2017-12-12 10:05 UTC

View Issue Details Jump to Notes ]
IDProjectCategoryView StatusLast Update
0012988CentOS-7selinux-policypublic2017-05-08 13:41
Reporteryermomsux 
PrioritynormalSeverityminorReproducibilityhave not tried
StatusnewResolutionopen 
PlatformOSOS Version7
Product Version 
Target VersionFixed in Version 
Summary0012988: SELinux is preventing dmesg from 'write' accesses on the file /opt/dell/invcol.JAcGRgj3Kj/icredir.txt.
DescriptionDescription of problem:
SELinux is preventing dmesg from 'write' accesses on the file /opt/dell/invcol.JAcGRgj3Kj/icredir.txt.

***** Plugin catchall_labels (83.8 confidence) suggests *******************

If you want to allow dmesg to have write access on the icredir.txt file
Then you need to change the label on /opt/dell/invcol.JAcGRgj3Kj/icredir.txt
Do
# semanage fcontext -a -t FILE_TYPE '/opt/dell/invcol.JAcGRgj3Kj/icredir.txt'
where FILE_TYPE is one of the following: abrt_var_cache_t, afs_cache_t, initrc_tmp_t, puppet_tmp_t, user_cron_spool_t, user_tmp_t, var_log_t.
Then execute:
restorecon -v '/opt/dell/invcol.JAcGRgj3Kj/icredir.txt'


***** Plugin catchall (17.1 confidence) suggests **************************

If you believe that dmesg should be allowed write access on the icredir.txt file by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# ausearch -c 'dmesg' --raw | audit2allow -M my-dmesg
# semodule -i my-dmesg.pp

Additional Information:
Source Context system_u:system_r:dmesg_t:s0
Target Context system_u:object_r:usr_t:s0
Target Objects /opt/dell/invcol.JAcGRgj3Kj/icredir.txt [ file ]
Source dmesg
Source Path dmesg
Port <Unknown>
Host (removed)
Source RPM Packages util-linux-2.23.2-33.el7.x86_64
Target RPM Packages
Policy RPM selinux-policy-3.13.1-102.el7_3.15.noarch
Selinux Enabled True
Policy Type targeted
Enforcing Mode Enforcing
Host Name (removed)
Platform Linux (removed) 3.10.0-327.36.1.el7.x86_64 #1 SMP
                              Sun Sep 18 13:04:29 UTC 2016 x86_64 x86_64
Alert Count 3
First Seen 2017-03-17 16:18:39 EDT
Last Seen 2017-03-17 17:03:28 EDT
Local ID b0a31ea0-7493-444f-b85e-5db115060883

Raw Audit Messages
type=AVC msg=audit(1489784608.24:176): avc: denied { write } for pid=6526 comm="dmesg" path="/opt/dell/invcol.JAcGRgj3Kj/icredir.txt" dev="dm-0" ino=205356651 scontext=system_u:system_r:dmesg_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=file


type=AVC msg=audit(1489784608.24:176): avc: denied { read write } for pid=6526 comm="dmesg" path="/opt/dell/srvadmin/var/lib/openmanage/.omaipc" dev="dm-0" ino=141096705 scontext=system_u:system_r:dmesg_t:s0 tcontext=system_u:object_r:var_lib_t:s0 tclass=file


type=AVC msg=audit(1489784608.24:176): avc: denied { write } for pid=6526 comm="dmesg" path="/opt/dell/invcol.JAcGRgj3Kj/icredir.txt" dev="dm-0" ino=205356651 scontext=system_u:system_r:dmesg_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=file


type=AVC msg=audit(1489784608.24:176): avc: denied { write } for pid=6526 comm="dmesg" path="/opt/dell/invcol.JAcGRgj3Kj/NIC_Intel_Firmware/inventory.xml" dev="dm-0" ino=2952609 scontext=system_u:system_r:dmesg_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=file


type=SYSCALL msg=audit(1489784608.24:176): arch=x86_64 syscall=execve success=yes exit=0 a0=12701f0 a1=126f400 a2=126efd0 a3=7ffec4a8c7b0 items=0 ppid=6525 pid=6526 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=dmesg exe=/usr/bin/dmesg subj=system_u:system_r:dmesg_t:s0 key=(null)

Hash: dmesg,dmesg_t,usr_t,file,write

Version-Release number of selected component:
selinux-policy-3.13.1-102.el7_3.15.noarch
Additional Informationreporter: libreport-2.1.11.1
hashmarkername: setroubleshoot
kernel: 3.10.0-327.36.1.el7.x86_64
reproducible: Not sure how to reproduce the problem
type: libreport
TagsNo tags attached.
abrt_hashd537b6039bd34863d0688a6bf2076a311083ed0641b0585d44a4796c1f97e8a2
URL
Attached Files

-Relationships
+Relationships

-Notes

~0029245

yermomsux (reporter)

Another user experienced a similar problem:

I rebooted my computer and this error popped up.

reporter: libreport-2.1.11.1
hashmarkername: setroubleshoot
kernel: 3.10.0-327.36.1.el7.x86_64
package: selinux-policy-3.13.1-102.el7_3.15.noarch
reason: SELinux is preventing dmesg from 'write' accesses on the file /opt/dell/invcol.2JkxNRIpfb/icredir.txt.
reproducible: Not sure how to reproduce the problem
type: libreport
+Notes

-Issue History
Date Modified Username Field Change
2017-03-17 22:01 yermomsux New Issue
2017-05-08 13:41 yermomsux Note Added: 0029245
+Issue History