Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.
Bug 1245477 - SELinux is preventing abrt-hook-ccpp from using the 'sigchld' accesses on a process.
Summary: SELinux is preventing abrt-hook-ccpp from using the 'sigchld' accesses on a p...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy
Version: 22
Hardware: x86_64
OS: Unspecified
urgent
urgent
Target Milestone: ---
Assignee: Lukas Vrabec
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard: abrt_hash:e6d10fcd6f18e995dfe405a4aef...
: 1245756 1246757 1246784 1247745 1256050 1257313 1266598 1270546 (view as bug list)
Depends On:
Blocks: 1254188 1276305
TreeView+ depends on / blocked
 
Reported: 2015-07-22 07:25 UTC by Jean-Christophe Baptiste
Modified: 2016-05-10 14:04 UTC (History)
130 users (show)

Fixed In Version: selinux-policy-3.13.1-128.18.fc22 selinux-policy-3.13.1-128.21.fc22
Doc Type: Bug Fix
Doc Text:
Clone Of:
: 1254188 1276305 (view as bug list)
Environment:
Last Closed: 2015-11-27 03:54:39 UTC
Type: ---
Embargoed:


Attachments (Terms of Use)
journalctl -b 0 (205.53 KB, application/x-xz)
2015-09-04 07:23 UTC, Milan Bouchet-Valat
no flags Details


Links
System ID Private Priority Status Summary Last Updated
Red Hat Bugzilla 1273110 0 unspecified CLOSED SELinux is preventing /usr/bin/docker from 'write' accesses on the sock_file docker.sock. 2022-05-16 11:32:56 UTC

Internal Links: 1273110

Description Jean-Christophe Baptiste 2015-07-22 07:25:21 UTC
Description of problem:
SELinux is preventing abrt-hook-ccpp from using the 'sigchld' accesses on a process.

*****  Plugin catchall (100. confidence) suggests   **************************

If vous pensez que abrt-hook-ccpp devrait être autorisé à accéder sigchld sur les processus étiquetés kernel_t par défaut.
Then vous devriez rapporter ceci en tant qu'anomalie.
Vous pouvez générer un module de stratégie local pour autoriser cet accès.
Do
autoriser cet accès pour le moment en exécutant :
# grep abrt-hook-ccpp /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp

Additional Information:
Source Context                system_u:system_r:xdm_t:s0-s0:c0.c1023
Target Context                system_u:system_r:kernel_t:s0
Target Objects                Unknown [ process ]
Source                        abrt-hook-ccpp
Source Path                   abrt-hook-ccpp
Port                          <Unknown>
Host                          (removed)
Source RPM Packages           
Target RPM Packages           
Policy RPM                    selinux-policy-3.13.1-128.6.fc22.noarch
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Enforcing
Host Name                     (removed)
Platform                      Linux (removed) 4.0.8-300.fc22.x86_64 #1 SMP Fri
                              Jul 10 21:04:56 UTC 2015 x86_64 x86_64
Alert Count                   1
First Seen                    2015-07-22 09:21:44 CEST
Last Seen                     2015-07-22 09:21:44 CEST
Local ID                      d1a0744e-253d-4c1d-8daf-956f26b68141

Raw Audit Messages
type=AVC msg=audit(1437549704.396:995): avc:  denied  { sigchld } for  pid=18368 comm="abrt-hook-ccpp" scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=0


Hash: abrt-hook-ccpp,xdm_t,kernel_t,process,sigchld

Version-Release number of selected component:
selinux-policy-3.13.1-128.6.fc22.noarch

Additional info:
reporter:       libreport-2.6.1
hashmarkername: setroubleshoot
kernel:         4.0.8-300.fc22.x86_64
type:           libreport

Potential duplicate: bug 1242467

Comment 1 Johannes 2015-07-26 16:13:58 UTC
Description of problem:
Fingerprint to access sudo

Version-Release number of selected component:
selinux-policy-3.13.1-128.6.fc22.noarch

Additional info:
reporter:       libreport-2.6.1
hashmarkername: setroubleshoot
kernel:         4.0.8-300.fc22.x86_64
type:           libreport

Comment 2 Jason Taylor 2015-07-28 01:18:31 UTC
Description of problem:
installed all updates as of Monday, July 27th. After the updates started receiving this selinux issue.

Version-Release number of selected component:
selinux-policy-3.13.1-128.6.fc22.noarch

Additional info:
reporter:       libreport-2.6.1
hashmarkername: setroubleshoot
kernel:         4.0.8-300.fc22.x86_64
type:           libreport

Comment 3 bztdlinux 2015-07-30 23:50:54 UTC
Description of problem:
gnome-shell crashed on a monitor attach event, then abrt crashed while processing that crash

Version-Release number of selected component:
selinux-policy-3.13.1-128.8.fc22.noarch

Additional info:
reporter:       libreport-2.6.2
hashmarkername: setroubleshoot
kernel:         4.1.2-200.fc22.x86_64
type:           libreport

Comment 4 elitedeciel 2015-08-04 23:50:47 UTC
Description of problem:
This often happens during the normal use of Firefox in Fedora 22.  No particular actions.

Version-Release number of selected component:
selinux-policy-3.13.1-128.8.fc22.noarch

Additional info:
reporter:       libreport-2.6.2
hashmarkername: setroubleshoot
kernel:         4.1.3-200.fc22.x86_64
type:           libreport

Comment 5 Miroslav Grepl 2015-08-05 10:28:22 UTC
Jakub,
what was our solution here?

Comment 6 Jakub Filak 2015-08-05 10:51:13 UTC
(In reply to Miroslav Grepl from comment #5)
> Jakub,
> what was our solution here?

/usr/libexec/abrt-hook-ccpp is a core dumper used in /proc/sys/kernel/core_pattern.

Strating with abrt-2.6.1, abrt-hook-ccpp tries to ptrace(PTRACE_SEIZE, ..., PTRACE_O_TRACEEXIT) the process that is being dumped by kernel. It does that because we want to generate the crash backtrace before kernel unloads the process's memory. After we call ptrace() we have to waitpid() and check whether the ptrace action was successful.

If you want to trigger this functionality, just kill something with SIGABRT or run /usr/bin/will_segfault.

We did not notice any AVC when we were testing this feature.

Comment 7 Miroslav Grepl 2015-08-05 14:13:58 UTC
Should we label it as abrt_helper_exec_t?

# chcon -t abrt_helper_exec_t /usr/libexec/abrt-hook-ccpp

Comment 8 H.W. 2015-08-06 17:22:31 UTC
Description of problem:
Fedora Workstation 22 (x86-64) is installed as Guest in VMWare Workstation 10.0.7 (Hostsystem is Win 8.1 Enterprise, x86-64). I installed updates ("su" with pwd) with "dnf updates" in a terminal session. I get a SELinux Alert before the updates are complete finished.

Version-Release number of selected component:
selinux-policy-3.13.1-128.8.fc22.noarch

Additional info:
reporter:       libreport-2.6.2
hashmarkername: setroubleshoot
kernel:         4.1.3-201.fc22.x86_64
type:           libreport

Comment 9 elitedeciel 2015-08-07 01:50:41 UTC
Description of problem:
installed a new copy of F22, all upgraded, no other appication installed other that gnome tweak tool.

Constantly comes up, and eventually crashed.

Version-Release number of selected component:
selinux-policy-3.13.1-128.8.fc22.noarch

Additional info:
reporter:       libreport-2.6.2
hashmarkername: setroubleshoot
kernel:         4.1.3-201.fc22.x86_64
type:           libreport

Comment 10 H.W. 2015-08-08 10:09:04 UTC
Description of problem:
Fedora 22 (x64) works as guest in a VMWare Workstation v10.0.7. Installed as "su" Adobe Flash Plugin in a terminal session with "dnf install adobe-release-x86_64-1.0-1.noarch.rpm" then "dnf install flash-plugin". After i close the terminal session with "exit" (su) and another "exit" (for the terminal session) i checked the installation in Firefox and closed the browser. Then i get a SELinux Alert and i am logged out.

Version-Release number of selected component:
selinux-policy-3.13.1-128.8.fc22.noarch

Additional info:
reporter:       libreport-2.6.2
hashmarkername: setroubleshoot
kernel:         4.1.3-201.fc22.x86_64
type:           libreport

Comment 11 Miroslav Grepl 2015-08-15 10:23:14 UTC
*** Bug 1245756 has been marked as a duplicate of this bug. ***

Comment 12 Miroslav Grepl 2015-08-15 11:26:57 UTC
(In reply to Miroslav Grepl from comment #7)
> Should we label it as abrt_helper_exec_t?
> 
> # chcon -t abrt_helper_exec_t /usr/libexec/abrt-hook-ccpp

Ok we probably need to add another ABRT domain - either abrt_dump_oops_t or a new one. The point is this new domain will need to ptrace random domains and will require sigchld.

Comment 13 Miroslav Grepl 2015-08-15 15:51:55 UTC
*** Bug 1246784 has been marked as a duplicate of this bug. ***

Comment 14 Miroslav Grepl 2015-08-15 15:54:30 UTC
Lukas,
it works with

$ cat myabrt.cil

(block abrt_dump_oops_t)
(block kernel_t)

(in kernel_t
    (optional kernel_optional_abrt
    (call domtrans_pattern (kernel_t abrt_dump_oops_exec_t abrt_dump_oops_t))))

(in abrt_dump_oops_t
    (allow abrt_dump_oops_t self (capability (kill net_admin sys_ptrace)))
    (allow abrt_dump_oops_t proc_security_t (file (getattr read open)))
    (call domain_ptrace_all_domains (abrt_dump_oops_t))
    (call domain_read_all_domains_state (abrt_dump_oops_t))
    (call domain_signull_all_domains (abrt_dump_oops_t)))

Comment 15 Martín Cigorraga 2015-08-18 13:38:14 UTC
Description of problem:
I saw this alert after waking the system from suspension.

Version-Release number of selected component:
selinux-policy-3.13.1-128.10.fc22.noarch

Additional info:
reporter:       libreport-2.6.2
hashmarkername: setroubleshoot
kernel:         4.1.5-200.fc22.x86_64
type:           libreport

Comment 16 Martín Cigorraga 2015-08-18 22:57:10 UTC
Description of problem:
Woke the system from suspend, there was an alert notice on the GDM lock screen regarding Abrt.
After pressing ESC to lift the lock screen BAM! GDM or X crashed and then restarted -- of course losing my currently running session :'(

Nonetheless, thanks everyone for putting everything together to make F22 a great distro.

Version-Release number of selected component:
selinux-policy-3.13.1-128.10.fc22.noarch

Additional info:
reporter:       libreport-2.6.2
hashmarkername: setroubleshoot
kernel:         4.1.5-200.fc22.x86_64
type:           libreport

Comment 17 Lukas Vrabec 2015-08-19 08:16:44 UTC
commit ca95767f8e2db2296343db21b47852b820a8bb24
Author: Lukas Vrabec <lvrabec>
Date:   Tue Aug 18 18:00:41 2015 +0200

    Allow abrt_dump_oops_t to read proc_security_t files.

commit a7ca01f148f78355a0795c14570890c112410e0c
Author: Lukas Vrabec <lvrabec>
Date:   Tue Aug 18 17:55:18 2015 +0200

    Allow abrt_dump_oops to signull all domains
    Allow abrt_dump_oops to read all domains state
    Allow abrt_dump_oops to ptrace all domains

commit 7c68bff8cd0381677e3953c7c9eeb4d6f1dac729
Author: Lukas Vrabec <lvrabec>
Date:   Tue Aug 18 17:54:57 2015 +0200

    Add interface abrt_dump_oops_domtrans()

commit 9c122650fa1ef973594fcbc6d4c9dff967b9cfa6
Author: Lukas Vrabec <lvrabec>
Date:   Tue Aug 18 17:57:21 2015 +0200

    Allow kernel_t domtrans to abrt_dump_oops_t

Comment 18 Martín Cigorraga 2015-08-21 03:29:15 UTC
Description of problem:
Woke up the system and found the alert on the lock screen :'(

Version-Release number of selected component:
selinux-policy-3.13.1-128.10.fc22.noarch

Additional info:
reporter:       libreport-2.6.2
hashmarkername: setroubleshoot
kernel:         4.1.5-200.fc22.x86_64
type:           libreport

Comment 19 Fedora Update System 2015-08-24 11:45:50 UTC
selinux-policy-3.13.1-128.12.fc22 has been submitted as an update to Fedora 22. https://bugzilla.redhat.com/show_bug.cgi?id=1245477

Comment 20 Milan Bouchet-Valat 2015-08-24 13:49:32 UTC
*** Bug 1256050 has been marked as a duplicate of this bug. ***

Comment 21 Fedora Update System 2015-08-24 21:54:33 UTC
selinux-policy-3.13.1-128.12.fc22 has been pushed to the Fedora 22 testing repository. If problems still persist, please make note of it in this bug report.\nIf you want to test the update, you can install it with \n su -c 'yum --enablerepo=updates-testing update selinux-policy'. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2015-14076

Comment 22 Ting-Wei Lan 2015-08-26 09:54:21 UTC
Description of problem:
fprintd.service segfault

Version-Release number of selected component:
selinux-policy-3.13.1-128.12.fc22.noarch

Additional info:
reporter:       libreport-2.6.2
hashmarkername: setroubleshoot
kernel:         4.1.5-200.fc22.x86_64
type:           libreport

Comment 23 Ting-Wei Lan 2015-08-26 10:20:49 UTC
This happens when I login to the system or unlock the screen. selinux-policy from updates-testing is already installed.

Additional Information:
Source Context                system_u:system_r:fprintd_t:s0
Target Context                system_u:system_r:kernel_t:s0
Target Objects                Unknown [ process ]
Source                        abrt-hook-ccpp
Source Path                   /usr/libexec/abrt-hook-ccpp
Port                          <Unknown>
Host                          wnn
Source RPM Packages           abrt-addon-coredump-helper-2.6.1-2.fc22.x86_64
Target RPM Packages           
Policy RPM                    selinux-policy-3.13.1-128.12.fc22.noarch
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Enforcing
Host Name                     wnn
Platform                      Linux wnn 4.1.5-200.fc22.x86_64 #1 SMP Mon Aug 10
                              23:38:23 UTC 2015 x86_64 x86_64
Alert Count                   12
First Seen                    2015-08-25 17:58:36 CST
Last Seen                     2015-08-26 17:52:06 CST
Local ID                      a9bbcde8-08bd-4a19-89fb-30853a73cb1a

Raw Audit Messages
type=AVC msg=audit(1440582726.335:26278): avc:  denied  { sigchld } for  pid=9849 comm="abrt-hook-ccpp" scontext=system_u:system_r:fprintd_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=0


type=SYSCALL msg=audit(1440582726.335:26278): arch=x86_64 syscall=wait4 success=no exit=EACCES a0=2405 a1=7fff77148d7c a2=0 a3=0 items=0 ppid=31635 pid=9849 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=abrt-hook-ccpp exe=/usr/libexec/abrt-hook-ccpp subj=system_u:system_r:kernel_t:s0 key=(null)

Hash: abrt-hook-ccpp,fprintd_t,kernel_t,process,sigchld

Comment 24 mvnaylor 2015-08-26 19:31:26 UTC
Description of problem:
no idea...it appeard when I unlocked my PC

Version-Release number of selected component:
selinux-policy-3.13.1-128.10.fc22.noarch

Additional info:
reporter:       libreport-2.6.2
hashmarkername: setroubleshoot
kernel:         4.1.5-200.fc22.x86_64
type:           libreport

Comment 25 Miroslav Grepl 2015-08-27 17:21:45 UTC
*** Bug 1257313 has been marked as a duplicate of this bug. ***

Comment 26 Fedora Update System 2015-08-27 18:23:23 UTC
selinux-policy-3.13.1-128.12.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report.

Comment 27 Robin Bowes 2015-08-28 13:48:47 UTC
Description of problem:
Tried to connect to a running docker container using docker exce -ti <hash>

Was unable to because of SELinux error

Works OK in permissive mode

Version-Release number of selected component:
selinux-policy-3.13.1-128.12.fc22.noarch

Additional info:
reporter:       libreport-2.6.2
hashmarkername: setroubleshoot
kernel:         4.1.6-200.fc22.x86_64
type:           libreport

Comment 28 Ting-Wei Lan 2015-09-04 02:28:27 UTC
Description of problem:
unlock screen and fprintd segfault

Version-Release number of selected component:
selinux-policy-3.13.1-128.12.fc22.noarch

Additional info:
reporter:       libreport-2.6.2
hashmarkername: setroubleshoot
kernel:         4.1.6-200.fc22.x86_64
type:           libreport

Comment 29 Milan Bouchet-Valat 2015-09-04 07:23:28 UTC
Created attachment 1070174 [details]
journalctl -b 0

I'm reopening as (as others above) I've just seen this again with selinux-policy 3.13.1-128.12.fc22.

See the attached log:
sept. 04 08:58:24 milan abrt-hook-ccpp[13793]: Failed to create core_backtrace: waitpid failed: Permission denied

A possible explanation is that it looks like systemd-journald crashed, as can be seen from this line:
sept. 04 09:00:34 milan abrt-server[13832]: Deleting problem directory ccpp-2015-09-04-08:58:15-423 (dup of ccpp-2015-06-28-17:43:01-403)
The latter problem directory is about systemd-journald. Maybe some processes require more permissions than others?

Comment 30 褚敬彬 2015-09-10 07:38:34 UTC
Description of problem:
i really dont know~

Version-Release number of selected component:
selinux-policy-3.13.1-128.12.fc22.noarch

Additional info:
reporter:       libreport-2.6.2
hashmarkername: setroubleshoot
kernel:         4.1.6-200.fc22.x86_64
type:           libreport

Comment 31 deesto 2015-09-18 11:38:21 UTC
Description of problem:
Nothing -- logged into system.

Version-Release number of selected component:
selinux-policy-3.13.1-128.13.fc22.noarch

Additional info:
reporter:       libreport-2.6.2
hashmarkername: setroubleshoot
kernel:         4.1.6-201.fc22.x86_64
type:           libreport

Comment 32 Orion Poplawski 2015-09-21 17:58:27 UTC
*** Bug 1247745 has been marked as a duplicate of this bug. ***

Comment 33 Ahmad Kaifi 2015-10-01 09:04:31 UTC
Description of problem:
I received this bug with SELinux?!

Version-Release number of selected component:
selinux-policy-3.13.1-128.13.fc22.noarch

Additional info:
reporter:       libreport-2.6.2
hashmarkername: setroubleshoot
kernel:         4.1.7-200.fc22.x86_64
type:           libreport

Comment 34 Frank Büttner 2015-10-01 12:32:51 UTC
At my system this was happened by  call: "setenforce 0"

Comment 35 fulminemizzega 2015-10-03 10:22:04 UTC
Description of problem:
Boot and login

Version-Release number of selected component:
selinux-policy-3.13.1-128.13.fc22.noarch

Additional info:
reporter:       libreport-2.6.2
hashmarkername: setroubleshoot
kernel:         4.1.7-200.fc22.x86_64
type:           libreport

Comment 36 Miroslav Grepl 2015-10-05 06:45:15 UTC
*** Bug 1246757 has been marked as a duplicate of this bug. ***

Comment 37 Miroslav Grepl 2015-10-05 06:45:20 UTC
*** Bug 1266598 has been marked as a duplicate of this bug. ***

Comment 39 Flo H. 2015-10-07 19:57:46 UTC
Description of problem:
It just happened. I don't know what triggered it.

Version-Release number of selected component:
selinux-policy-3.13.1-128.16.fc22.noarch

Additional info:
reporter:       libreport-2.6.2
hashmarkername: setroubleshoot
kernel:         4.1.8-200.fc22.x86_64
type:           libreport

Comment 40 Andreas Schöneck 2015-10-08 06:18:45 UTC
Description of problem:
dnf upgrade with these packages updated in the end:

  curl.x86_64 7.45.0-1.0.cf.fc22                        google-chrome-beta.x86_64 46.0.2490.64-1             libcurl.x86_64 7.45.0-1.0.cf.fc22                  
  libcurl-devel.x86_64 7.45.0-1.0.cf.fc22               libnm-gtk.x86_64 1.0.6-3.fc22                        libteam.x86_64 1.21-1.fc22                         
  nm-connection-editor.x86_64 1.0.6-3.fc22              orca.noarch 3.16.3-1.fc22                            perl-namespace-clean.noarch 0.26-1.fc22            
  python-beautifulsoup4.noarch 4.4.1-1.fc22             teamd.x86_64 1.21-1.fc22                            


Version-Release number of selected component:
selinux-policy-3.13.1-128.16.fc22.noarch

Additional info:
reporter:       libreport-2.6.2
hashmarkername: setroubleshoot
kernel:         4.1.8-200.fc22.x86_64
type:           libreport

Comment 41 Fedora Update System 2015-10-09 14:16:40 UTC
selinux-policy-3.13.1-128.18.fc22 has been submitted as an update to Fedora 22. https://bodhi.fedoraproject.org/updates/FEDORA-2015-946cd8d690

Comment 42 Dmitry Kireev 2015-10-09 14:23:08 UTC
Description of problem:

I installed the application from the site https://extensions.gnome.org/ kaffein


SELinux is preventing abrt-hook-ccpp from using the sigchld access on a process.

Module: catchall
you want to allow abrt-hook-ccpp to have sigchld access on the Unknown processEsli you think abrt-hook-ccpp sigchld should allow access to the processes of the type kernel_t default.
It is recommended to create a bug report.
To allow access, you can create a local policy module.
To allow access, run:
# Grep abrt-hook-ccpp /var/log/audit/audit.log | audit2allow -M mypol
# Semodule -i mypol.pp

Version-Release number of selected component:
selinux-policy-3.13.1-128.16.fc22.noarch

Additional info:
reporter:       libreport-2.6.2
hashmarkername: setroubleshoot
kernel:         4.1.10-200.fc22.x86_64
type:           libreport

Comment 43 Lukas Vrabec 2015-10-09 14:52:44 UTC
Dmitry, 
Please check version of selinux-policy package. We fixed this in selinux-policy-3.13.1-128.18.fc22 and you using selinux-policy-3.13.1-128.16.fc22.noarch.

Comment 44 Dmitry Kireev 2015-10-09 15:39:00 UTC
Thank you. You were right I was a version of selinux-policy-3.13.1-128.16.fc22.noarh, updated to selinux-policy-3.13.1-128.18.fc22. Thank you very much!

Comment 45 Fedora Update System 2015-10-09 23:22:09 UTC
selinux-policy-3.13.1-128.18.fc22 has been pushed to the Fedora 22 testing repository. If problems still persist, please make note of it in this bug report.
If you want to test the update, you can install it with
$ su -c 'dnf --enablerepo=updates-testing update selinux-policy'
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2015-946cd8d690

Comment 46 Ting-Wei Lan 2015-10-10 07:58:55 UTC
I applied the update, but I still see a (different) SELinux warning. The update fixed the original issue but created another issue. This happens when I log in and fprintd segfault.


SELinux is preventing /usr/libexec/abrt-hook-ccpp from getattr access on the file /usr/libexec/fprintd.

*****  Plugin catchall (100. confidence) suggests   **************************

If 您認為 abrt-hook-ccpp 就預設值應擁有 fprintd file 的 getattr 存取權。
Then 您應將此回報為錯誤。
您可產生本機模組,以允許這項存取。
Do
現在透過執行以下指令來允許此存取:
# grep abrt-hook-ccpp /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp

Additional Information:
Source Context                system_u:system_r:abrt_dump_oops_t:s0
Target Context                system_u:object_r:fprintd_exec_t:s0
Target Objects                /usr/libexec/fprintd [ file ]
Source                        abrt-hook-ccpp
Source Path                   /usr/libexec/abrt-hook-ccpp
Port                          <Unknown>
Host                          <hostname>
Source RPM Packages           abrt-addon-coredump-helper-2.6.1-5.fc22.x86_64
Target RPM Packages           fprintd-0.6.0-1.fc22.x86_64
Policy RPM                    selinux-policy-3.13.1-128.18.fc22.noarch
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Enforcing
Host Name                     wnn
Platform                      Linux <hostname> 4.1.10-200.fc22.x86_64 #1 SMP 
                              Mon Oct 5 14:22:49 UTC 2015 x86_64 x86_64
Alert Count                   1
First Seen                    2015-10-10 15:49:05 CST
Last Seen                     2015-10-10 15:49:05 CST
Local ID                      e6771c52-2912-4f4f-a4fb-7bc0ffd7b208

Raw Audit Messages
type=AVC msg=audit(1444463345.425:294): avc:  denied  { getattr } for  pid=3790 comm="abrt-hook-ccpp" path="/usr/libexec/fprintd" dev="sda2" ino=1233627 scontext=system_u:system_r:abrt_dump_oops_t:s0 tcontext=system_u:object_r:fprintd_exec_t:s0 tclass=file permissive=0


type=SYSCALL msg=audit(1444463345.425:294): arch=x86_64 syscall=stat success=no exit=EACCES a0=55990a7b9be0 a1=7ffe377e2b70 a2=7ffe377e2b70 a3=7aa items=0 ppid=113 pid=3790 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=abrt-hook-ccpp exe=/usr/libexec/abrt-hook-ccpp subj=system_u:system_r:abrt_dump_oops_t:s0 key=(null)

Hash: abrt-hook-ccpp,abrt_dump_oops_t,fprintd_exec_t,file,getattr


Version-Release number of selected component:
selinux-policy-3.13.1-128.18.fc22.noarch

Comment 47 Andrew Cook 2015-10-10 12:11:53 UTC
Description of problem:
I think qemu crashed? there's no entry in dmesg but it did disappear.

Something else has been trigering this on my machine.

Version-Release number of selected component:
selinux-policy-3.13.1-128.13.fc22.noarch

Additional info:
reporter:       libreport-2.6.2
hashmarkername: setroubleshoot
kernel:         4.1.6-201.fc22.x86_64
type:           libreport

Comment 48 Miroslav Grepl 2015-10-12 17:23:41 UTC
*** Bug 1270546 has been marked as a duplicate of this bug. ***

Comment 49 Yajo 2015-10-14 20:07:53 UTC
Description of problem:
This seems to happen on every boot.

Version-Release number of selected component:
selinux-policy-3.13.1-128.16.fc22.noarch

Additional info:
reporter:       libreport-2.6.2
hashmarkername: setroubleshoot
kernel:         4.1.10-200.fc22.x86_64
type:           libreport

Comment 50 Michal Nowak 2015-10-15 06:12:29 UTC
Description of problem:
Started a VM in Boxes.

Version-Release number of selected component:
selinux-policy-3.13.1-128.16.fc22.noarch

Additional info:
reporter:       libreport-2.6.2
hashmarkername: setroubleshoot
kernel:         4.1.8-200.fc22.x86_64
type:           libreport

Comment 51 Christian Stadelmann 2015-10-19 19:48:19 UTC
Description of problem:
Abrt is unable to run on some backtrace due to an AVC denial.

Version-Release number of selected component:
selinux-policy-3.13.1-128.18.fc22.noarch

Additional info:
reporter:       libreport-2.6.3
hashmarkername: setroubleshoot
kernel:         4.2.3-200.fc22.x86_64
type:           libreport

Comment 52 Michal Nowak 2015-10-20 13:10:40 UTC
Description of problem:
Started VM in Boxes.

Version-Release number of selected component:
selinux-policy-3.13.1-128.16.fc22.noarch

Additional info:
reporter:       libreport-2.6.2
hashmarkername: setroubleshoot
kernel:         4.2.3-200.fc22.x86_64
type:           libreport

Comment 53 Michael Reiger 2015-10-20 17:16:21 UTC
Description of problem:
I tried to switch users from the top-right menu. There was only one user logged in at the time; on console 2. (Console 1 being taken up by GDM.)
GDM should have appeared, allowing me to login as a different user; however there was only a blank screen.

Upon switch back to the logged in user with Ctr-Alt-F2 I noticed the SElinux notification attached.

This has - to my knowledge - occured at least once before I reported this now; I switch users semi-regularly, normally there is no problem with this.

Version-Release number of selected component:
selinux-policy-3.13.1-128.16.fc22.noarch

Additional info:
reporter:       libreport-2.6.2
hashmarkername: setroubleshoot
kernel:         4.1.10-200.fc22.x86_64
type:           libreport

Comment 54 Adam Williamson 2015-10-21 23:50:32 UTC
Description of problem:
Happens after installing Fedora 23 Final RC2 Workstation x86_64 live in a KVM, running through g-i-s to create a user, and logging in. It's in sealert as soon as you can run it, so not sure exactly when it happens.

Version-Release number of selected component:
selinux-policy-3.13.1-152.fc23.noarch

Additional info:
reporter:       libreport-2.6.2
hashmarkername: setroubleshoot
kernel:         4.2.3-300.fc23.x86_64
type:           libreport

Comment 55 RyanEatsFish 2015-10-26 01:19:47 UTC
Description of problem:
Printing Amazon Return from Chrome.

Clicked on Print Label & Return Button <javascript:window.print()>

Using the printer driver from Brother for a MFC-9970CDW

This error happens when printing from Web browsers often (probably b/c of the javascript call?) but not in other progams/with other docs...

Hope that helps!


Version-Release number of selected component:
selinux-policy-3.13.1-128.13.fc22.noarch

Additional info:
reporter:       libreport-2.6.2
hashmarkername: setroubleshoot
kernel:         4.1.7-200.fc22.x86_64
type:           libreport

Comment 56 Roger Baran 2015-10-26 20:02:33 UTC
Description of problem:
Sorry, but I am really not sure.
I was just working along and it popped up.
At the moment I got the alreat I was reading an epub in Atril Document Viewer 1.10.2

Version-Release number of selected component:
selinux-policy-3.13.1-128.16.fc22.noarch

Additional info:
reporter:       libreport-2.6.2
hashmarkername: setroubleshoot
kernel:         4.2.3-200.fc22.x86_64
type:           libreport

Comment 57 lejeczek 2015-10-27 19:20:08 UTC
Description of problem:
not really sure what happen, just in case sending this report I am.

Version-Release number of selected component:
selinux-policy-3.13.1-152.fc23.noarch

Additional info:
reporter:       libreport-2.6.3
hashmarkername: setroubleshoot
kernel:         4.2.3-300.fc23.x86_64
type:           libreport

Comment 58 Fedora Update System 2015-10-28 16:25:38 UTC
selinux-policy-3.13.1-128.18.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report.

Comment 59 Christian Stadelmann 2015-10-28 18:06:31 UTC
This issue is not resolved with updating selinux-policy to selinux-policy-3.13.1-128.18.fc22. Please reopen.

Comment 60 Majid 2015-10-29 07:50:33 UTC
Description of problem:
I'm working on my fedora, chrome browser, sublime text editor, Document Viewer,  DB Browser for Sqlite is opening then locked my fedora. I cann't do nothing just move mouse pointer.

Version-Release number of selected component:
selinux-policy-3.13.1-128.16.fc22.noarch

Additional info:
reporter:       libreport-2.6.2
hashmarkername: setroubleshoot
kernel:         4.2.3-200.fc22.x86_64
type:           libreport

Comment 61 Heiko Adams 2015-10-29 10:50:47 UTC
This problem still exists on Fedora 23 with all available updates applied.

Comment 62 Miroslav Grepl 2015-10-29 11:55:19 UTC
(In reply to Heiko Adams from comment #61)
> This problem still exists on Fedora 23 with all available updates applied.

Yes, there a problem with this. I created a new issue 

https://github.com/fedora-selinux/selinux-policy/issues/59

Comment 63 antonio montagnani 2015-10-29 16:34:52 UTC
Description of problem:
no idea

Version-Release number of selected component:
selinux-policy-3.13.1-128.18.fc22.noarch

Additional info:
reporter:       libreport-2.6.3
hashmarkername: setroubleshoot
kernel:         4.2.3-200.fc22.x86_64
type:           libreport

Comment 64 Alcindo Schleder 2015-10-29 17:48:14 UTC
Description of problem:
Fui salvar um documento no gedit e na tela de seleção do local cliquei em localizar para encontrar a pasta e pimba.... caiu tudo a porcaria e perdi um monte de informações importantes

Version-Release number of selected component:
selinux-policy-3.13.1-128.18.fc22.noarch

Additional info:
reporter:       libreport-2.6.3
hashmarkername: setroubleshoot
kernel:         4.2.3-200.fc22.x86_64
type:           libreport

Comment 65 Justin W. Flory (he/him) 2015-10-30 02:36:42 UTC
Description of problem:
At the time, I was browsing in Firefox and using HexChat when I first noticed this error.

Version-Release number of selected component:
selinux-policy-3.13.1-152.fc23.noarch

Additional info:
reporter:       libreport-2.6.3
hashmarkername: setroubleshoot
kernel:         4.2.3-300.fc23.x86_64
type:           libreport

Comment 66 Vinicius Reis 2015-10-30 04:00:16 UTC
Description of problem:
I opened a PDF on evince and normally closed it minutes later. Then SELinux showed up a warning message.

Version-Release number of selected component:
selinux-policy-3.13.1-152.fc23.noarch

Additional info:
reporter:       libreport-2.6.2
hashmarkername: setroubleshoot
kernel:         4.2.3-300.fc23.x86_64
type:           libreport

Comment 67 Justin W. Flory (he/him) 2015-10-30 04:10:19 UTC
(In reply to Justin W. Flory from comment #65)
> At the time, I was browsing in Firefox and using HexChat when I first
> noticed this error.

(In reply to Vinicius Reis from comment #66)
> I opened a PDF on evince and normally closed it minutes later. Then SELinux
> showed up a warning message.

I realize now that I quite likely also had some PDFs and LibreOffice Writer documents open around the time that I received this error.

Comment 68 Martín Cigorraga 2015-10-30 06:49:16 UTC
Description of problem:
I was removing some files from an external drive using Nautilus.

Version-Release number of selected component:
selinux-policy-3.13.1-152.fc23.noarch

Additional info:
reporter:       libreport-2.6.3
hashmarkername: setroubleshoot
kernel:         4.2.3-300.fc23.x86_64
type:           libreport

Comment 69 David 2015-10-30 07:59:14 UTC
Description of problem:
Was reading a newspaper via Midori in Workspace 1 and had just posted a comment. Clicked on the back button and went somewhere unexpected followed by the application immediately closing down. Fedora remained stable and continued to work.  Workspace 2 had VirtualBox running with Win 8.1 loaded. Workspace 3 had System Monitor loaded and Workspace 4 had ThunderBird checking emails. 

Version-Release number of selected component:
selinux-policy-3.13.1-128.18.fc22.noarch

Additional info:
reporter:       libreport-2.6.3
hashmarkername: setroubleshoot
kernel:         4.2.3-200.fc22.x86_64
type:           libreport

Comment 70 Martín Cigorraga 2015-10-30 08:05:11 UTC
Description of problem:
Logged out from another session (Openbox), logged back with my main user into GNOME Shell and got a message alarting of an SELinux denial.

Version-Release number of selected component:
selinux-policy-3.13.1-152.fc23.noarch

Additional info:
reporter:       libreport-2.6.3
hashmarkername: setroubleshoot
kernel:         4.2.3-300.fc23.x86_64
type:           libreport

Comment 71 Petr Schindler 2015-10-30 08:09:00 UTC
Description of problem:
I was looking on details of failure in abrt.

Version-Release number of selected component:
selinux-policy-3.13.1-152.fc23.noarch

Additional info:
reporter:       libreport-2.6.3
hashmarkername: setroubleshoot
kernel:         4.2.3-300.fc23.x86_64
type:           libreport

Comment 72 lf6648 2015-10-30 10:23:37 UTC
Description of problem:
Browsing the web, reading stuff...

Version-Release number of selected component:
selinux-policy-3.13.1-128.16.fc22.noarch

Additional info:
reporter:       libreport-2.6.2
hashmarkername: setroubleshoot
kernel:         4.2.3-200.fc22.x86_64
type:           libreport

Comment 73 Lukas Slebodnik 2015-10-30 12:34:25 UTC
Description of problem:
It happened when I tried to reproduce crash in sssd
which was caught by abrt.

Version-Release number of selected component:
selinux-policy-3.13.1-152.fc23.noarch

Additional info:
reporter:       libreport-2.6.3
hashmarkername: setroubleshoot
kernel:         4.2.3-300.fc23.x86_64
type:           libreport

Comment 74 Francesco Frassinelli (frafra) 2015-10-31 10:40:22 UTC
Description of problem:
I was reporting a bug report regarding Evolution using abrt.

Version-Release number of selected component:
selinux-policy-3.13.1-152.fc23.noarch

Additional info:
reporter:       libreport-2.6.2
hashmarkername: setroubleshoot
kernel:         4.2.3-300.fc23.x86_64
type:           libreport

Comment 75 Mikhail Zabaluev 2015-10-31 22:33:06 UTC
Description of problem:
virt-manager or one of its child processes crashed.

Version-Release number of selected component:
selinux-policy-3.13.1-128.16.fc22.noarch

Additional info:
reporter:       libreport-2.6.3
hashmarkername: setroubleshoot
kernel:         4.2.3-200.fc22.x86_64
type:           libreport

Comment 76 Mikhail Zabaluev 2015-10-31 22:35:53 UTC
Description of problem:
One of the processes, most likely virt-manager, crashed.

Version-Release number of selected component:
selinux-policy-3.13.1-128.18.fc22.noarch

Additional info:
reporter:       libreport-2.6.3
hashmarkername: setroubleshoot
kernel:         4.2.3-200.fc22.x86_64
type:           libreport

Comment 77 Dan Ziemba 2015-11-01 04:59:24 UTC
Description of problem:
This happened after another program crashed.  There doesn't seem to be a file named "file".

Version-Release number of selected component:
selinux-policy-3.13.1-152.fc23.noarch

Additional info:
reporter:       libreport-2.6.2
hashmarkername: setroubleshoot
kernel:         4.2.5-300.fc23.x86_64
type:           libreport

Comment 78 Luís Silva 2015-11-01 16:07:32 UTC
Description of problem:
Other app chrashed (nautilus)

Version-Release number of selected component:
selinux-policy-3.13.1-152.fc23.noarch

Additional info:
reporter:       libreport-2.6.3
hashmarkername: setroubleshoot
kernel:         4.2.3-300.fc23.x86_64
type:           libreport

Comment 79 Alick Zhao 2015-11-01 16:33:14 UTC
Reopened since still see it with selinux-policy 3.13.1-128.18.fc22

Comment 80 Jaroslav Škarvada 2015-11-02 15:01:57 UTC
Description of problem:
I am getting this on production machine, it wasn't there before.

Version-Release number of selected component:
selinux-policy-3.13.1-128.18.fc22.noarch

Additional info:
reporter:       libreport-2.6.3
hashmarkername: setroubleshoot
kernel:         4.2.3-200.fc22.x86_64
type:           libreport

Comment 81 Vinicius Reis 2015-11-02 22:04:46 UTC
Description of problem:
Trying to install 'dash to dock' extension for Gnome Shell (https://extensions.gnome.org/extension/307/dash-to-dock/), using native firefox gnome shell plugin. It was working fine on Fedora 20,21 and 22.

Version-Release number of selected component:
selinux-policy-3.13.1-152.fc23.noarch

Additional info:
reporter:       libreport-2.6.3
hashmarkername: setroubleshoot
kernel:         4.2.3-300.fc23.x86_64
type:           libreport

Comment 82 Michal Nowak 2015-11-03 13:45:46 UTC
Description of problem:
Opened English channel of Euronews in Totem, got crash and found this selinux warning in the logs.

Version-Release number of selected component:
selinux-policy-3.13.1-152.fc23.noarch

Additional info:
reporter:       libreport-2.6.3
hashmarkername: setroubleshoot
kernel:         4.2.3-300.fc23.x86_64
type:           libreport

Comment 83 deadrat 2015-11-03 15:07:34 UTC
Description of problem:
i upgraded from 22 to 23 using dnf upgrade.
now added the extensions for gnome. it happened. 

Version-Release number of selected component:
selinux-policy-3.13.1-152.fc23.noarch

Additional info:
reporter:       libreport-2.6.3
hashmarkername: setroubleshoot
kernel:         4.2.3-300.fc23.x86_64
type:           libreport

Comment 84 Bruno Thomsen 2015-11-03 21:11:25 UTC
Description of problem:
Starting KillingFloor from Steam with Bumblebee (primusrun).

Version-Release number of selected component:
selinux-policy-3.13.1-128.18.fc22.noarch

Additional info:
reporter:       libreport-2.6.3
hashmarkername: setroubleshoot
kernel:         4.2.3-200.fc22.x86_64
type:           libreport

Comment 85 lejeczek 2015-11-04 08:56:55 UTC
Description of problem:
just after I log into gnome @Wayland.

Version-Release number of selected component:
selinux-policy-3.13.1-152.fc23.noarch

Additional info:
reporter:       libreport-2.6.3
hashmarkername: setroubleshoot
kernel:         4.2.3-300.fc23.x86_64
type:           libreport

Comment 86 Stanislav Kontar 2015-11-04 10:42:44 UTC
Description of problem:
I have updated my Fedora 22 system about maybe week ago and SELinux policies were updated too. From that time on, SELinux Alert Browser shows a warning about abrt-hook-ccpp about 5 times a day.

Version-Release number of selected component:
selinux-policy-3.13.1-128.18.fc22.noarch

Additional info:
reporter:       libreport-2.6.3
hashmarkername: setroubleshoot
kernel:         4.2.3-200.fc22.x86_64
type:           libreport

Comment 87 schnepp david 2015-11-04 18:52:04 UTC
Description of problem:
On fedora 22 (x86_64):
1) install mysql-workbench-community-6.3.5-1.fc22.x86_64
2) launch mysql-workbench go to: Database -> Connect to Database...
3) select for "Connection Method": Standard TCP/IP over SSH
4) give your ssh and mariadb account connection infos
ex: (using a local kvm server) 
ssh host : 192.168.122.3:22
mysql hostname: 127.0.0.1
5) try to connect
bug: selinux prevent mysql-workbench from working

Version-Release number of selected component:
selinux-policy-3.13.1-128.18.fc22.noarch

Additional info:
reporter:       libreport-2.6.3
hashmarkername: setroubleshoot
kernel:         4.2.3-200.fc22.x86_64
type:           libreport

Comment 88 Sorawit Kongnurat 2015-11-04 21:01:23 UTC
Description of problem:
I open the store app for the first time. I don't know whether this pop up is a good or a bad thing. Sorry if I bother you. 

Version-Release number of selected component:
selinux-policy-3.13.1-152.fc23.noarch

Additional info:
reporter:       libreport-2.6.3
hashmarkername: setroubleshoot
kernel:         4.2.3-300.fc23.x86_64
type:           libreport

Comment 89 Wilf 2015-11-04 21:05:44 UTC
Description of problem:
I think this occured after flash (and possibly some other plugins) crashed in firefox

Version-Release number of selected component:
selinux-policy-3.13.1-128.13.fc22.noarch

Additional info:
reporter:       libreport-2.6.3
hashmarkername: setroubleshoot
kernel:         4.2.3-200.fc22.x86_64
type:           libreport

Comment 90 Justin W. Flory (he/him) 2015-11-05 02:05:52 UTC
Description of problem:
I opened the Sublime Text 3 editor and this immediately fired.

Version-Release number of selected component:
selinux-policy-3.13.1-128.18.fc22.noarch

Additional info:
reporter:       libreport-2.6.3
hashmarkername: setroubleshoot
kernel:         4.2.3-200.fc22.x86_64
type:           libreport

Comment 91 Jakub Filak 2015-11-05 07:15:17 UTC
92 e-mails in CCed -> Urgent.

Comment 92 Justin W. Flory (he/him) 2015-11-05 17:08:16 UTC
Description of problem:
I opened Nautilus and this immediately fired.

Version-Release number of selected component:
selinux-policy-3.13.1-152.fc23.noarch

Additional info:
reporter:       libreport-2.6.3
hashmarkername: setroubleshoot
kernel:         4.2.3-300.fc23.x86_64
type:           libreport

Comment 93 Luya Tshimbalanga 2015-11-05 18:12:58 UTC
Description of problem:
Got that alert before Problem Report application notification displays. The SE Troubleshooter is unhelpful to fix that error.

Version-Release number of selected component:
selinux-policy-3.13.1-152.fc23.noarch

Additional info:
reporter:       libreport-2.6.3
hashmarkername: setroubleshoot
kernel:         4.2.5-300.fc23.x86_64
type:           libreport

Comment 94 henoc 2015-11-05 18:58:20 UTC
Description of problem:
this error is new now i dont know if is because there is a new fedora version already (fedora 23 mate) and i must to upgrade to that version. and i dont know if is a threat or something but i don't  know what  to do when selinux ask me to do one or other option... i just deleted that warning but it still appearing over and over again.

Version-Release number of selected component:
selinux-policy-3.13.1-128.18.fc22.noarch

Additional info:
reporter:       libreport-2.6.3
hashmarkername: setroubleshoot
kernel:         4.2.3-200.fc22.x86_64
type:           libreport

Comment 95 Dinu Radhakrishnan 2015-11-06 05:17:11 UTC
Description of problem:
SELinux reports this problem multiple times a day.

Version-Release number of selected component:
selinux-policy-3.13.1-152.fc23.noarch

Additional info:
reporter:       libreport-2.6.3
hashmarkername: setroubleshoot
kernel:         4.2.5-300.fc23.x86_64
type:           libreport

Comment 96 Richard J. Turner 2015-11-06 08:40:21 UTC
Description of problem:
Opened GNOME Software to view pending updates.

Version-Release number of selected component:
selinux-policy-3.13.1-152.fc23.noarch

Additional info:
reporter:       libreport-2.6.3
hashmarkername: setroubleshoot
kernel:         4.2.3-300.fc23.x86_64
type:           libreport

Comment 97 edo 2015-11-06 16:35:19 UTC
Description of problem:
This error was detected after supend laptop up again.

Version-Release number of selected component:
selinux-policy-3.13.1-128.19.fc22.noarch

Additional info:
reporter:       libreport-2.6.3
hashmarkername: setroubleshoot
kernel:         4.2.5-201.fc22.x86_64
type:           libreport

Comment 98 Vinicius Reis 2015-11-06 17:12:02 UTC
Description of problem:
Just switched (ALT+TAB) from a gnome-terminal window (which was running vim) to a google chrome window.

Version-Release number of selected component:
selinux-policy-3.13.1-152.fc23.noarch

Additional info:
reporter:       libreport-2.6.3
hashmarkername: setroubleshoot
kernel:         4.2.5-300.fc23.x86_64
type:           libreport

Comment 99 Ezequiel Birman 2015-11-06 17:36:42 UTC
Description of problem:
No idea. The alert appeared just after a reboot and starting a gnome session.

Version-Release number of selected component:
selinux-policy-3.13.1-128.18.fc22.noarch

Additional info:
reporter:       libreport-2.6.3
hashmarkername: setroubleshoot
kernel:         4.2.5-201.fc22.x86_64
type:           libreport

Comment 100 Jean-Christophe Baptiste 2015-11-06 21:35:54 UTC
Description of problem:
This alert appears at every boot time.

Version-Release number of selected component:
selinux-policy-3.13.1-128.18.fc22.noarch

Additional info:
reporter:       libreport-2.6.3
hashmarkername: setroubleshoot
kernel:         4.2.5-201.fc22.x86_64
type:           libreport

Comment 101 David 2015-11-07 09:59:48 UTC
Description of problem:
I was renaming a directory on the Home tree structure. When I hit return, the alert fired and the window closed. It did rename the directory though. 


Additional info:
reporter:       libreport-2.6.3
hashmarkername: setroubleshoot
kernel:         4.2.5-300.fc23.x86_64
type:           libreport

Comment 102 Michael Catanzaro 2015-11-08 03:26:16 UTC
Description of problem:
Absolutely no clue what this is about. Has setroubleshoot gone bonkers?

Version-Release number of selected component:
selinux-policy-3.13.1-152.fc23.noarch

Additional info:
reporter:       libreport-2.6.3
hashmarkername: setroubleshoot
kernel:         4.2.3-300.fc23.x86_64
type:           libreport

Comment 103 Michael Catanzaro 2015-11-08 03:35:53 UTC
I think ABRT is detecting somewhat different issues as duplicates of this bug. Here's mine (to provide context for my "bonkers" statement; this output is unsanitized and it literally says "file file"):




SELinux is preventing abrt-hook-ccpp from getattr access on the file file.

*****  Plugin catchall_labels (83.8 confidence) suggests   *******************

If you want to allow abrt-hook-ccpp to have getattr access on the file file
Then you need to change the label on file
Do
# semanage fcontext -a -t FILE_TYPE 'file'
where FILE_TYPE is one of the following: NetworkManager_log_t, NetworkManager_tmp_t, abrt_dump_oops_exec_t, abrt_etc_t, abrt_helper_exec_t, abrt_tmp_t, abrt_upload_watch_tmp_t, abrt_var_cache_t, abrt_var_lib_t, abrt_var_log_t, abrt_var_run_t, acct_data_t, admin_crontab_tmp_t, admin_home_t, afs_logfile_t, aide_log_t, alsa_tmp_t, amanda_log_t, amanda_tmp_t, anon_inodefs_t, antivirus_log_t, antivirus_tmp_t, apcupsd_log_t, apcupsd_tmp_t, apmd_log_t, apmd_tmp_t, arpwatch_tmp_t, asterisk_log_t, asterisk_tmp_t, auditadm_sudo_tmp_t, auth_cache_t, automount_tmp_t, awstats_tmp_t, bacula_log_t, bacula_tmp_t, bin_t, bitlbee_log_t, bitlbee_tmp_t, blueman_tmp_t, bluetooth_helper_tmp_t, bluetooth_helper_tmpfs_t, bluetooth_tmp_t, boinc_log_t, boinc_project_tmp_t, boinc_tmp_t, boot_t, bootloader_tmp_t, bugzilla_tmp_t, calamaris_log_t, callweaver_log_t, canna_log_t, cardmgr_dev_t, ccs_tmp_t, ccs_var_lib_t, ccs_var_log_t, cdcc_tmp_t, certmaster_var_log_t, cfengine_log_t, cgred_log_t, checkpc_log_t, chrome_sandbox_tmp_t, chronyd_var_log_t, cinder_api_tmp_t, cinder_backup_tmp_t, cinder_log_t, cinder_scheduler_tmp_t, cinder_volume_tmp_t, cloud_init_tmp_t, cloud_log_t, cluster_tmp_t, cluster_var_log_t, cobbler_tmp_t, cobbler_var_log_t, cockpit_tmp_t, collectd_script_tmp_t, colord_tmp_t, comsat_tmp_t, condor_log_t, condor_master_tmp_t, condor_schedd_tmp_t, condor_startd_tmp_t, conman_log_t, conman_tmp_t, consolekit_log_t, couchdb_log_t, couchdb_tmp_t, cpu_online_t, crack_tmp_t, cron_log_t, crond_tmp_t, crontab_tmp_t, ctdbd_log_t, ctdbd_tmp_t, cups_pdf_tmp_t, cupsd_log_t, cupsd_lpd_tmp_t, cupsd_tmp_t, cvs_tmp_t, cyphesis_log_t, cyphesis_tmp_t, cyrus_tmp_t, dbadm_sudo_tmp_t, dbskkd_tmp_t, dcc_client_tmp_t, dcc_dbclean_tmp_t, dccd_tmp_t, dccifd_tmp_t, dccm_tmp_t, ddclient_log_t, ddclient_tmp_t, debugfs_t, deltacloudd_log_t, deltacloudd_tmp_t, denyhosts_var_log_t, devicekit_tmp_t, devicekit_var_log_t, dhcpc_tmp_t, dhcpd_tmp_t, dirsrv_snmp_var_log_t, dirsrv_tmp_t, dirsrv_var_log_t, dirsrvadmin_tmp_t, disk_munin_plugin_tmp_t, dkim_milter_tmp_t, dlm_controld_var_log_t, dnsmasq_var_log_t, dnssec_trigger_tmp_t, dovecot_auth_tmp_t, dovecot_deliver_tmp_t, dovecot_tmp_t, dovecot_var_log_t, drbd_tmp_t, dspam_log_t, etc_runtime_t, etc_t, evtchnd_var_log_t, exim_log_t, exim_tmp_t, fail2ban_log_t, fail2ban_tmp_t, faillog_t, fenced_tmp_t, fenced_var_log_t, fetchmail_log_t, fingerd_log_t, firewalld_tmp_t, firewalld_var_log_t, firewallgui_tmp_t, foghorn_var_log_t, fonts_cache_t, fonts_t, fsadm_log_t, fsadm_tmp_t, fsdaemon_tmp_t, ftpd_tmp_t, ftpdctl_tmp_t, games_tmp_t, games_tmpfs_t, gconf_tmp_t, gear_log_t, geoclue_tmp_t, getty_log_t, getty_tmp_t, gfs_controld_var_log_t, git_script_tmp_t, gkeyringd_tmp_t, glance_log_t, glance_registry_tmp_t, glance_tmp_t, glusterd_log_t, glusterd_tmp_t, gpg_agent_tmp_t, gpg_pinentry_tmp_t, gpg_pinentry_tmpfs_t, gpm_tmp_t, groupd_var_log_t, gssd_tmp_t, haproxy_var_log_t, hsqldb_tmp_t, httpd_log_t, httpd_php_tmp_t, httpd_suexec_tmp_t, httpd_tmp_t, icecast_log_t, inetd_child_tmp_t, inetd_log_t, inetd_tmp_t, init_tmp_t, init_var_lib_t, initrc_tmp_t, initrc_var_log_t, innd_log_t, ipsec_log_t, ipsec_tmp_t, iptables_tmp_t, iscsi_log_t, iscsi_tmp_t, iwhd_log_t, jetty_log_t, jetty_tmp_t, jockey_var_log_t, kadmind_log_t, kadmind_tmp_t, kdumpctl_tmp_t, kdumpgui_tmp_t, keystone_log_t, keystone_tmp_t, kismet_log_t, kismet_tmp_t, kismet_tmpfs_t, klogd_tmp_t, krb5_host_rcache_t, krb5kdc_log_t, krb5kdc_tmp_t, ksmtuned_log_t, ktalkd_log_t, ktalkd_tmp_t, l2tpd_tmp_t, lastlog_t, ld_so_cache_t, ld_so_t, ldconfig_tmp_t, lib_t, livecd_tmp_t, locale_t, logrotate_mail_tmp_t, logrotate_tmp_t, logwatch_mail_tmp_t, logwatch_tmp_t, lpd_tmp_t, lpr_tmp_t, lsassd_tmp_t, lsmd_plugin_tmp_t, lvm_tmp_t, machineid_t, mail_munin_plugin_tmp_t, mailman_cgi_tmp_t, mailman_log_t, mailman_mail_tmp_t, mailman_queue_tmp_t, man_cache_t, man_t, mandb_cache_t, mcelog_log_t, mdadm_log_t, mdadm_tmp_t, mediawiki_tmp_t, minidlna_log_t, mirrormanager_log_t, mock_tmp_t, mojomojo_tmp_t, mongod_log_t, mongod_tmp_t, motion_log_t, mount_tmp_t, mozilla_plugin_tmp_t, mozilla_plugin_tmpfs_t, mozilla_tmp_t, mozilla_tmpfs_t, mpd_log_t, mpd_tmp_t, mplayer_tmpfs_t, mrtg_log_t, mscan_tmp_t, munin_log_t, munin_script_tmp_t, munin_tmp_t, mysqld_log_t, mysqld_tmp_t, mythtv_var_log_t, naemon_log_t, nagios_eventhandler_plugin_tmp_t, nagios_log_t, nagios_openshift_plugin_tmp_t, nagios_system_plugin_tmp_t, nagios_tmp_t, named_log_t, named_tmp_t, netutils_tmp_t, neutron_log_t, neutron_tmp_t, nova_log_t, nova_tmp_t, nscd_log_t, ntop_tmp_t, ntpd_log_t, ntpd_tmp_t, numad_var_log_t, nut_upsd_tmp_t, nut_upsdrvctl_tmp_t, nut_upsmon_tmp_t, nx_server_tmp_t, openshift_cgroup_read_tmp_t, openshift_cron_tmp_t, openshift_initrc_tmp_t, openshift_log_t, openshift_tmp_t, opensm_log_t, openvpn_status_t, openvpn_tmp_t, openvpn_var_log_t, openvswitch_log_t, openvswitch_tmp_t, openwsman_log_t, openwsman_tmp_t, osad_log_t, pam_timestamp_tmp_t, passenger_log_t, passenger_tmp_t, passwd_file_t, pcp_log_t, pcp_tmp_t, pegasus_openlmi_storage_tmp_t, pegasus_tmp_t, piranha_log_t, piranha_web_tmp_t, pkcs_slotd_tmp_t, pki_ra_log_t, pki_tomcat_log_t, pki_tomcat_tmp_t, pki_tps_log_t, plymouthd_var_log_t, podsleuth_tmp_t, podsleuth_tmpfs_t, policykit_tmp_t, polipo_log_t, portmap_tmp_t, postfix_bounce_tmp_t, postfix_cleanup_tmp_t, postfix_local_tmp_t, postfix_map_tmp_t, postfix_pickup_tmp_t, postfix_pipe_tmp_t, postfix_postdrop_t, postfix_qmgr_tmp_t, postfix_smtp_tmp_t, postfix_smtpd_tmp_t, postfix_virtual_tmp_t, postgresql_log_t, postgresql_tmp_t, pppd_log_t, pppd_tmp_t, pptp_log_t, prelink_exec_t, prelink_log_t, prelink_tmp_t, prelude_lml_tmp_t, prelude_log_t, privoxy_log_t, proc_t, procmail_log_t, procmail_tmp_t, prosody_log_t, prosody_tmp_t, psad_tmp_t, psad_var_log_t, pulseaudio_tmpfs_t, puppet_log_t, puppet_tmp_t, puppetmaster_tmp_t, pyicqt_log_t, qdiskd_var_log_t, qpidd_tmp_t, rabbitmq_var_log_t, racoon_tmp_t, radiusd_log_t, realmd_tmp_t, redis_log_t, rhev_agentd_log_t, rhev_agentd_tmp_t, rhsmcertd_log_t, rhsmcertd_tmp_t, ricci_modcluster_var_log_t, ricci_tmp_t, ricci_var_log_t, rkhunter_var_lib_t, rlogind_tmp_t, rolekit_tmp_t, rpcbind_tmp_t, rpm_log_t, rpm_script_tmp_t, rpm_tmp_t, rsync_log_t, rsync_tmp_t, rtas_errd_log_t, rtas_errd_tmp_t, samba_log_t, samba_net_tmp_t, sanlock_log_t, sblim_tmp_t, secadm_sudo_tmp_t, sectool_tmp_t, sectool_var_log_t, selinux_munin_plugin_tmp_t, semanage_tmp_t, sendmail_log_t, sendmail_tmp_t, sensord_log_t, services_munin_plugin_tmp_t, session_dbusd_tmp_t, setroubleshoot_var_log_t, sge_tmp_t, shell_exec_t, shorewall_log_t, shorewall_tmp_t, slapd_log_t, slapd_tmp_t, slpd_log_t, smbd_tmp_t, smoltclient_tmp_t, smsd_log_t, smsd_tmp_t, snapperd_log_t, snmpd_log_t, snort_log_t, snort_tmp_t, sosreport_tmp_t, soundd_tmp_t, spamc_tmp_t, spamd_log_t, spamd_tmp_t, speech-dispatcher_log_t, speech-dispatcher_tmp_t, squid_log_t, squid_tmp_t, squirrelmail_spool_t, src_t, ssh_agent_tmp_t, ssh_keygen_tmp_t, ssh_tmpfs_t, sssd_var_log_t, staff_sudo_tmp_t, stapserver_log_t, stapserver_tmp_t, stunnel_tmp_t, svirt_tmp_t, svnserve_tmp_t, swat_tmp_t, swift_tmp_t, sysadm_passwd_tmp_t, sysadm_sudo_tmp_t, syslogd_tmp_t, syslogd_var_run_t, sysstat_log_t, system_conf_t, system_cronjob_tmp_t, system_db_t, system_dbusd_tmp_t, system_mail_tmp_t, system_munin_plugin_tmp_t, tcpd_tmp_t, telepathy_gabble_tmp_t, telepathy_idle_tmp_t, telepathy_logger_tmp_t, telepathy_mission_control_tmp_t, telepathy_msn_tmp_t, telepathy_salut_tmp_t, telepathy_sofiasip_tmp_t, telepathy_stream_engine_tmp_t, telepathy_sunshine_tmp_t, telnetd_tmp_t, tetex_data_t, textrel_shlib_t, tgtd_tmp_t, thin_aeolus_configserver_log_t, thin_log_t, thumb_tmp_t, tmp_t, tomcat_log_t, tomcat_tmp_t, tor_var_log_t, tuned_log_t, tuned_tmp_t, tvtime_tmp_t, tvtime_tmpfs_t, udev_tmp_t, ulogd_var_log_t, uml_tmp_t, uml_tmpfs_t, unconfined_munin_plugin_tmp_t, update_modules_tmp_t, user_cron_spool_t, user_fonts_t, user_home_t, user_mail_tmp_t, user_tmp_t, usr_t, uucpd_log_t, uucpd_tmp_t, var_log_t, var_spool_t, varnishd_tmp_t, varnishlog_log_t, vdagent_log_t, virt_log_t, virt_qemu_ga_log_t, virt_qemu_ga_tmp_t, virt_tmp_t, vmtools_tmp_t, vmware_host_tmp_t, vmware_log_t, vmware_tmp_t, vmware_tmpfs_t, vpnc_tmp_t, w3c_validator_tmp_t, watchdog_log_t, webadm_tmp_t, webalizer_tmp_t, winbind_log_t, wireshark_tmp_t, wireshark_tmpfs_t, wtmp_t, xauth_tmp_t, xdm_log_t, xend_tmp_t, xend_var_log_t, xenstored_tmp_t, xenstored_var_log_t, xferlog_t, xserver_log_t, xserver_tmpfs_t, ypbind_tmp_t, ypserv_tmp_t, zabbix_log_t, zabbix_tmp_t, zarafa_deliver_log_t, zarafa_deliver_tmp_t, zarafa_gateway_log_t, zarafa_ical_log_t, zarafa_indexer_log_t, zarafa_indexer_tmp_t, zarafa_monitor_log_t, zarafa_server_log_t, zarafa_server_tmp_t, zarafa_spooler_log_t, zarafa_var_lib_t, zebra_log_t, zebra_tmp_t, zoneminder_log_t. 
Then execute: 
restorecon -v 'file'


*****  Plugin catchall (17.1 confidence) suggests   **************************

If you believe that abrt-hook-ccpp should be allowed getattr access on the file file by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# grep abrt-hook-ccpp /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp

Additional Information:
Source Context                system_u:system_r:abrt_dump_oops_t:s0
Target Context                system_u:object_r:unlabeled_t:s0
Target Objects                file [ file ]
Source                        abrt-hook-ccpp
Source Path                   abrt-hook-ccpp
Port                          <Unknown>
Host                          rg
Source RPM Packages           
Target RPM Packages           
Policy RPM                    selinux-policy-3.13.1-152.fc23.noarch
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Enforcing
Host Name                     rg
Platform                      Linux rg 4.2.3-300.fc23.x86_64 #1 SMP Mon Oct 5
                              15:42:54 UTC 2015 x86_64 x86_64
Alert Count                   5
First Seen                    2015-10-17 22:19:15 CDT
Last Seen                     2015-11-07 21:15:21 CST
Local ID                      226f9154-07f9-4670-bdc0-26348cb71e33

Raw Audit Messages
type=AVC msg=audit(1446952521.520:740): avc:  denied  { getattr } for  pid=30764 comm="abrt-hook-ccpp" path="ipc:[4026531839]" dev="nsfs" ino=4026531839 scontext=system_u:system_r:abrt_dump_oops_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=file permissive=0


Hash: abrt-hook-ccpp,abrt_dump_oops_t,unlabeled_t,file,getattr

Comment 104 Wilf 2015-11-08 15:35:31 UTC
I think the issue is that ABRT is trying to do stuff when thing crash, but SElinux says NO.

Comment 105 Adam Williamson 2015-11-08 18:35:10 UTC
mcatanzaro: yeah, as Wilf says, I think the issue here is SELinux denying abrt's attempt to analyze a crash.

Comment 106 Martín Cigorraga 2015-11-08 23:39:37 UTC
Description of problem:
$ sudo emacs -nw /etc/yum.repo.d/docker.repo  --> boom!

Version-Release number of selected component:
selinux-policy-3.13.1-153.fc23.noarch

Additional info:
reporter:       libreport-2.6.3
hashmarkername: setroubleshoot
kernel:         4.2.5-300.fc23.x86_64
type:           libreport

Comment 107 Miroslav Grepl 2015-11-09 07:25:10 UTC

*** This bug has been marked as a duplicate of bug 1276931 ***

Comment 108 Fedora Update System 2015-11-09 15:18:58 UTC
selinux-policy-3.13.1-128.17.fc22 has been submitted as an update to Fedora 22. https://bodhi.fedoraproject.org/updates/FEDORA-2015-f396e330d9

Comment 109 Fedora Update System 2015-11-09 17:55:21 UTC
selinux-policy-3.13.1-128.20.fc22 has been submitted as an update to Fedora 22. https://bodhi.fedoraproject.org/updates/FEDORA-2015-f396e330d9

Comment 110 Fedora Update System 2015-11-10 02:21:06 UTC
selinux-policy-3.13.1-128.20.fc22 has been pushed to the Fedora 22 testing repository. If problems still persist, please make note of it in this bug report.
If you want to test the update, you can install it with
$ su -c 'dnf --enablerepo=updates-testing update selinux-policy'
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2015-f396e330d9

Comment 111 Martín Cigorraga 2015-11-10 03:12:25 UTC
Description of problem:
Fresh log in

Version-Release number of selected component:
selinux-policy-3.13.1-153.fc23.noarch

Additional info:
reporter:       libreport-2.6.3
hashmarkername: setroubleshoot
kernel:         4.2.5-300.fc23.x86_64
type:           libreport

Comment 112 Rob Brooks 2015-11-10 15:11:45 UTC
Description of problem:
I am really not sure how this happened.

1. I did a fresh install of fedora 22 64 bit on an Asus Laptop with a brand new SSD drive

2. While connected through wired network I performed a full update (dnf update)

3. I installed tweak tool

4. I installed Fedy

5. Reboot system

6. Wired network onnection works for a few minutes then drops. Must use Wifi to connect even though I have correct IP address. Cannot ping any device locally or otherwise while on Wired.

Check SELINUX to see this error (which as a newbie I have no idea what it means)

Version-Release number of selected component:
selinux-policy-3.13.1-128.18.fc22.noarch

Additional info:
reporter:       libreport-2.6.3
hashmarkername: setroubleshoot
kernel:         4.2.5-201.fc22.x86_64
type:           libreport

Comment 113 Gene Snider 2015-11-10 21:55:11 UTC
Description of problem:
Sorry, I'm not sure.

Version-Release number of selected component:
selinux-policy-3.13.1-152.fc23.noarch

Additional info:
reporter:       libreport-2.6.3
hashmarkername: setroubleshoot
kernel:         4.2.5-300.fc23.x86_64
type:           libreport

Comment 114 Yajo 2015-11-11 12:39:32 UTC
Description of problem:
Right click in Atom (not packaged in Fedora), in a GNOME Wayland session.

Version-Release number of selected component:
selinux-policy-3.13.1-152.fc23.noarch

Additional info:
reporter:       libreport-2.6.3
hashmarkername: setroubleshoot
kernel:         4.2.5-300.fc23.x86_64
type:           libreport

Comment 115 lejeczek 2015-11-13 13:30:16 UTC
Description of problem:
not sure, I've just logged a Gnome session

Version-Release number of selected component:
selinux-policy-3.13.1-128.18.fc22.noarch

Additional info:
reporter:       libreport-2.6.3
hashmarkername: setroubleshoot
kernel:         4.4.0-0.rc0.git7.2.fc24.x86_64
type:           libreport

Comment 116 mov_ebpesp 2015-11-15 16:14:48 UTC
Description of problem:
Started "Database browser" and clicked on the button <<Data sources...>>, Then "Database access control center" opened up and when clicking <<New>>, the application crashed.

Version-Release number of selected component:
selinux-policy-3.13.1-128.18.fc22.noarch

Additional info:
reporter:       libreport-2.6.3
hashmarkername: setroubleshoot
kernel:         4.2.5-201.fc22.x86_64
type:           libreport

Comment 117 Justin W. Flory (he/him) 2015-11-15 17:16:34 UTC
Description of problem:
I was tagging music in MusicBrainz Picard, which is adding metadata tags to my music in /home/user/Music/.

Version-Release number of selected component:
selinux-policy-3.13.1-128.19.fc22.noarch

Additional info:
reporter:       libreport-2.6.3
hashmarkername: setroubleshoot
kernel:         4.2.5-201.fc22.x86_64
type:           libreport

Comment 118 Wolfgang Reh 2015-11-18 19:03:53 UTC
Description of problem:
This error occurrs sometimes when logging in (KDE).

Version-Release number of selected component:
selinux-policy-3.13.1-128.18.fc22.noarch

Additional info:
reporter:       libreport-2.6.3
hashmarkername: setroubleshoot
kernel:         4.2.5-201.fc22.x86_64
type:           libreport

Comment 119 Paul-Anthony Dudzinski 2015-11-19 18:31:40 UTC
Description of problem:
This error occurrs sometimes when switching back and forth between qemu vitrual machine and other applications.

Version-Release number of selected component:
selinux-policy-3.13.1-128.18.fc22.noarch


Fix:
dnf --enablerepo=updates-testing update selinux-policy

selinux-policy-3.13.1-128.20.fc22.noarch seems to have fixed the problem for me.


SELinux is preventing abrt-hook-ccpp from using the sigchld access on a process.

*****  Plugin catchall (100. confidence) suggests   **************************

If you believe that abrt-hook-ccpp should be allowed sigchld access on processes labeled kernel_t by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# grep abrt-hook-ccpp /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp

Additional Information:
Source Context                system_u:system_r:fprintd_t:s0
Target Context                system_u:system_r:kernel_t:s0
Target Objects                Unknown [ process ]
Source                        abrt-hook-ccpp
Source Path                   abrt-hook-ccpp
Port                          <Unknown>
Host                          localhost.localdomain
Source RPM Packages           
Target RPM Packages           
Policy RPM                    selinux-policy-3.13.1-128.16.fc22.noarch
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Enforcing
Host Name                     localhost.localdomain
Platform                      Linux localhost.localdomain 4.1.7-200.fc22.x86_64
                              #1 SMP Mon Sep 14 20:19:24 UTC 2015 x86_64 x86_64
Alert Count                   3
First Seen                    2015-08-24 12:11:35 EDT
Last Seen                     2015-10-27 09:13:59 EDT
Local ID                      e709e911-5cd4-4f64-bd3e-01010c182961

Raw Audit Messages
type=AVC msg=audit(1445951639.513:4427): avc:  denied  { sigchld } for  pid=10639 comm="abrt-hook-ccpp" scontext=system_u:system_r:fprintd_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=0


Hash: abrt-hook-ccpp,fprintd_t,kernel_t,process,sigchld

Comment 120 YimyRR 2015-11-20 04:22:34 UTC
Description of problem:
Hello everybody! I send this report, but I don't know about this mistake. Apologize for my poor english. Thanks.

Version-Release number of selected component:
selinux-policy-3.13.1-128.18.fc22.noarch

Additional info:
reporter:       libreport-2.6.3
hashmarkername: setroubleshoot
kernel:         4.2.5-201.fc22.x86_64
type:           libreport

Comment 121 Fedora Update System 2015-11-20 13:12:40 UTC
selinux-policy-3.13.1-128.21.fc22 has been submitted as an update to Fedora 22. https://bodhi.fedoraproject.org/updates/FEDORA-2015-1bbd3df966

Comment 122 Kamil Szmit 2015-11-20 19:17:09 UTC
Description of problem:
Error ocuurs on Plasma autostart.

Version-Release number of selected component:
selinux-policy-3.13.1-128.18.fc22.noarch

Additional info:
reporter:       libreport-2.6.3
hashmarkername: setroubleshoot
kernel:         4.2.6-200.fc22.x86_64
type:           libreport

Comment 123 Fedora Update System 2015-11-21 17:51:40 UTC
selinux-policy-3.13.1-128.21.fc22 has been pushed to the Fedora 22 testing repository. If problems still persist, please make note of it in this bug report.
If you want to test the update, you can install it with
$ su -c 'dnf --enablerepo=updates-testing update selinux-policy'
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2015-1bbd3df966

Comment 124 Henrique Hurley 2015-11-22 15:56:26 UTC
Description of problem:
This bug has occured while I try to update the Fedora OS.

Version-Release number of selected component:
selinux-policy-3.13.1-128.18.fc22.noarch

Additional info:
reporter:       libreport-2.6.3
hashmarkername: setroubleshoot
kernel:         4.0.4-301.fc22.x86_64
type:           libreport

Comment 125 chai bia 2015-11-22 16:09:56 UTC
Description of problem:
my network is slow down and stopped

Version-Release number of selected component:
selinux-policy-3.13.1-128.18.fc22.noarch

Additional info:
reporter:       libreport-2.6.3
hashmarkername: setroubleshoot
kernel:         4.2.6-200.fc22.x86_64
type:           libreport

Comment 126 Richard Jasmin 2015-11-23 00:02:38 UTC
Description of problem:
opened users and groups app under mate(as sudo)

Version-Release number of selected component:
selinux-policy-3.13.1-128.18.fc22.noarch

Additional info:
reporter:       libreport-2.6.3
hashmarkername: setroubleshoot
kernel:         4.2.6-200.fc22.x86_64
type:           libreport

Comment 127 Tad Bilby 2015-11-24 02:47:41 UTC
SELinux denial when closing any Firefox page with flash content.  This has only started happening regularly recently after a recent update.

SELinux is preventing /usr/libexec/abrt-hook-ccpp from using the sigchld access on a process.

Additional Information:
Source Context                system_u:system_r:xdm_t:s0-s0:c0.c1023
Target Context                system_u:system_r:kernel_t:s0
Target Objects                Unknown [ process ]
Source                        abrt-hook-ccpp
Source Path                   /usr/libexec/abrt-hook-ccpp
Port                          <Unknown>
Host                          linux986.cbm.com
Source RPM Packages           abrt-addon-coredump-helper-2.6.1-5.fc22.x86_64
Target RPM Packages           
Policy RPM                    selinux-policy-3.13.1-128.16.fc22.noarch
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Enforcing
Host Name                     linux986.cbm.com
Platform                      Linux linux986.cbm.com 4.2.3-200.fc22.x86_64 #1
                              SMP Thu Oct 8 03:23:55 UTC 2015 x86_64 x86_64
Alert Count                   212
First Seen                    2015-07-27 22:48:38 EDT
Last Seen                     2015-10-30 20:33:42 EDT
Local ID                      3aa6a74e-543f-49a9-8385-f36d0a99839a

Raw Audit Messages
type=AVC msg=audit(1446251622.579:488): avc:  denied  { sigchld } for  pid=2099 comm="abrt-hook-ccpp" scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=0


type=SYSCALL msg=audit(1446251622.579:488): arch=x86_64 syscall=wait4 success=no exit=EACCES a0=7fe a1=7ffefdfdc73c a2=0 a3=0 items=0 ppid=201 pid=2099 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=abrt-hook-ccpp exe=/usr/libexec/abrt-hook-ccpp subj=system_u:system_r:kernel_t:s0 key=(null)

Hash: abrt-hook-ccpp,xdm_t,kernel_t,process,sigchld


libselinux-python3-2.3-10.fc22.x86_64
libselinux-2.3-10.fc22.i686
selinux-policy-doc-3.13.1-128.18.fc22.noarch
selinux-policy-3.13.1-128.18.fc22.noarch
libselinux-2.3-10.fc22.x86_64
libselinux-utils-2.3-10.fc22.x86_64
selinux-policy-devel-3.13.1-128.18.fc22.noarch
libselinux-python-2.3-10.fc22.x86_64
rpm-plugin-selinux-4.12.0.1-13.fc22.x86_64
selinux-policy-targeted-3.13.1-128.18.fc22.noarch

4.2.6-200.fc22.x86_64
VERSION="22 (Twenty Two)"

Nov 23 21:40:25 linuxpc audit: <audit-1701> auid=1000 uid=1000 gid=1000 ses=1 subj=unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c0.c1023 pid=7133 comm="plugin-containe" exe="/usr/lib64/firefox/plugin-container" sig=11
Nov 23 21:40:25 linuxpc kernel: traps: plugin-containe[7133] general protection ip:7f1f87bfb79e sp:7ffd40452440 error:0 in libflashplayer.so[7f1f87639000+117a000]
Nov 23 21:40:25 linuxpc abrt-hook-ccpp: Can't open /proc/sys/fs/suid_dumpable
Nov 23 21:40:25 linuxpc abrt-hook-ccpp: Can't open process's CWD for CompatCore: Permission denied
Nov 23 21:40:28 linuxpc audit: <audit-1400> avc:  denied  { open } for  pid=7180 comm="abrt-hook-ccpp" path="/usr/lib64/firefox/plugin-container" dev="dm-1" ino=40286 scontext=system_u:system_r:abrt_dump_oops_t:s0 tcontext=system_u:object_r:mozilla_plugin_exec_t:s0 tclass=file permissive=0
Nov 23 21:40:28 linuxpc audit: <audit-1300> arch=c000003e syscall=2 success=no exit=-13 a0=557afbda5060 a1=0 a2=7ffd4ec5c880 a3=7aa items=0 ppid=6964 pid=7180 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="abrt-hook-ccpp" exe="/usr/libexec/abrt-hook-ccpp" subj=system_u:system_r:abrt_dump_oops_t:s0 key=(null)
Nov 23 21:40:28 linuxpc audit: <audit-1327> proctitle=2F7573722F6C6962657865632F616272742D686F6F6B2D63637070003131003138343436373434303733373039353531363135003731333300313030300031303030003134343833333238323500706C7567696E2D636F6E7461696E6500373133330037313333
Nov 23 21:40:28 linuxpc org.fedoraproject.Setroubleshootd: 'list' object has no attribute 'split'
Nov 23 21:40:28 linuxpc setroubleshoot: Plugin Exception restorecon_source
Nov 23 21:40:28 linuxpc setroubleshoot: SELinux is preventing /usr/libexec/abrt-hook-ccpp from open access on the file /usr/lib64/firefox/plugin-container. For complete SELinux messages. run sealert -l 60e8134b-69a5-467e-8f32-fb02684026ec
Nov 23 21:40:28 linuxpc python: SELinux is preventing /usr/libexec/abrt-hook-ccpp from open access on the file /usr/lib64/firefox/plugin-container.#012#012*****  Plugin catchall (100. confidence) suggests   **************************#012#012If you believe that abrt-hook-ccpp should be allowed open access on the plugin-container file by default.#012Then you should report this as a bug.#012You can generate a local policy module to allow this access.#012Do#012allow this access for now by executing:#012# grep abrt-hook-ccpp /var/log/audit/audit.log | audit2allow -M mypol#012# semodule -i mypol.pp#012
Nov 23 21:40:28 linuxpc abrt-hook-ccpp: Failed to create core_backtrace: dwfl_getthread_frames failed: Callback returned failure
Nov 23 21:40:28 linuxpc abrt-server: Blacklisted package 'firefox'
Nov 23 21:40:28 linuxpc abrt-server: 'post-create' on '/var/spool/abrt/ccpp-2015-11-23-21:40:25-7133' exited with 1
Nov 23 21:40:28 linuxpc abrt-server: Deleting problem directory '/var/spool/abrt/ccpp-2015-11-23-21:40:25-7133'

Comment 128 Grzegorz 2015-11-26 08:34:26 UTC
Description of problem:
Every time after starting virtual machine using command 'virsh start VIRT_NAME'

Version-Release number of selected component:
selinux-policy-3.13.1-128.16.fc22.noarch

Additional info:
reporter:       libreport-2.6.2
hashmarkername: setroubleshoot
kernel:         4.1.10-200.fc22.x86_64
type:           libreport

Comment 129 Fedora Update System 2015-11-27 03:52:41 UTC
selinux-policy-3.13.1-128.21.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report.

Comment 130 komitikki 2015-11-29 13:55:21 UTC
Description of problem:
The fedora installer wont run

Version-Release number of selected component:
selinux-policy-3.13.1-152.fc23.noarch

Additional info:
reporter:       libreport-2.6.3
hashmarkername: setroubleshoot
kernel:         4.2.3-300.fc23.x86_64
type:           libreport

Comment 131 Eric Renfro 2015-12-02 21:51:49 UTC
Description of problem:
I just unlocked my xscreensaver, and saw the alert pop up.
Fedora 23, XFCE.

Version-Release number of selected component:
selinux-policy-3.13.1-152.fc23.noarch

Additional info:
reporter:       libreport-2.6.3
hashmarkername: setroubleshoot
kernel:         4.2.6-301.fc23.x86_64+debug
type:           libreport

Comment 132 Erickson Takano 2016-01-08 22:38:10 UTC
Description of problem:
On the very first SO load, while I was adding my acounts.

Version-Release number of selected component:
selinux-policy-3.13.1-152.fc23.noarch

Additional info:
reporter:       libreport-2.6.3
hashmarkername: setroubleshoot
kernel:         4.2.3-300.fc23.x86_64
type:           libreport

Comment 133 tunomarsan 2016-02-19 02:44:58 UTC
Description of problem:
Aparece el error al intentar instalar Geany desde la aplicación software, tarda mucho tiempo intentando instalar para que al final arroje ese error y se trunque


Additional info:
reporter:       libreport-2.6.3
hashmarkername: setroubleshoot
kernel:         4.2.3-300.fc23.x86_64
type:           libreport


Note You need to log in before you can comment on or make changes to this bug.