View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0012170 | CentOS-7 | selinux-policy | public | 2016-10-28 13:22 | 2022-02-10 05:23 |
Reporter | pbremner | Assigned To | |||
Priority | normal | Severity | minor | Reproducibility | have not tried |
Status | new | Resolution | open | ||
OS Version | 7 | ||||
Summary | 0012170: SELinux is preventing /usr/libexec/gnome-session-check-accelerated-helper from 'sendto' accesses on the unix_dgram_socket ... | ||||
Description | Description of problem: This error occured during login. This was the first time this error occured, and it's not certain if it will happen again because I adjusted my mypol to mask the issue. SELinux is preventing /usr/libexec/gnome-session-check-accelerated-helper from 'sendto' accesses on the unix_dgram_socket @nvidiacb4c7b6a. ***** Plugin catchall (100. confidence) suggests ************************** If you believe that gnome-session-check-accelerated-helper should be allowed sendto access on the @nvidiacb4c7b6a unix_dgram_socket by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # grep gnome-session-c /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context system_u:system_r:xdm_t:s0-s0:c0.c1023 Target Context system_u:system_r:xserver_t:s0-s0:c0.c1023 Target Objects @nvidiacb4c7b6a [ unix_dgram_socket ] Source gnome-session-c Source Path /usr/libexec/gnome-session-check-accelerated- helper Port <Unknown> Host (removed) Source RPM Packages gnome-shell-3.14.4-37.el7.x86_64 Target RPM Packages Policy RPM selinux-policy-3.13.1-60.el7_2.9.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 3.10.0-327.36.3.el7.x86_64 #1 SMP Mon Oct 24 16:09:20 UTC 2016 x86_64 x86_64 Alert Count 8 First Seen 2016-10-28 08:59:16 EDT Last Seen 2016-10-28 09:03:33 EDT Local ID 6691965f-492f-46aa-983b-64855c2ec48e Raw Audit Messages type=AVC msg=audit(1477659813.588:481): avc: denied { sendto } for pid=15758 comm="gnome-shell" path=006E7669646961636234633762366100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:system_r:xserver_t:s0-s0:c0.c1023 tclass=unix_dgram_socket type=SYSCALL msg=audit(1477659813.588:481): arch=x86_64 syscall=connect success=no exit=EACCES a0=c a1=7fff66b6fa70 a2=42 a3=7fff66b6f7f0 items=0 ppid=15641 pid=15758 auid=4294967295 uid=42 gid=42 euid=42 suid=42 fsuid=42 egid=42 sgid=42 fsgid=42 tty=(none) ses=4294967295 comm=gnome-shell exe=/usr/bin/gnome-shell subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 key=(null) Hash: gnome-session-c,xdm_t,xserver_t,unix_dgram_socket,sendto Version-Release number of selected component: selinux-policy-3.13.1-60.el7_2.9.noarch | ||||
Additional Information | reporter: libreport-2.1.11 hashmarkername: setroubleshoot kernel: 3.10.0-327.36.3.el7.x86_64 type: libreport uid: 0 | ||||
Tags | No tags attached. | ||||
abrt_hash | 4d8dfc7e2079dfbd17a077304609f4d10272b514605d359bc487914b129f4b2b | ||||
URL | |||||
Another user experienced a similar problem: should be part of policy for NVIDIA ipc reporter: libreport-2.1.11.1 hashmarkername: setroubleshoot kernel: 4.13.10-1.el7.elrepo.x86_64 package: selinux-policy-3.13.1-166.el7_4.5.noarch reason: SELinux is preventing /usr/libexec/gnome-session-check-accelerated-gl-helper from 'sendto' accesses on the unix_dgram_socket @nvidiaa83a3990. reproducible: Not sure how to reproduce the problem type: libreport |
|
Another user experienced a similar problem: Yesterday I installed nVidia driver NVIDIA-Linux-x86_64-390.67.run, now there is this allert during / afther boot. reporter: libreport-2.1.11.1 hashmarkername: setroubleshoot kernel: 3.10.0-862.6.3.el7.x86_64 package: selinux-policy-3.13.1-192.el7_5.4.noarch reason: SELinux is preventing /usr/libexec/gnome-session-check-accelerated-gl-helper from 'sendto' accesses on the unix_dgram_socket @nvidiad22e5012. reproducible: Not sure how to reproduce the problem type: libreport |
|
Another user experienced a similar problem: I had problems starting X (Gnome) after updating (compiling) NVIDIA driver for my new CentOS 7 installation. After recompiling Nvidia driver (390.77) again, I mananged to get back in to Gnome desktop. Then after logging in with my normal user, I got this (and a second) SELinux alert. reporter: libreport-2.1.11.1 hashmarkername: setroubleshoot kernel: 3.10.0-862.6.3.el7.x86_64 package: selinux-policy-3.13.1-192.el7_5.4.noarch reason: SELinux is preventing /usr/libexec/gnome-session-check-accelerated-gl-helper from 'sendto' accesses on the unix_dgram_socket @nvidia372abea1. reproducible: Not sure how to reproduce the problem type: libreport |
|
Another user experienced a similar problem: no clue reporter: libreport-2.1.11.1 hashmarkername: setroubleshoot kernel: 3.10.0-957.21.2.el7.x86_64 package: selinux-policy-3.13.1-229.el7_6.12.noarch reason: SELinux is preventing /usr/libexec/gnome-session-check-accelerated-gl-helper from 'sendto' accesses on the unix_dgram_socket @nvidiad48c277a. reproducible: Not sure how to reproduce the problem type: libreport |
|
Another user experienced a similar problem: Recently installed a Nvidia Titan XP card and the proprietary driver from elrepo. It seems reasonable that this /usr/libexec/gnome-session-check-accelerated-gl-helper from sendto access on the unix_dgram_socket /run/nvidia-xdriver-c34289bc. is allowed access. report this as a bug. Generated a local policy module to allow this access. Allow this access for now by executing: # ausearch -c 'gnome-session-c' --raw | audit2allow -M my-gnomesessionc # semodule -i my-gnomesessionc.pp reporter: libreport-2.1.11.1 hashmarkername: setroubleshoot kernel: 3.10.0-1160.53.1.el7.x86_64 package: selinux-policy-3.13.1-268.el7_9.2.noarch reason: SELinux is preventing /usr/libexec/gnome-session-check-accelerated-gl-helper from 'sendto' accesses on the unix_dgram_socket /run/nvidia-xdriver-c34289bc. reproducible: Not sure how to reproduce the problem type: libreport |
|
Date Modified | Username | Field | Change |
---|---|---|---|
2016-10-28 13:22 | pbremner | New Issue | |
2017-11-09 10:14 | JLambrecht | Note Added: 0030552 | |
2018-07-11 11:37 | gil_rdsw_frse | Note Added: 0032222 | |
2018-07-17 16:25 | Cheesy67 | Note Added: 0032293 | |
2019-06-12 05:30 | droseofc | Note Added: 0034645 | |
2022-02-10 05:23 | rk-centosbug | Note Added: 0038853 |