View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0012759 | CentOS-7 | selinux-policy | public | 2017-01-31 16:46 | 2022-01-20 15:14 |
| Reporter | StarsKim | Assigned To | |||
| Priority | normal | Severity | minor | Reproducibility | have not tried |
| Status | new | Resolution | open | ||
| OS Version | 7 | ||||
| Summary | 0012759: SELinux is preventing /usr/libexec/gdm-session-worker from 'write' accesses on the directory starskim. | ||||
| Description | Description of problem: SELinux is preventing /usr/libexec/gdm-session-worker from 'write' accesses on the directory starskim. ***** Plugin catchall_labels (83.8 confidence) suggests ******************* If you want to allow gdm-session-worker to have write access on the starskim directory Then 必须更改 starskim 中的标签 Do # semanage fcontext -a -t FILE_TYPE 'starskim' 其中 FILE_TYPE 为以下内容之一:abrt_var_cache_t, admin_home_t, alsa_home_t, antivirus_home_t, audio_home_t, auth_cache_t, auth_home_t, cache_home_t, cgroup_t, chrome_sandbox_home_t, config_home_t, cvs_home_t, data_home_t, dbus_home_t, docker_home_t, etc_t, faillog_t, fetchmail_home_t, fonts_cache_t, gconf_home_t, git_user_content_t, gkeyringd_gnome_home_t, gkeyringd_tmp_t, gnome_home_t, gpg_secret_t, gstreamer_home_t, home_bin_t, home_cert_t, httpd_user_content_t, httpd_user_htaccess_t, httpd_user_ra_content_t, httpd_user_rw_content_t, httpd_user_script_exec_t, icc_data_home_t, iceauth_home_t, init_var_run_t, irc_home_t, irc_tmp_t, irssi_home_t, kismet_home_t, krb5_home_t, krb5_host_rcache_t, local_login_home_t, locale_t, mail_home_rw_t, mail_home_t, mandb_home_t, mozilla_home_t, mozilla_plugin_rw_t, mozilla_plugin_tmp_t, mozilla_plugin_tmpfs_t, mpd_home_t, mpd_user_data_t, mplayer_home_t, mysqld_home_t, openshift_var_lib_t, pam_var_console_t, pam_var_run_t, polipo_cache_home_t, polipo_config_home_t, procmail_home_t, pulseaudio_home_t, rlogind_home_t, root_t, rssh_ro_t, rssh_rw_t, sandbox_file_t, screen_home_t, spamc_home_t, speech-dispatcher_home_t, ssh_home_t, svirt_home_t, systemd_home_t, systemd_passwd_var_run_t, telepathy_cache_home_t, telepathy_data_home_t, telepathy_gabble_cache_home_t, telepathy_logger_cache_home_t, telepathy_logger_data_home_t, telepathy_mission_control_cache_home_t, telepathy_mission_control_data_home_t, telepathy_mission_control_home_t, telepathy_sunshine_home_t, texlive_home_t, thumb_home_t, tmp_t, tmpfs_t, tvtime_home_t, uml_ro_t, uml_rw_t, user_fonts_cache_t, user_fonts_config_t, user_fonts_t, user_home_dir_t, user_home_t, user_tmp_t, usr_t, var_auth_t, var_lib_t, var_lock_t, var_log_t, var_run_t, var_spool_t, var_t, virt_content_t, virt_home_t, vmware_conf_t, vmware_file_t, wine_home_t, wireshark_home_t, xauth_home_t, xdm_home_t, xdm_log_t, xdm_rw_etc_t, xdm_spool_t, xdm_tmpfs_t, xdm_var_lib_t, xdm_var_run_t, xkb_var_lib_t, xserver_log_t。 然后执行: restorecon -v 'starskim' ***** Plugin catchall (17.1 confidence) suggests ************************** If 确定应默认允许 gdm-session-worker write 访问 starskim directory。 Then 应该将这个情况作为 bug 报告。 可以生成本地策略模块以允许此访问。 Do allow this access for now by executing: # ausearch -c 'gdm-session-wor' --raw | audit2allow -M my-gdmsessionwor # semodule -i my-gdmsessionwor.pp Additional Information: Source Context system_u:system_r:xdm_t:s0-s0:c0.c1023 Target Context system_u:object_r:default_t:s0 Target Objects starskim [ dir ] Source gdm-session-wor Source Path /usr/libexec/gdm-session-worker Port <Unknown> Host (removed) Source RPM Packages gdm-3.14.2-19.el7.x86_64 Target RPM Packages Policy RPM selinux-policy-3.13.1-102.el7.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 3.10.0-514.el7.x86_64 #1 SMP Tue Nov 22 16:42:41 UTC 2016 x86_64 x86_64 Alert Count 1 First Seen 2017-02-01 00:37:48 CST Last Seen 2017-02-01 00:37:48 CST Local ID d9696b46-e41c-4370-a23f-518fa3452b83 Raw Audit Messages type=AVC msg=audit(1485880668.20:221): avc: denied { write } for pid=12174 comm="gdm-session-wor" name="starskim" dev="sda3" ino=102572304 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:default_t:s0 tclass=dir type=SYSCALL msg=audit(1485880668.20:221): arch=x86_64 syscall=mkdir success=no exit=EACCES a0=7f72e0849150 a1=1c0 a2=7f72e0849160 a3=7ffc4c261e60 items=0 ppid=12155 pid=12174 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=(none) ses=4 comm=gdm-session-wor exe=/usr/libexec/gdm-session-worker subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 key=(null) Hash: gdm-session-wor,xdm_t,default_t,dir,write Version-Release number of selected component: selinux-policy-3.13.1-102.el7.noarch | ||||
| Additional Information | reporter: libreport-2.1.11.1 hashmarkername: setroubleshoot kernel: 3.10.0-514.el7.x86_64 reproducible: Not sure how to reproduce the problem type: libreport | ||||
| Tags | No tags attached. | ||||
| abrt_hash | 738742525e79d785090ab63ba6526619dce59f842cc1e990c7bc93c6063adee5 | ||||
| URL | |||||
 |
Another user experienced a similar problem: While using the clang on the terminal and i find the error while i tried to update the git 1.8 to 2 version and my system crashed. reporter: libreport-2.1.11.1 hashmarkername: setroubleshoot kernel: 3.10.0-1160.53.1.el7.x86_64 package: selinux-policy-3.13.1-268.el7_9.2.noarch reason: SELinux is preventing /usr/libexec/gdm-session-worker from 'write' accesses on the directory .cache. reproducible: Not sure how to reproduce the problem type: libreport |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2017-01-31 16:46 | StarsKim | New Issue | |
| 2022-01-20 15:14 | aayushnepal88 | Note Added: 0038821 |
