0012170: SELinux is preventing /usr/libexec/gnome-session-check-accelerated-helper from 'sendto' accesses on the unix_dgram_socket ... - CentOS Bug Tracker

ID	Project	Category	View Status	Date Submitted	Last Update

0012170	CentOS-7	selinux-policy	public	2016-10-28 13:22	2018-07-17 16:25

Reporter	pbremner
Priority	normal	Severity	minor	Reproducibility	have not tried
Status	new	Resolution	open
Platform		OS		OS Version	7
Product Version
Target Version		Fixed in Version

Summary	0012170: SELinux is preventing /usr/libexec/gnome-session-check-accelerated-helper from 'sendto' accesses on the unix_dgram_socket ...
Description	Description of problem: This error occured during login. This was the first time this error occured, and it's not certain if it will happen again because I adjusted my mypol to mask the issue. SELinux is preventing /usr/libexec/gnome-session-check-accelerated-helper from 'sendto' accesses on the unix_dgram_socket @nvidiacb4c7b6a. *** Plugin catchall (100. confidence) suggests ************************ If you believe that gnome-session-check-accelerated-helper should be allowed sendto access on the @nvidiacb4c7b6a unix_dgram_socket by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # grep gnome-session-c /var/log/audit/audit.log \| audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context system_u:system_r:xdm_t:s0-s0:c0.c1023 Target Context system_u:system_r:xserver_t:s0-s0:c0.c1023 Target Objects @nvidiacb4c7b6a [ unix_dgram_socket ] Source gnome-session-c Source Path /usr/libexec/gnome-session-check-accelerated- helper Port <Unknown> Host (removed) Source RPM Packages gnome-shell-3.14.4-37.el7.x86_64 Target RPM Packages Policy RPM selinux-policy-3.13.1-60.el7_2.9.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 3.10.0-327.36.3.el7.x86_64 #1 SMP Mon Oct 24 16:09:20 UTC 2016 x86_64 x86_64 Alert Count 8 First Seen 2016-10-28 08:59:16 EDT Last Seen 2016-10-28 09:03:33 EDT Local ID 6691965f-492f-46aa-983b-64855c2ec48e Raw Audit Messages type=AVC msg=audit(1477659813.588:481): avc: denied { sendto } for pid=15758 comm="gnome-shell" path=006E7669646961636234633762366100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:system_r:xserver_t:s0-s0:c0.c1023 tclass=unix_dgram_socket type=SYSCALL msg=audit(1477659813.588:481): arch=x86_64 syscall=connect success=no exit=EACCES a0=c a1=7fff66b6fa70 a2=42 a3=7fff66b6f7f0 items=0 ppid=15641 pid=15758 auid=4294967295 uid=42 gid=42 euid=42 suid=42 fsuid=42 egid=42 sgid=42 fsgid=42 tty=(none) ses=4294967295 comm=gnome-shell exe=/usr/bin/gnome-shell subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 key=(null) Hash: gnome-session-c,xdm_t,xserver_t,unix_dgram_socket,sendto Version-Release number of selected component: selinux-policy-3.13.1-60.el7_2.9.noarch
Additional Information	reporter: libreport-2.1.11 hashmarkername: setroubleshoot kernel: 3.10.0-327.36.3.el7.x86_64 type: libreport uid: 0
Tags	No tags attached.

abrt_hash	4d8dfc7e2079dfbd17a077304609f4d10272b514605d359bc487914b129f4b2b
URL

JLambrecht 2017-11-09 10:14 reporter ~0030552	Another user experienced a similar problem: should be part of policy for NVIDIA ipc reporter: libreport-2.1.11.1 hashmarkername: setroubleshoot kernel: 4.13.10-1.el7.elrepo.x86_64 package: selinux-policy-3.13.1-166.el7_4.5.noarch reason: SELinux is preventing /usr/libexec/gnome-session-check-accelerated-gl-helper from 'sendto' accesses on the unix_dgram_socket @nvidiaa83a3990. reproducible: Not sure how to reproduce the problem type: libreport

gil_rdsw_frse 2018-07-11 11:37 reporter ~0032222	Another user experienced a similar problem: Yesterday I installed nVidia driver NVIDIA-Linux-x86_64-390.67.run, now there is this allert during / afther boot. reporter: libreport-2.1.11.1 hashmarkername: setroubleshoot kernel: 3.10.0-862.6.3.el7.x86_64 package: selinux-policy-3.13.1-192.el7_5.4.noarch reason: SELinux is preventing /usr/libexec/gnome-session-check-accelerated-gl-helper from 'sendto' accesses on the unix_dgram_socket @nvidiad22e5012. reproducible: Not sure how to reproduce the problem type: libreport

Cheesy67 2018-07-17 16:25 reporter ~0032293	Another user experienced a similar problem: I had problems starting X (Gnome) after updating (compiling) NVIDIA driver for my new CentOS 7 installation. After recompiling Nvidia driver (390.77) again, I mananged to get back in to Gnome desktop. Then after logging in with my normal user, I got this (and a second) SELinux alert. reporter: libreport-2.1.11.1 hashmarkername: setroubleshoot kernel: 3.10.0-862.6.3.el7.x86_64 package: selinux-policy-3.13.1-192.el7_5.4.noarch reason: SELinux is preventing /usr/libexec/gnome-session-check-accelerated-gl-helper from 'sendto' accesses on the unix_dgram_socket @nvidia372abea1. reproducible: Not sure how to reproduce the problem type: libreport

Date Modified	Username	Field	Change
2016-10-28 13:22	pbremner	New Issue
2017-11-09 10:14	JLambrecht	Note Added: 0030552
2018-07-11 11:37	gil_rdsw_frse	Note Added: 0032222
2018-07-17 16:25	Cheesy67	Note Added: 0032293