2017-09-22 08:05 UTC

View Issue Details Jump to Notes ]
IDProjectCategoryView StatusLast Update
0012361CentOS-7selinux-policypublic2017-09-08 07:37
Reporterdamage.inc 
PrioritynormalSeverityminorReproducibilityhave not tried
StatusnewResolutionopen 
PlatformOSOS Version7
Product Version 
Target VersionFixed in Version 
Summary0012361: SELinux is preventing /usr/libexec/colord from 'read' accesses on the file /etc/udev/hwdb.bin.
DescriptionDescription of problem:
SELinux is preventing /usr/libexec/colord from 'read' accesses on the file /etc/udev/hwdb.bin.

***** Plugin catchall (100. confidence) suggests **************************

If vous pensez que colord devrait être autorisé à accéder read sur hwdb.bin file par défaut.
Then vous devriez rapporter ceci en tant qu'anomalie.
Vous pouvez générer un module de stratégie local pour autoriser cet accès.
Do
allow this access for now by executing:
# ausearch -c 'colord' --raw | audit2allow -M my-colord
# semodule -i my-colord.pp

Additional Information:
Source Context system_u:system_r:colord_t:s0
Target Context system_u:object_r:systemd_hwdb_etc_t:s0
Target Objects /etc/udev/hwdb.bin [ file ]
Source colord
Source Path /usr/libexec/colord
Port <Unknown>
Host (removed)
Source RPM Packages colord-1.2.7-2.el7.x86_64
Target RPM Packages systemd-219-30.el7_3.6.x86_64
Policy RPM selinux-policy-3.13.1-102.el7_3.7.noarch
Selinux Enabled True
Policy Type targeted
Enforcing Mode Enforcing
Host Name (removed)
Platform Linux (removed) 3.10.0-514.2.2.el7.x86_64 #1 SMP
                              Tue Dec 6 23:06:41 UTC 2016 x86_64 x86_64
Alert Count 2
First Seen 2016-12-13 11:54:01 EET
Last Seen 2016-12-13 12:09:13 EET
Local ID 0ea1750d-f7f0-4333-94d2-6989e26ae853

Raw Audit Messages
type=AVC msg=audit(1481623753.73:122): avc: denied { read } for pid=2925 comm="colord" name="hwdb.bin" dev="sda1" ino=538704665 scontext=system_u:system_r:colord_t:s0 tcontext=system_u:object_r:systemd_hwdb_etc_t:s0 tclass=file


type=SYSCALL msg=audit(1481623753.73:122): arch=x86_64 syscall=open success=no exit=EACCES a0=7f5d185862fb a1=80000 a2=1b6 a3=24 items=0 ppid=1 pid=2925 auid=4294967295 uid=995 gid=993 euid=995 suid=995 fsuid=995 egid=993 sgid=993 fsgid=993 tty=(none) ses=4294967295 comm=colord exe=/usr/libexec/colord subj=system_u:system_r:colord_t:s0 key=(null)

Hash: colord,colord_t,systemd_hwdb_etc_t,file,read

Version-Release number of selected component:
selinux-policy-3.13.1-102.el7_3.7.noarch
Additional Informationreporter: libreport-2.1.11.1
hashmarkername: setroubleshoot
kernel: 3.10.0-514.2.2.el7.x86_64
reproducible: Not sure how to reproduce the problem
type: libreport
TagsNo tags attached.
abrt_hash559041157b3fc72d1501f3e4db8fe5e6259c0c005d2970f75d166eb90e1ec82a
URL
Attached Files

-Relationships
+Relationships

-Notes

~0028490

posadzka (reporter)

Still exists in full updated CentOS7.3.1611

[root@jurek-acer ~]# cat /etc/redhat-release
CentOS Linux release 7.3.1611 (Core)
[root@jurek-acer ~]# uname -a
Linux jurek-acer 3.10.0-514.6.1.el7.x86_64 #1 SMP Wed Jan 18 13:06:36 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux

~0028516

jrvmedic (reporter)

Another user experienced a similar problem:

while completing installation of a CentOS 7.3 dual NIC server, was alerted by selinux there was a detected problem.
Had installed GNOME Desktop from a minimal installation and was in the process of installing the second NIC
 and during the reboot after motherboard placement of the second NIC got hit with the alert.

reporter: libreport-2.1.11.1
hashmarkername: setroubleshoot
kernel: 3.10.0-514.6.1.el7.x86_64
package: selinux-policy-3.13.1-102.el7_3.13.noarch
reason: SELinux is preventing /usr/libexec/colord from 'read' accesses on the file /etc/udev/hwdb.bin.
reproducible: Not sure how to reproduce the problem
type: libreport

~0028535

MikeSnap (reporter)

Another user experienced a similar problem:

Have no ideea, it just did. I use this PC as a server.

reporter: libreport-2.1.11.1
hashmarkername: setroubleshoot
kernel: 3.10.0-514.6.1.el7.x86_64
package: selinux-policy-3.13.1-102.el7_3.7.noarch
reason: SELinux is preventing /usr/libexec/colord from 'read' accesses on the file /etc/udev/hwdb.bin.
reproducible: Not sure how to reproduce the problem
type: libreport

~0028693

fernando (reporter)

Another user experienced a similar problem:

Someone hacked my email from hotmail and then hacked from gmail and I have many scripts on the machine in various places, I need help by formatting the machine but it continues and it does not come out I believe it is stored in memory. Can someone please help me.
You can send me commands that I can execute or can get on my machine to help.

  GNU nano 2.3.1 Arquivo: /etc/udev/hwdb.bin
  GNU nano 2.3.1 Arquivo: /usr/bin/netstat
so many...

reporter: libreport-2.1.11.1
hashmarkername: setroubleshoot
kernel: 3.10.0-514.6.2.el7.x86_64
package: selinux-policy-3.13.1-102.el7_3.13.noarch
reason: SELinux is preventing /usr/libexec/colord from 'read' accesses on the file /etc/udev/hwdb.bin.
reproducible: Not sure how to reproduce the problem
type: libreport

~0028702

minimoo (reporter)

FC reported the same abrt hash back in march @ https://bugzilla.redhat.com/show_bug.cgi?id=1320745 and their fix was in the following build https://koji.fedoraproject.org/koji/buildinfo?buildID=749911

~0028724

jpinkerton (reporter)

Another user experienced a similar problem:

Sorry nothing unusual, I was just browsing and it appeared...

reporter: libreport-2.1.11.1
hashmarkername: setroubleshoot
kernel: 3.10.0-327.el7.x86_64
package: selinux-policy-3.13.1-102.el7_3.13.noarch
reason: SELinux is preventing /usr/libexec/colord from 'read' accesses on the file /etc/udev/hwdb.bin.
reproducible: Not sure how to reproduce the problem
type: libreport

~0028744

arterrey (reporter)

Another user experienced a similar problem:

Whilst useing Gnome, SELinux Alert Browser poped up and told me "you should report his as a bug"

reporter: libreport-2.1.11.1
hashmarkername: setroubleshoot
kernel: 3.10.0-514.6.2.el7.x86_64
package: selinux-policy-3.13.1-102.el7_3.13.noarch
reason: SELinux is preventing /usr/libexec/colord from 'read' accesses on the file /etc/udev/hwdb.bin.
reproducible: Not sure how to reproduce the problem
type: libreport

~0028759

damage.inc (reporter)

Despite of updates yesterday, the problem still present.

~0028836

jorge_debug (reporter)

Another user experienced a similar problem:

Dont know exactly - will not say..

reporter: libreport-2.1.11.1
hashmarkername: setroubleshoot
kernel: 3.10.0-514.10.2.el7.x86_64
package: selinux-policy-3.13.1-102.el7_3.15.noarch
reason: SELinux is preventing /usr/libexec/colord from 'read' accesses on the file /etc/udev/hwdb.bin.
reproducible: Not sure how to reproduce the problem
type: libreport

~0028958

gelvlad (reporter)

Another user experienced a similar problem:

SE linix displayed notification,

reporter: libreport-2.1.11.1
hashmarkername: setroubleshoot
kernel: 3.10.0-514.10.2.el7.x86_64
package: selinux-policy-3.13.1-102.el7_3.15.noarch
reason: SELinux is preventing /usr/libexec/colord from 'read' accesses on the file /etc/udev/hwdb.bin.
reproducible: Not sure how to reproduce the problem
type: libreport

~0029072

al.moorthi (reporter)

Another user experienced a similar problem:

after rebooting the m/c it's showing this in notification alerts

reporter: libreport-2.1.11.1
hashmarkername: setroubleshoot
kernel: 3.10.0-514.el7.x86_64
package: selinux-policy-3.13.1-102.el7.noarch
reason: SELinux is preventing /usr/libexec/colord from 'read' accesses on the file /etc/udev/hwdb.bin.
reproducible: Not sure how to reproduce the problem
type: libreport

~0029077

Hutch (reporter)

Another user experienced a similar problem:

At startup/ Everytime Centos boots, this message appears.

reporter: libreport-2.1.11.1
hashmarkername: setroubleshoot
kernel: 3.10.0-514.10.2.el7.x86_64
package: selinux-policy-3.13.1-102.el7_3.16.noarch
reason: SELinux is preventing /usr/libexec/colord from 'read' accesses on the file /etc/udev/hwdb.bin.
reproducible: Not sure how to reproduce the problem
type: libreport

~0029242

speedracer (reporter)

Another user experienced a similar problem:

Colors are off tried to change color profile but didn't see a change.

reporter: libreport-2.1.11.1
hashmarkername: setroubleshoot
kernel: 3.10.0-514.10.2.el7.x86_64
package: selinux-policy-3.13.1-102.el7_3.15.noarch
reason: SELinux is preventing /usr/libexec/colord from 'read' accesses on the file /etc/udev/hwdb.bin.
reproducible: Not sure how to reproduce the problem
type: libreport

~0029246

yermomsux (reporter)

Another user experienced a similar problem:

I rebooted my computer.

reporter: libreport-2.1.11.1
hashmarkername: setroubleshoot
kernel: 3.10.0-327.36.1.el7.x86_64
package: selinux-policy-3.13.1-102.el7_3.15.noarch
reason: SELinux is preventing /usr/libexec/colord from 'read' accesses on the file /etc/udev/hwdb.bin.
reproducible: Not sure how to reproduce the problem
type: libreport

~0029603

sfenton (reporter)

Another user experienced a similar problem:

I was logging into my user account, and got an AVC denial for colord. Reported as suggested.

reporter: libreport-2.1.11.1
hashmarkername: setroubleshoot
kernel: 3.10.0-514.26.2.el7.x86_64
package: selinux-policy-3.13.1-102.el7_3.16.noarch
reason: SELinux is preventing colord from 'read' accesses on the file /etc/udev/hwdb.bin.
reproducible: Not sure how to reproduce the problem
type: libreport

~0029628

bugsbunyip (reporter)

Another user experienced a similar problem:

Happens instantly on invoking Chrome 59.0.3071.115 (Official Build) (64-bit)

reporter: libreport-2.1.11.1
hashmarkername: setroubleshoot
kernel: 4.11.7-1.el7.elrepo.x86_64
package: selinux-policy-3.13.1-102.el7_3.16.noarch
reason: SELinux is preventing /usr/libexec/colord from 'read' accesses on the file /etc/udev/hwdb.bin.
reproducible: Not sure how to reproduce the problem
type: libreport

~0029715

jgo (reporter)

Another user experienced a similar problem:

trying to print to file generated the error reported here as a bug.

reporter: libreport-2.1.11.1
hashmarkername: setroubleshoot
kernel: 3.10.0-514.26.2.el7.x86_64
package: selinux-policy-3.13.1-102.el7_3.16.noarch
reason: SELinux is preventing /usr/libexec/colord from 'read' accesses on the file /etc/udev/hwdb.bin.
reproducible: Not sure how to reproduce the problem
type: libreport

~0029747

nickpons666 (reporter)

Another user experienced a similar problem:

Al abrir Google Chrome, no guarda la configuración de usuario de chrome.

reporter: libreport-2.1.11.1
hashmarkername: setroubleshoot
kernel: 3.10.0-514.26.2.el7.x86_64
package: selinux-policy-3.13.1-102.el7_3.16.noarch
reason: SELinux is preventing /usr/libexec/colord from 'read' accesses on the file /etc/udev/hwdb.bin.
reproducible: Not sure how to reproduce the problem
type: libreport

~0029772

rohithbelur (reporter)

Another user experienced a similar problem:

Happens when I try to upload a PDF document using firefox.

reporter: libreport-2.1.11.1
hashmarkername: setroubleshoot
kernel: 3.10.0-514.26.2.el7.x86_64
package: selinux-policy-3.13.1-102.el7_3.16.noarch
reason: SELinux is preventing /usr/libexec/colord from 'read' accesses on the file /etc/udev/hwdb.bin.
reproducible: Not sure how to reproduce the problem
type: libreport

~0029798

8471marcus (reporter)

Another user experienced a similar problem:

Additional Information:
Source Context system_u:system_r:colord_t:s0
Target Context system_u:object_r:systemd_hwdb_etc_t:s0
Target Objects /etc/udev/hwdb.bin [ file ]
Source colord
Source Path /usr/libexec/colord
Port <Unknown>
Host (removed)
Source RPM Packages colord-1.2.7-2.el7.x86_64
Target RPM Packages systemd-219-30.el7_3.9.x86_64
Policy RPM selinux-policy-3.13.1-102.el7_3.16.noarch
Selinux Enabled True
Policy Type targeted
Enforcing Mode Enforcing
Host Name (removed)
Platform Linux linux.fritz.box 3.10.0-514.21.2.el7.x86_64
                              #1 SMP Tue Jun 20 12:24:47 UTC 2017 x86_64 x86_64
Alert Count 24
First Seen 2017-06-30 13:39:29 CEST
Last Seen 2017-08-06 03:52:05 CEST
Local ID d84c8e2e-01cb-4215-b047-7035adacce50

Raw Audit Messages
type=AVC msg=audit(1501984325.90:127): avc: denied { read } for pid=1290 comm="colord" name="hwdb.bin" dev="dm-1" ino=181538 scontext=system_u:system_r:colord_t:s0 tcontext=system_u:object_r:systemd_hwdb_etc_t:s0 tclass=file


type=SYSCALL msg=audit(1501984325.90:127): arch=x86_64 syscall=open success=no exit=EACCES a0=7faf328172fb a1=80000 a2=1b6 a3=24 items=0 ppid=1 pid=1290 auid=4294967295 uid=996 gid=993 euid=996 suid=996 fsuid=996 egid=993 sgid=993 fsgid=993 tty=(none) ses=4294967295 comm=colord exe=/usr/libexec/colord subj=system_u:system_r:colord_t:s0 key=(null)

Hash: colord,colord_t,systemd_hwdb_etc_t,file,read

reporter: libreport-2.1.11.1
hashmarkername: setroubleshoot
kernel: 3.10.0-514.21.2.el7.x86_64
package: selinux-policy-3.13.1-102.el7_3.16.noarch
reason: SELinux is preventing /usr/libexec/colord from 'read' accesses on the file /etc/udev/hwdb.bin.
reproducible: Not sure how to reproduce the problem
type: libreport

~0030026

wrightr (reporter)

Another user experienced a similar problem:

occurred immediately after opening Firefox,
which had crashed with "Gah. Your tab just crashed" page, and is now unuseable,
- does not open any tabs, even after re-install.

 

reporter: libreport-2.1.11.1
hashmarkername: setroubleshoot
kernel: 3.10.0-514.26.2.el7.x86_64
package: selinux-policy-3.13.1-102.el7_3.16.noarch
reason: SELinux is preventing /usr/libexec/colord from 'read' accesses on the file /etc/udev/hwdb.bin.
reproducible: Not sure how to reproduce the problem
type: libreport
+Notes

-Issue History
Date Modified Username Field Change
2016-12-13 10:19 damage.inc New Issue
2017-01-26 19:16 posadzka Note Added: 0028490
2017-01-31 16:21 jrvmedic Note Added: 0028516
2017-02-06 15:24 MikeSnap Note Added: 0028535
2017-02-26 19:56 fernando Note Added: 0028693
2017-02-26 19:58 fernando Tag Attached: "Network"
2017-02-26 19:59 fernando Tag Detached: "Network"
2017-02-26 20:06 fernando File Added: GNU nano 2.3.1 Arquivo usr bin netstat
2017-02-27 20:07 minimoo Note Added: 0028702
2017-03-01 12:04 jpinkerton Note Added: 0028724
2017-03-03 03:13 arterrey Note Added: 0028744
2017-03-04 07:25 damage.inc Note Added: 0028759
2017-03-12 01:05 jorge_debug Note Added: 0028836
2017-03-28 20:04 gelvlad Note Added: 0028958
2017-04-14 04:26 al.moorthi Note Added: 0029072
2017-04-16 11:46 Hutch Note Added: 0029077
2017-05-06 17:07 speedracer Note Added: 0029242
2017-05-08 13:44 yermomsux Note Added: 0029246
2017-07-05 14:38 sfenton Note Added: 0029603
2017-07-09 10:25 bugsbunyip Note Added: 0029628
2017-07-21 17:57 jgo Note Added: 0029715
2017-07-27 16:10 nickpons666 Note Added: 0029747
2017-08-01 07:11 rohithbelur Note Added: 0029772
2017-08-06 02:00 8471marcus Note Added: 0029798
2017-09-08 07:37 wrightr Note Added: 0030026
+Issue History