Ask Your Question
1

Why is SELinux preventing me from using fringerprint scanner?

asked 2018-04-12 08:06:46 -0600

After I installed Fedora 27, I enabled fingerprint login in the Users settings for my account. Everything was fine. Today, fingerprint login is disabled, and when I try to enable it, SELinux complains about fprintd attempting to read directory 000000 and read, write file chr_rfile: 007. I also get another message: Could not access "Validity VFS0050" device

GDBus.Error.net.reactivated.Fprint.Error.Internal: Could not attempt device open, error -3.

I performed an update yesterday that included an OS upgrade.

Why was fingerprint login disabled, and what can I do to get it enabled again?

edit retag flag offensive close merge delete

Comments

what is the pam module in use and what is the context of the device and process attempting to access the reader? (ls -Z && ps -efZ) Just looking for a little more information, I don't at the moment have a fingerprint reader on a Fedora 27 machine to validate.

kondor6c gravatar imagekondor6c ( 2018-04-12 13:50:22 -0600 )edit

I assume you only want the line for pam and not the hundreds of lines that your suggested command produces. unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 jim 13616 16864 0 06:52 pts/0 00:00:00 grep --color=auto pam

Jim O gravatar imageJim O ( 2018-04-13 05:56:01 -0600 )edit

1 Answer

Sort by ยป oldest newest most voted
2

answered 2018-04-12 23:22:33 -0600

Period22 gravatar image

updated 2018-04-12 23:23:38 -0600

I had the same problem, but it was fixed sometime ago. Maybe you have a different scanner model. In any case, the two workarounds listed here may help temporarily until it gets fixed: https://bugzilla.redhat.com/show_bug.cgi?id=1502037#c5

edit flag offensive delete link more

Comments

The problem just showed up a few days ago. Following the workarounds in the comments in the bug report you referenced, I first changed SELINUXTYPE in the SELinux config file from targeted to permissive and then rebooted. After waiting 30 minutes for the boot process to complete, I gave up and booted into a different distro. I changed SELINUXTYPE back to targeted and it booted as normal. I then commented out NoNewPrivileges=true in fprintd.services and rebooted. The fingerprint scanner is enabled.

Jim O gravatar imageJim O ( 2018-04-13 09:33:37 -0600 )edit

The third option in the bug report is to wait until the SELinux developers get around to fixing the problem. Since the problem has been around (off and on?) since November 2017 and maybe for years before that, I will not hold my breath waiting. I did notice that a large number of bug reports were posted on April 9, 2018 against SELinux preventing programs and functionality from working. Maybe that will spur the developers into action.

Jim O gravatar imageJim O ( 2018-04-13 09:36:37 -0600 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

Stats

Asked: 2018-04-12 08:06:46 -0600

Seen: 420 times

Last updated: Apr 12