Unable to generate local policies to fix SELinux denials on boot

asked 2018-07-02 19:09:34 -0600

bob323 gravatar image

Running Fedora Rawhide, I get several SELinux alerts on boot:

The source process: (upowerd)
Attempted this access: mounton
On this directory: upower

The source process: (upowerd)
Attempted this access: nnp_transition
On this process2 [sic]:

The source process: (fprintd)
Attempted this access: mounton
On this file: kallsyms

The source process: (fprintd)
Attempted this access: getattr
On this file: kcore

The source process: (fprintd)
Attempted this access: mounton
On this file: kcore

When I follow the steps to generate a local policy module and bypass these alerts, it fails. I get a "neverallow check failed" error message when trying to implement the policy (with sudo semodule -X 300 -i my-fprintd.pp, for example). I've never had this problem with SELinux before. How can I fix a neverallow check failing?

This is on KDE, if it makes a difference. I believe that's what kcore references.

edit retag flag offensive close merge delete

Comments

1

kcore is more likely the Kernel Core /proc/kcore.

Showing the contents of my-fprintd.te my be useful.

As a user of Rawhide you are actually a tester and should therefore report any findings via bugzilla.

villykruse gravatar imagevillykruse ( 2018-07-03 01:40:02 -0600 )edit