2017-11-17 21:10 UTC

View Issue Details Jump to Notes ]
IDProjectCategoryView StatusLast Update
0013784CentOS-7selinux-policypublic2017-09-08 18:01
Reporterspohaver 
PrioritynormalSeverityminorReproducibilityhave not tried
StatusnewResolutionopen 
PlatformOSOS Version7
Product Version 
Target VersionFixed in Version 
Summary0013784: SELinux is preventing /usr/libexec/gvfs-udisks2-volume-monitor from 'getattr' accesses on the file /run/mount/utab.
DescriptionDescription of problem:
SELinux error started showing up after installing MATE (which also needed the updated glib2 from the cr repo) and logging into the MATE desktop environment.
The following commands were used to install:
  216 sudo yum --enablerepo=cr install glib2
  217 sudo yum groupinstall mate-desktop
SELinux is preventing /usr/libexec/gvfs-udisks2-volume-monitor from 'getattr' accesses on the file /run/mount/utab.

***** Plugin catchall (100. confidence) suggests **************************

If you believe that gvfs-udisks2-volume-monitor should be allowed getattr access on the utab file by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# ausearch -c 'gvfs-udisks2-vo' --raw | audit2allow -M my-gvfsudisks2vo
# semodule -i my-gvfsudisks2vo.pp

Additional Information:
Source Context system_u:system_r:xdm_t:s0-s0:c0.c1023
Target Context system_u:object_r:mount_var_run_t:s0
Target Objects /run/mount/utab [ file ]
Source gvfs-udisks2-vo
Source Path /usr/libexec/gvfs-udisks2-volume-monitor
Port <Unknown>
Host (removed)
Source RPM Packages gvfs-1.22.4-8.el7.x86_64
Target RPM Packages
Policy RPM selinux-policy-3.13.1-102.el7_3.16.noarch
Selinux Enabled True
Policy Type targeted
Enforcing Mode Enforcing
Host Name (removed)
Platform Linux (removed) 3.10.0-514.26.2.el7.x86_64 #1 SMP
                              Tue Jul 4 15:04:05 UTC 2017 x86_64 x86_64
Alert Count 145
First Seen 2017-09-03 06:10:53 PDT
Last Seen 2017-09-08 10:52:22 PDT
Local ID 121a87f9-95f7-4d3e-9228-ad2bc1f2726c

Raw Audit Messages
type=AVC msg=audit(1504893142.856:6989): avc: denied { getattr } for pid=1508 comm="gvfs-udisks2-vo" path="/run/mount/utab" dev="tmpfs" ino=232792 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:mount_var_run_t:s0 tclass=file


type=SYSCALL msg=audit(1504893142.856:6989): arch=x86_64 syscall=lstat success=no exit=EACCES a0=7f3450c1a988 a1=7ffd9762a100 a2=7ffd9762a100 a3=10 items=0 ppid=1 pid=1508 auid=4294967295 uid=42 gid=42 euid=42 suid=42 fsuid=42 egid=42 sgid=42 fsgid=42 tty=(none) ses=4294967295 comm=gvfs-udisks2-vo exe=/usr/libexec/gvfs-udisks2-volume-monitor subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 key=(null)

Hash: gvfs-udisks2-vo,xdm_t,mount_var_run_t,file,getattr

Version-Release number of selected component:
selinux-policy-3.13.1-102.el7_3.16.noarch
Additional Informationreporter: libreport-2.1.11.1
hashmarkername: setroubleshoot
kernel: 3.10.0-514.26.2.el7.x86_64
reproducible: Not sure how to reproduce the problem
type: libreport
TagsNo tags attached.
abrt_hash28ff10537e4f7f40759c595c931387523c8d434ebb9f912c1fe6093e9ecf5d66
URL
Attached Files

-Relationships
+Relationships

-Notes
There are no notes attached to this issue.
+Notes

-Issue History
Date Modified Username Field Change
2017-09-08 18:01 spohaver New Issue
+Issue History