Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 1060650 - SELinux prevents colord from reading $HOM/.local/share/icc
Summary: SELinux prevents colord from reading $HOM/.local/share/icc
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy
Version: 19
Hardware: x86_64
OS: Linux
Target Milestone: ---
Assignee: Miroslav Grepl
QA Contact: Fedora Extras Quality Assurance
Depends On:
TreeView+ depends on / blocked
Reported: 2014-02-03 08:04 UTC by austinenglish
Modified: 2014-03-10 09:54 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2014-03-05 14:55:27 UTC

Attachments (Terms of Use)

Description austinenglish 2014-02-03 08:04:45 UTC
Description of problem:
After login, SELinux warns that colord can't read $HOME/.local/share/icc (color profiles). The default policy should allow this.

Version-Release number of selected component (if applicable):
selinux-policy.noarch                      3.12.1-74.17.fc19            updates

How reproducible:

Steps to Reproduce:
Log in.

Actual results:
SELinux warns me.

Expected results:
No SELinux warnings.

Additional info:

Comment 1 Miroslav Grepl 2014-02-04 11:16:59 UTC
It looks you will need to run

$ restorecon -R -v ~/.local/share/icc

Could you attach AVC msgs?

Comment 2 austinenglish 2014-02-05 06:08:14 UTC
(In reply to Miroslav Grepl from comment #1)
> It looks you will need to run
> $ restorecon -R -v ~/.local/share/icc
> Could you attach AVC msgs?

I've already run that. How can I revert it for testing?

Comment 3 Miroslav Grepl 2014-02-05 07:59:35 UTC
Did the restorecon help?

Comment 4 austinenglish 2014-02-05 08:08:34 UTC
(In reply to Miroslav Grepl from comment #3)
> Did the restorecon help?

Yes. Boots without error now.

Looking in that directory, there are two files. I don't recall which of the two (hashes?) it wanted, but that's what it was trying to read:

Comment 5 austinenglish 2014-03-05 18:03:27 UTC
While this does work on my machine, I believe there's still a bug. It seems to me that the default selinux-policy should allow colord to read a user's color profiles.

Comment 6 Miroslav Grepl 2014-03-10 09:54:34 UTC
The problem is 


was mislabeled on your system for a reason. If you get it again, please reopen the bug.

Note You need to log in before you can comment on or make changes to this bug.