View Issue Details

IDProjectCategoryView StatusLast Update
0013892CentOS-7selinux-policypublic2019-04-12 12:17
Reporterriru 
PrioritynormalSeverityminorReproducibilityhave not tried
Status newResolutionopen 
PlatformOSOS Version7
Product Version 
Target VersionFixed in Version 
Summary0013892: SELinux is preventing /usr/libexec/accounts-daemon from 'write' accesses on the directory root.
DescriptionDescription of problem:
SELinux is preventing /usr/libexec/accounts-daemon from 'write' accesses on the directory root.

***** Plugin catchall (100. confidence) suggests **************************

If accounts-daemon に、 root directory の write アクセスがデフォルトで許可されるべきです。
Then バグとして報告してください。
ローカルのポリシーモジュールを生成すると、
 このアクセスを許可することができます。
Do
allow this access for now by executing:
# ausearch -c 'accounts-daemon' --raw | audit2allow -M my-accountsdaemon
# semodule -i my-accountsdaemon.pp

Additional Information:
Source Context system_u:system_r:accountsd_t:s0
Target Context system_u:object_r:admin_home_t:s0
Target Objects root [ dir ]
Source accounts-daemon
Source Path /usr/libexec/accounts-daemon
Port <Unknown>
Host (removed)
Source RPM Packages accountsservice-0.6.45-2.el7.x86_64
Target RPM Packages filesystem-3.2-21.el7.x86_64
Policy RPM selinux-policy-3.13.1-166.el7.noarch
Selinux Enabled True
Policy Type targeted
Enforcing Mode Enforcing
Host Name (removed)
Platform Linux (removed) 3.10.0-693.el7.x86_64 #1 SMP Tue
                              Aug 22 21:09:27 UTC 2017 x86_64 x86_64
Alert Count 1
First Seen 2017-09-22 22:02:26 JST
Last Seen 2017-09-22 22:02:26 JST
Local ID f5afd09d-868b-4084-b58b-4ba46fee181a

Raw Audit Messages
type=AVC msg=audit(1506085346.291:34): avc: denied { write } for pid=852 comm="accounts-daemon" name="root" dev="dm-0" ino=69 scontext=system_u:system_r:accountsd_t:s0 tcontext=system_u:object_r:admin_home_t:s0 tclass=dir


type=SYSCALL msg=audit(1506085346.291:34): arch=x86_64 syscall=mkdir success=no exit=EACCES a0=55914e931030 a1=1c0 a2=0 a3=7fffd554eaa0 items=0 ppid=1 pid=852 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=accounts-daemon exe=/usr/libexec/accounts-daemon subj=system_u:system_r:accountsd_t:s0 key=(null)

Hash: accounts-daemon,accountsd_t,admin_home_t,dir,write

Version-Release number of selected component:
selinux-policy-3.13.1-166.el7.noarch
Additional Informationreporter: libreport-2.1.11.1
hashmarkername: setroubleshoot
kernel: 3.10.0-693.2.2.el7.x86_64
reproducible: Not sure how to reproduce the problem
type: libreport
TagsNo tags attached.
abrt_hashaa8dff3211f69a6999a3bdb11526902db8d8109607cd0638826b1fc857bbfc4d
URL

Activities

potap75

potap75

2017-10-06 18:11

reporter   ~0030321

Another user experienced a similar problem:

popped up itself on restart.

reporter: libreport-2.1.11.1
hashmarkername: setroubleshoot
kernel: 3.10.0-693.el7.x86_64
package: selinux-policy-3.13.1-166.el7.noarch
reason: SELinux is preventing /usr/libexec/accounts-daemon from 'write' accesses on the directory root.
reproducible: Not sure how to reproduce the problem
type: libreport
c001badg3r5

c001badg3r5

2017-10-09 08:42

reporter   ~0030335

Another user experienced a similar problem:

This is a new CentOS 7 desktop install and has only been running a few days. No changes have been made to the system other than insalling clamav

reporter: libreport-2.1.11.1
hashmarkername: setroubleshoot
kernel: 3.10.0-693.2.2.el7.x86_64
package: selinux-policy-3.13.1-166.el7.noarch
reason: SELinux is preventing /usr/libexec/accounts-daemon from 'write' accesses on the directory root.
reproducible: Not sure how to reproduce the problem
type: libreport
DMalsonjr4842

DMalsonjr4842

2017-10-26 23:05

reporter   ~0030472

Another user experienced a similar problem:

please fix asap

reporter: libreport-2.1.11.1
hashmarkername: setroubleshoot
kernel: 3.10.0-693.5.2.el7.x86_64
package: selinux-policy-3.13.1-166.el7.noarch
reason: SELinux is preventing /usr/libexec/accounts-daemon from 'write' accesses on the directory root.
reproducible: Not sure how to reproduce the problem
type: libreport
Pisspott

Pisspott

2018-01-08 21:32

reporter   ~0030883

Another user experienced a similar problem:

Frische Installation.

reporter: libreport-2.1.11.1
hashmarkername: setroubleshoot
kernel: 3.10.0-693.11.6.el7.x86_64
package: selinux-policy-3.13.1-166.el7.noarch
reason: SELinux is preventing /usr/libexec/accounts-daemon from 'write' accesses on the directory root.
reproducible: Not sure how to reproduce the problem
type: libreport
elliotalicea

elliotalicea

2018-01-17 05:50

reporter   ~0030949

Another user experienced a similar problem:

I was searching online on how to enable a couple of ports and trying to digitally sign a rpm and that is when I got this message. Not sure if that caused it or if the firewall caught it.

reporter: libreport-2.1.11.1
hashmarkername: setroubleshoot
kernel: 3.10.0-693.el7.x86_64
package: selinux-policy-3.13.1-166.el7.noarch
reason: SELinux is preventing /usr/libexec/accounts-daemon from 'write' accesses on the directory root.
reproducible: Not sure how to reproduce the problem
type: libreport
gtani

gtani

2018-03-20 11:38

reporter   ~0031469

Another user experienced a similar problem:

i Don't Know ... !

reporter: libreport-2.1.11.1
hashmarkername: setroubleshoot
kernel: 3.10.0-693.21.1.el7.x86_64
package: selinux-policy-3.13.1-166.el7.noarch
reason: SELinux is preventing /usr/libexec/accounts-daemon from 'write' accesses on the directory root.
reproducible: Not sure how to reproduce the problem
type: libreport
MattCorg

MattCorg

2018-05-08 00:53

reporter   ~0031730

Another user experienced a similar problem:

I was attempting to print out a webpage by printing it as a .pdf.
It would allow me to print and acted like it was printing but just wouldn't actually do the task.
What I mean by this is that when I would go to the directory where I had instructed the print to be held, it was not present
in the folder. When I searched for the file in the entire system, it was also not present.

reporter: libreport-2.1.11.1
hashmarkername: setroubleshoot
kernel: 3.10.0-693.21.1.el7.x86_64
package: selinux-policy-3.13.1-166.el7.noarch
reason: SELinux is preventing /usr/libexec/accounts-daemon from 'write' accesses on the directory root.
reproducible: Not sure how to reproduce the problem
type: libreport
evgeny.feigelman

evgeny.feigelman

2019-04-12 12:17

reporter   ~0034187

Another user experienced a similar problem:

Update clean vm after installation

reporter: libreport-2.1.11.1
hashmarkername: setroubleshoot
kernel: 3.10.0-693.el7.x86_64
package: selinux-policy-3.13.1-166.el7.noarch
reason: SELinux is preventing /usr/libexec/accounts-daemon from 'write' accesses on the directory root.
reproducible: Not sure how to reproduce the problem
type: libreport

Issue History

Date Modified Username Field Change
2017-09-22 14:07 riru New Issue
2017-10-06 18:11 potap75 Note Added: 0030321
2017-10-09 08:42 c001badg3r5 Note Added: 0030335
2017-10-26 23:05 DMalsonjr4842 Note Added: 0030472
2018-01-08 21:32 Pisspott Note Added: 0030883
2018-01-17 05:50 elliotalicea Note Added: 0030949
2018-03-20 11:38 gtani Note Added: 0031469
2018-05-08 00:53 MattCorg Note Added: 0031730
2019-04-12 12:17 evgeny.feigelman Note Added: 0034187