Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.
Bug 1815312 - SELinux is preventing accounts-daemon from using the 'sys_nice' capabilities.
Summary: SELinux is preventing accounts-daemon from using the 'sys_nice' capabilities.
Keywords:
Status: CLOSED DUPLICATE of bug 1811407
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy
Version: 32
Hardware: x86_64
OS: Unspecified
medium
medium
Target Milestone: ---
Assignee: Zdenek Pytela
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard: abrt_hash:8389d3f402e32b0dbe518c4789b...
: 1818696 1820978 1820992 1829013 1829075 1829128 1829588 1829590 1830185 1830186 1830191 1830301 1830467 1830544 1830557 1830722 1830726 1830783 1830877 1830916 1831676 1831959 1833765 1835024 1861924 (view as bug list)
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2020-03-20 00:43 UTC by Angie
Modified: 2020-07-29 22:31 UTC (History)
32 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2020-03-31 06:02:24 UTC
Type: ---
Embargoed:


Attachments (Terms of Use)

Description Angie 2020-03-20 00:43:15 UTC
Description of problem:
 Errors appeared on first boot after  Fedora 32 beta workstation netinst netinstall in QEMU KVM virtual Machine guest on Fedora 31 Workstation Host
SELinux is preventing accounts-daemon from using the 'sys_nice' capabilities.

*****  Plugin catchall (100. confidence) suggests   **************************

If you believe that accounts-daemon should have the sys_nice capability by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# ausearch -c 'accounts-daemon' --raw | audit2allow -M my-accountsdaemon
# semodule -X 300 -i my-accountsdaemon.pp

Additional Information:
Source Context                system_u:system_r:accountsd_t:s0
Target Context                system_u:system_r:accountsd_t:s0
Target Objects                Unknown [ capability ]
Source                        accounts-daemon
Source Path                   accounts-daemon
Port                          <Unknown>
Host                          (removed)
Source RPM Packages           
Target RPM Packages           
SELinux Policy RPM            selinux-policy-3.14.5-28.fc32.noarch
Local Policy RPM              selinux-policy-targeted-3.14.5-28.fc32.noarch
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Enforcing
Host Name                     (removed)
Platform                      Linux (removed) 5.6.0-0.rc5.git0.2.fc32.x86_64 #1
                              SMP Tue Mar 10 19:09:42 UTC 2020 x86_64 x86_64
Alert Count                   1
First Seen                    2020-03-19 17:29:13 PDT
Last Seen                     2020-03-19 17:29:13 PDT
Local ID                      3eb90669-1264-470e-999f-fe05b25c3a46

Raw Audit Messages
type=AVC msg=audit(1584664153.376:144): avc:  denied  { sys_nice } for  pid=937 comm="accounts-daemon" capability=23  scontext=system_u:system_r:accountsd_t:s0 tcontext=system_u:system_r:accountsd_t:s0 tclass=capability permissive=0


Hash: accounts-daemon,accountsd_t,accountsd_t,capability,sys_nice

Version-Release number of selected component:
selinux-policy-3.14.5-28.fc32.noarch

Additional info:
component:      selinux-policy
reporter:       libreport-2.12.0
hashmarkername: setroubleshoot
kernel:         5.6.0-0.rc5.git0.2.fc32.x86_64
type:           libreport

Potential duplicate: bug 1795034

Comment 1 Angie 2020-03-20 01:02:41 UTC
Similar problem has been detected:

After 2nd reboot of Fedora 32 beta (Latest updates just installed including newer SELinux-Policy update) in QEMU KVM VM guest on Fedora 31 Host

hashmarkername: setroubleshoot
kernel:         5.6.0-0.rc5.git0.2.fc32.x86_64
package:        selinux-policy-3.14.5-30.fc32.noarch
reason:         SELinux is preventing accounts-daemon from using the 'sys_nice' capabilities.
type:           libreport

Comment 2 makruiten 2020-03-20 08:52:22 UTC
Similar problem has been detected:

I launched a flatpak app (Phoenix PlayOnLinux).

hashmarkername: setroubleshoot
kernel:         5.6.0-0.rc5.git0.2.fc32.x86_64
package:        selinux-policy-3.14.5-31.fc32.noarch
reason:         SELinux is preventing accounts-daemon from using the 'sys_nice' capabilities.
type:           libreport

Comment 3 Eugene Mah 2020-03-25 21:02:24 UTC
Getting this when logging into my computer

Comment 4 Nikolay 2020-03-30 06:34:41 UTC
*** Bug 1818696 has been marked as a duplicate of this bug. ***

Comment 5 Zdenek Pytela 2020-03-31 06:02:24 UTC

*** This bug has been marked as a duplicate of bug 1811407 ***

Comment 6 Fedorarami 2020-04-05 08:02:07 UTC
*** Bug 1820978 has been marked as a duplicate of this bug. ***

Comment 7 Fedorarami 2020-04-05 09:40:03 UTC
*** Bug 1820992 has been marked as a duplicate of this bug. ***

Comment 8 Eric Wick 2020-04-28 17:31:23 UTC
*** Bug 1829013 has been marked as a duplicate of this bug. ***

Comment 9 Milan Kerslager 2020-04-28 20:23:38 UTC
*** Bug 1829075 has been marked as a duplicate of this bug. ***

Comment 10 Arkaan Nurul Iman 2020-04-28 23:52:16 UTC
*** Bug 1829128 has been marked as a duplicate of this bug. ***

Comment 11 Kevin Camacena 2020-04-29 20:22:50 UTC
*** Bug 1829588 has been marked as a duplicate of this bug. ***

Comment 12 Phil Hale 2020-04-29 20:26:32 UTC
*** Bug 1829590 has been marked as a duplicate of this bug. ***

Comment 13 Fabio Bilac 2020-05-01 03:24:30 UTC
*** Bug 1830185 has been marked as a duplicate of this bug. ***

Comment 14 Salmaan 2020-05-01 03:25:26 UTC
*** Bug 1830186 has been marked as a duplicate of this bug. ***

Comment 15 Edwin PJ 2020-05-01 03:51:03 UTC
*** Bug 1830191 has been marked as a duplicate of this bug. ***

Comment 16 Mufaz 2020-05-01 14:31:32 UTC
*** Bug 1830301 has been marked as a duplicate of this bug. ***

Comment 17 macosguy 2020-05-02 03:31:35 UTC
*** Bug 1830467 has been marked as a duplicate of this bug. ***

Comment 18 william.heuts 2020-05-02 16:47:21 UTC
*** Bug 1830544 has been marked as a duplicate of this bug. ***

Comment 19 Baleta 2020-05-02 18:04:43 UTC
*** Bug 1830557 has been marked as a duplicate of this bug. ***

Comment 20 Felipe 2020-05-03 12:43:12 UTC
*** Bug 1830722 has been marked as a duplicate of this bug. ***

Comment 21 Robert J. Devlin 2020-05-03 13:25:24 UTC
*** Bug 1830726 has been marked as a duplicate of this bug. ***

Comment 22 Gergely Králik 2020-05-03 20:48:08 UTC
*** Bug 1830783 has been marked as a duplicate of this bug. ***

Comment 23 Roberto Gonzalez 2020-05-04 08:02:44 UTC
*** Bug 1830877 has been marked as a duplicate of this bug. ***

Comment 24 Felipe 2020-05-04 10:26:28 UTC
*** Bug 1830916 has been marked as a duplicate of this bug. ***

Comment 25 Grzegorz 2020-05-05 13:18:47 UTC
*** Bug 1831676 has been marked as a duplicate of this bug. ***

Comment 26 Eduardo Montovanelli Dalmaso 2020-05-06 02:39:42 UTC
*** Bug 1831959 has been marked as a duplicate of this bug. ***

Comment 27 Richard DENIS 2020-05-10 11:57:15 UTC
*** Bug 1833765 has been marked as a duplicate of this bug. ***

Comment 28 Ken Dubrick 2020-05-12 23:55:15 UTC
*** Bug 1835024 has been marked as a duplicate of this bug. ***

Comment 29 miguelsilvapeloso 2020-07-29 22:31:54 UTC
*** Bug 1861924 has been marked as a duplicate of this bug. ***


Note You need to log in before you can comment on or make changes to this bug.