Default installation of Teamviewer on Fedora 24 will not start due to SELinux issues.
# systemctl -a | grep teamviewer
teamviewerd.service loaded inactive dead TeamViewer remote control daemon
# systemctl start teamviewerd.service
Job for teamviewerd.service failed because a fatal signal was delivered to the control process. See "systemctl status teamviewerd.service" and "journalctl -xe" for details.
To fix it you can use SELinux GUI tool:
sealert -b
Or CLI tool:
ausearch -c 'teamviewerd'
Or you can check system logs:
# journalctl -xe
aug 04 14:23:17 fedora setroubleshoot[3240]: SELinux is preventing teamviewerd from using the execmem access on a process. For complete SELinux messages. run sealert -l 7c667284-3d59-4c06-9535-2aed4b8015df
aug 04 14:23:17 fedora python3[3240]: SELinux is preventing teamviewerd from using the execmem access on a process.
***** Plugin catchall (100. confidence) suggests **************************
If you believe that teamviewerd should be allowed execmem access on processes labeled init_t by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# ausearch -c 'teamviewerd' --raw | audit2allow -M my-teamviewerd
# semodule -X 300 -i my-teamviewerd.pp
The solution(shown as a hint in sealert and journalctl), which is to run:
# ausearch -c 'teamviewerd' --raw | audit2allow -M my-teamviewerd
# semodule -X 300 -i my-teamviewerd.pp
After that you should be able to start Teamviewer service:
systemctl start teamviewerd.service
[root ~] # systemctl status teamviewerd.service
● teamviewerd.service - TeamViewer remote control daemon
Loaded: loaded (/etc/systemd/system/teamviewerd.service; enabled; vendor preset: disabled)
Active: active (running) since sun 2016-08-04 14:32:45 CEST; 1min 50s ago
Process: 4228 ExecStart=/opt/teamviewer/tv_bin/teamviewerd -d (code=exited, status=0/SUCCESS)
Main PID: 4230 (teamviewerd)
Tasks: 19 (limit: 512)
CGroup: /system.slice/teamviewerd.service
└─4230 /opt/teamviewer/tv_bin/teamviewerd -d
aug 04 14:32:45 fedora systemd[1]: Starting TeamViewer remote control daemon...
aug 04 14:32:45 fedora systemd[1]: teamviewerd.service: PID file /var/run/teamviewerd.pid not readable (yet?) after start: No such file or directory
aug 04 14:32:45 fedora systemd[1]: Started TeamViewer remote control daemon.
Followed the instructions but it didnt work. Please help. Error log below:
ReplyDeleteSELinux is preventing teamviewerd from using the execmem access on a process.
***** Plugin catchall (100. confidence) suggests **************************
If you believe that teamviewerd should be allowed execmem access on processes labeled init_t by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# ausearch -c 'teamviewerd' --raw | audit2allow -M my-teamviewerd
# semodule -X 300 -i my-teamviewerd.pp
Additional Information:
Source Context system_u:system_r:init_t:s0
Target Context system_u:system_r:init_t:s0
Target Objects Unknown [ process ]
Source teamviewerd
Source Path teamviewerd
Port
Host fedora24-64-box
Source RPM Packages
Target RPM Packages
Policy RPM selinux-policy-3.13.1-191.18.fc24.noarch
Selinux Enabled True
Policy Type targeted
Enforcing Mode Enforcing
Host Name fedora24-64-box
Platform Linux fedora24-64-box 4.7.7-200.fc24.x86_64 #1 SMP
Sat Oct 8 00:21:59 UTC 2016 x86_64 x86_64
Alert Count 420
First Seen 2016-09-16 15:31:38 PDT
Last Seen 2016-10-21 12:35:51 PDT
Local ID 56172c20-57fa-4895-9142-d312b665af18
Raw Audit Messages
type=AVC msg=audit(1477078551.980:351): avc: denied { execmem } for pid=3059 comm="teamviewerd" scontext=system_u:system_r:init_t:s0 tcontext=system_u:system_r:init_t:s0 tclass=process permissive=0
Hash: teamviewerd,init_t,init_t,process,execmem