment 14 Fedora Update System 2017-01-10 03:25:49 UTC
selinux-policy-3.13.1-225.6.fc25 has been pushed to the Fedora 25 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2017-66d634473a

Comment 15 Fedora Update System 2017-01-11 07:23:58 UTC
selinux-policy-3.13.1-225.6.fc25 has been pushed to the Fedora 25 stable repository. If problems still persist, please make note of it in this bug report.

Comment 16 David Johnston 2017-01-15 02:18:42 UTC
Description of problem:
This occurred after after switching from AC to battery power. 

Version-Release number of selected component:
selinux-policy-3.13.1-225.3.fc25.noarch

Additional info:
reporter:       libreport-2.8.0
hashmarkername: setroubleshoot
kernel:         4.8.15-300.fc25.x86_64
type:           libreport