On 07/21/18 11:59, ToddAndMargo wrote: > Hi All, > > I have an SE Linux alert that keeps coming back and back. > > # ausearch -c 'geoclue' --raw | audit2allow -M my-geoclue > # semodule -X 300 -i my-geoclue.pp > > Gets rid of it for a day. > > And I know that geoclue has issues at the moment: > > Unable to connect to GeoClue. Unable to get location from provider. #318 > https://github.com/jonls/redshift/issues/318#issuecomment-401908696 > > Redshift cannot get location: > https://bugzilla.redhat.com/show_bug.cgi?id=1585970 > > Any words of Wisdom? Wisdom? No. Suggestion? Yes. I've found the folks on the selinux@xxxxxxxxxxxxxxxxxxxxxxx list much more knowledgeable and responsive to selinux questions than the general user list. So, I'd actually suggest you're joining and posting to that list. > > > Many thanks, > -T > > > > SELinux is preventing geoclue from getattr access on the file /proc/<pid>/cgroup. > > ***** Plugin catchall (100. confidence) suggests ************************** > > If you believe that geoclue should be allowed getattr access on the cgroup file by > default. > Then you should report this as a bug. > You can generate a local policy module to allow this access. > Do > allow this access for now by executing: > # ausearch -c 'geoclue' --raw | audit2allow -M my-geoclue > # semodule -X 300 -i my-geoclue.pp > > Additional Information: > Source Context system_u:system_r:geoclue_t:s0 > Target Context system_u:system_r:unconfined_service_t:s0 > Target Objects /proc/<pid>/cgroup [ file ] > Source geoclue > Source Path geoclue > Port <Unknown> > Host server.storall.local > Source RPM Packages > Target RPM Packages > Policy RPM <Unknown> > Selinux Enabled True > Policy Type targeted > Enforcing Mode Enforcing > Host Name server.storall.local > Platform Linux server.storall.local 4.17.3-200.fc28.x86_64 > #1 SMP Tue Jun 26 14:17:07 UTC 2018 x86_64 x86_64 > Alert Count 1 > First Seen 2018-07-20 20:51:17 PDT > Last Seen 2018-07-20 20:51:17 PDT > Local ID 46bfb135-51d6-49d1-b573-eb3afe5c25b8 > > Raw Audit Messages > type=AVC msg=audit(1532145077.24:34049): avc: denied { getattr } for pid=11543 > comm="geoclue" path="/proc/10951/cgroup" dev="proc" ino=284431279 > scontext=system_u:system_r:geoclue_t:s0 > tcontext=system_u:system_r:unconfined_service_t:s0 tclass=file permissive=0 > > > Hash: geoclue,geoclue_t,unconfined_service_t,file,getattr > _______________________________________________ > users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx > To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx > Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx/message/WE7DN4O6BBOXDB6QBVHPPMEVAQ2FDCVP/ -- Conjecture is just a conclusion based on incomplete information. It isn't a fact.
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx/message/MHZVU6WZ4ED57LAR7ZOM7E4ZQA5AFAL4/
