On Fri, 2021-09-03 at 15:57 -0600, Chris Murphy wrote:
> On Fri, Sep 3, 2021 at 1:32 PM Stephen Gallagher <sgallagh@xxxxxxxxxx> wrote:
>
> > So it appears to be an SELinux issue. I suspect but cannot prove that
> > it's related to a number of AVCs related to DBUS that I see in
> > selinux-troubleshooter.
>
> I'm only seeing two AVC's which repeat but not a lot...
>
> Sep 03 14:27:09 fovo.local audit[6300]: AVC avc: denied { write }
> for pid=6300 comm="fprintd" name="wakeup" dev="sysfs" ino=28044
> scontext=system_u:system_r:fprintd_t:s0
> tcontext=system_u:object_r:sysfs_t:s0 tclass=file permissive=0
> Sep 03 14:27:09 fovo.local audit[6300]: AVC avc: denied { write }
> for pid=6300 comm="fprintd" name="persist" dev="sysfs" ino=28037
> scontext=system_u:system_r:fprintd_t:s0
> tcontext=system_u:object_r:sysfs_t:s0 tclass=file permissive=0
>
> But enforcing=0 makes the boot time under 9s which is... awesome.
> Better than 34.
>
> I get more AVC's with enforcing=0, in fact... oh my that's a lot of
> selinux bugs reported already against 35
>
> https://bugzilla.redhat.com/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&classification=Fedora&component=selinux-policy&list_id=12120743&product=Fedora&query_format=advanced&version=35
>
> But fprintd doesn't show up in any. So I will change the component to
> selinux-policy.
Does removing fprintd-related packages or disabling fprintd-related
services cause any difference?
--
Adam Williamson
Fedora QA
IRC: adamw | Twitter: adamw_ha
https://www.happyassassin.net
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
