On Fri, Sep 3, 2021 at 1:32 PM Stephen Gallagher <sgall...@redhat.com> wrote:
> So it appears to be an SELinux issue. I suspect but cannot prove that
> it's related to a number of AVCs related to DBUS that I see in
> selinux-troubleshooter.
I'm only seeing two AVC's which repeat but not a lot...
Sep 03 14:27:09 fovo.local audit[6300]: AVC avc: denied { write }
for pid=6300 comm="fprintd" name="wakeup" dev="sysfs" ino=28044
scontext=system_u:system_r:fprintd_t:s0
tcontext=system_u:object_r:sysfs_t:s0 tclass=file permissive=0
Sep 03 14:27:09 fovo.local audit[6300]: AVC avc: denied { write }
for pid=6300 comm="fprintd" name="persist" dev="sysfs" ino=28037
scontext=system_u:system_r:fprintd_t:s0
tcontext=system_u:object_r:sysfs_t:s0 tclass=file permissive=0
But enforcing=0 makes the boot time under 9s which is... awesome.
Better than 34.
I get more AVC's with enforcing=0, in fact... oh my that's a lot of
selinux bugs reported already against 35
https://bugzilla.redhat.com/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&classification=Fedora&component=selinux-policy&list_id=12120743&product=Fedora&query_format=advanced&version=35
But fprintd doesn't show up in any. So I will change the component to
selinux-policy.
--
Chris Murphy
_______________________________________________
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam on the list, report it:
https://pagure.io/fedora-infrastructure
