On Fri, 2021-09-03 at 15:57 -0600, Chris Murphy wrote:
> On Fri, Sep 3, 2021 at 1:32 PM Stephen Gallagher <sgall...@redhat.com> wrote:
> 
> > So it appears to be an SELinux issue. I suspect but cannot prove that
> > it's related to a number of AVCs related to DBUS that I see in
> > selinux-troubleshooter.
> 
> I'm only seeing two AVC's which repeat but not a lot...
> 
> Sep 03 14:27:09 fovo.local audit[6300]: AVC avc:  denied  { write }
> for  pid=6300 comm="fprintd" name="wakeup" dev="sysfs" ino=28044
> scontext=system_u:system_r:fprintd_t:s0
> tcontext=system_u:object_r:sysfs_t:s0 tclass=file permissive=0
> Sep 03 14:27:09 fovo.local audit[6300]: AVC avc:  denied  { write }
> for  pid=6300 comm="fprintd" name="persist" dev="sysfs" ino=28037
> scontext=system_u:system_r:fprintd_t:s0
> tcontext=system_u:object_r:sysfs_t:s0 tclass=file permissive=0
> 
> But enforcing=0 makes the boot time under 9s which is... awesome.
> Better than 34.

Those fprintd denials shouldn't cause any issues. It just means fprintd
cannot reconfigure the USB devices for its suspend/resume handling. It
would be nice if it worked, but it is *not* a regression if it doesn't
work.

The upstream bug for this is:
  https://github.com/fedora-selinux/selinux-policy/issues/840

Benjamin

> I get more AVC's with enforcing=0, in fact... oh my that's a lot of
> selinux bugs reported already against 35
> 
> https://bugzilla.redhat.com/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&classification=Fedora&component=selinux-policy&list_id=12120743&product=Fedora&query_format=advanced&version=35
> 
> But fprintd doesn't show up in any. So I will change the component to
> selinux-policy.
> 
> 
> 
> 
> --
> Chris Murphy
> _______________________________________________
> devel mailing list -- devel@lists.fedoraproject.org
> To unsubscribe send an email to devel-le...@lists.fedoraproject.org
> Fedora Code of Conduct: 
> https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives: 
> https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
> Do not reply to spam on the list, report it: 
> https://pagure.io/fedora-infrastructure

Attachment: signature.asc
Description: This is a digitally signed message part

_______________________________________________
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Reply via email to