FEDORA-2019-6bbf3d600d created by lvrabec 2 months ago for Fedora 30
obsolete
This update has been submitted for testing by lvrabec. 2 months ago
This update's test gating status has been changed to 'waiting'. 2 months ago
This update's test gating status has been changed to 'ignored'. 2 months ago
This update has been pushed to testing. 2 months ago
User Icon bojan commented & provided feedback 2 months ago

Not giving karma, but see below.

SELinux is preventing boltd from getattr access on the lnk_file /sys/bus/wmi/devices/8ADB159E-1E32-455C-BC93-308A7ED98246.

* Plugin catchall (100. confidence) suggests ******

If you believe that boltd should be allowed getattr access on the 8ADB159E-1E32-455C-BC93-308A7ED98246 lnk_file by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing:

ausearch -c 'boltd' --raw | audit2allow -M my-boltd

semodule -X 300 -i my-boltd.pp

Additional Information: Source Context system_u:system_r:boltd_t:s0 Target Context system_u:object_r:sysfs_t:s0 Target Objects /sys/bus/wmi/devices/8ADB159E-1E32-455C-BC93-308A7 ED98246 [ lnk_file ] Source boltd Source Path boltd Port <Unknown> Host <host> Source RPM Packages
Target RPM Packages
Policy RPM selinux-policy-3.14.3-48.fc30.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name <host> Platform Linux <host> 5.2.18-200.fc30.x86_64 #1 SMP Tue Oct 1 13:14:07 UTC 2019 x86_64 x86_64 Alert Count 15 First Seen 2019-10-05 18:59:37 AEST Last Seen 2019-10-05 18:59:37 AEST Local ID fb46027c-2279-40e2-a8f7-feaa3308cc79

Raw Audit Messages type=AVC msg=audit(1570265977.494:204): avc: denied { getattr } for pid=2436 comm="boltd" path="/sys/bus/wmi/devices/8ADB159E-1E32-455C-BC93-308A7ED98246" dev="sysfs" ino=18891 scontext=system_u:system_r:boltd_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0

Hash: boltd,boltd_t,sysfs_t,lnk_file,getattr

This update's test gating status has been changed to 'greenwave_failed'. 2 months ago
This update's test gating status has been changed to 'ignored'. 2 months ago
User Icon szydell provided feedback 2 months ago
karma
lvrabec edited this update. New build(s): - selinux-policy-3.14.3-49.fc30 Removed build(s): - selinux-policy-3.14.3-48.fc30 Karma has been reset. a month ago
This update has been submitted for testing by lvrabec. a month ago
This update has been pushed to testing. a month ago
User Icon bojan provided feedback a month ago
karma
User Icon mhayden commented & provided feedback a month ago
karma

No issues noted on hardware or KVM guest.

User Icon mhayden commented & provided feedback a month ago
karma

No issues noted.

This update can be pushed to stable now if the maintainer wishes a month ago
This update has been obsoleted by [selinux-policy-3.14.3-50.fc30](https://bodhi.fedoraproject.org/updates/FEDORA-2019-d68c9e27f8). a month ago

Please login to add feedback.

Metadata
Type
bugfix
Severity
high
Karma
2
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-2
Stable by Karma
3
Stable by Time
14 days
Dates
submitted
2 months ago
in testing
a month ago
modified
a month ago
BZ#1716044 SELinux is preventing dockerd-current from using the 'net_broadcast' capabilities.
0
0
BZ#1750112 selinux is blocking gdm from accessing boot_t files, breaking the grub hidden menu feature
0
0
BZ#1750288 Blocking the D-Bus autostart of fwupd
0
0
BZ#1751816 SELinux is preventing ps from using the sys_ptrace capability.
0
0
BZ#1753383 SELinux is preventing (systemd) from 'add_name' accesses on the katalog sddm.
0
0
BZ#1754767 SELinux is preventing xz from using the fowner capability.
0
0
BZ#1756790 SELinux is preventing bwrap from 'setpcap' accesses on the cap_userns Desconocido.
0
0
BZ#1756791 SELinux is preventing bwrap from 'nlmsg_write' accesses on the netlink_route_socket Desconocido.
0
0
BZ#1756973 Allow read access from exim to mysql config files
0
0
BZ#1759019 SELinux is preventing boltd from 'getattr' accesses on the lnk_file /sys/bus/wmi/devices/7FF47003-3B6C-4E5E-A227-E979824A85D1.
0
0

Automated Test Results