SELinux alerts on fedora 27

(Michael Tippett) #1

I’m running RoonServer on fedora and it generates a ton of SELinux alerts. especially RAATServer to controlC0. How do I make it stop? I don’t think that it should access controlC0 when someone is logged it, but that’s just a guess.

(Martin Webster) #2

If you’re running a desktop, open SELinux Alert Browser and this will help you to solve the alerts.

(Michael Tippett) #3

Thanks! Now what?

(Martin Webster) #4

I use Ubuntu, so don’t need to deal with SELinux, so this was simply a pointer. The browser helps you to understand the alerts, and if appropriate, create a policy to allow the activity, i.e. prevent further alerts.

I just Googled this:

(Michael Tippett) #5

I would love to not see this every 30s. So far the only fix is to uninstall Roon. :frowning:

(Martin Webster) #6

You need to either add a policy rule to SELinux, disable SELinux at boot*, or use Ubuntu (which doesn’t use SELinux.)

*Know the implications of doing this for you server.

(Michael Tippett) #7

Sorry but that’s not a fix

(Martin Webster) #8

Those are your options.

(Darryl Caillouet) #9

I, like @Martin_Webster, am an Ubuntu user. So I don’t experience this problem.

In your first post you said that you didn’t think the RAATServer should have access to ControlC0 but that you weren’t sure.

Since Roon uses ALSA (Advanced Linux Sound Architecture) and ALSA uses ControlC0, why is allowing it access a problem? This question is rhetorical because I don’t know the answer. I’m simply prompting you to reevaluate your original assumption. If you decide that it’s probably okay, then the alert you posted gave a command to run to allow this access and the alerts should go away.

Below is a line from O’Reilly’s Fedora Linux book that made me think allowing access may not be that problematic: