View Issue Details

IDProjectCategoryView StatusLast Update
0014571CentOS-7selinux-policypublic2018-03-11 19:04
Reporterfbures 
PrioritynormalSeverityminorReproducibilityalways
Status closedResolutionwon't fix 
Product Version7.4.1708 
Target VersionFixed in Version 
Summary0014571: bash does not have an access to /etc/vmware
DescriptionSELinux is preventing /usr/bin/bash from search access on the directory /etc/vmware.

***** Plugin catchall (100. confidence) suggests **************************

If you believe that bash should be allowed search access on the vmware directory by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# ausearch -c 'bash' --raw | audit2allow -M my-bash
# semodule -i my-bash.pp

Additional Information:
Source Context system_u:system_r:cupsd_t:s0-s0:c0.c1023
Target Context unconfined_u:object_r:vmware_sys_conf_t:s0
Target Objects /etc/vmware [ dir ]
Source bash
Source Path /usr/bin/bash
Port <Unknown>
Host home.frank-home.local
Source RPM Packages bash-4.2.46-29.el7_4.x86_64
Target RPM Packages
Policy RPM selinux-policy-3.13.1-166.el7_4.9.noarch
Selinux Enabled True
Policy Type targeted
Enforcing Mode Enforcing
Host Name home.frank-home.local
Platform Linux home.frank-home.local
                              3.10.0-693.21.1.el7.x86_64 #1 SMP Wed Mar 7
                              19:03:37 UTC 2018 x86_64 x86_64
Alert Count 2
First Seen 2018-03-10 16:30:54 EST
Last Seen 2018-03-10 16:31:35 EST
Local ID 391481fc-84a5-4c94-8dc3-16fb27c67528

Raw Audit Messages
type=AVC msg=audit(1520717495.268:29180): avc: denied { search } for pid=7507 comm="bash" name="vmware" dev="md127" ino=3453425194 scontext=system_u:system_r:cupsd_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:vmware_sys_conf_t:s0 tclass=dir


type=SYSCALL msg=audit(1520717495.268:29180): arch=x86_64 syscall=open success=no exit=EACCES a0=fe3fe0 a1=0 a2=435730 a3=3 items=0 ppid=1160 pid=7507 auid=4294967295 uid=4 gid=7 euid=4 suid=4 fsuid=4 egid=7 sgid=7 fsgid=7 tty=(none) ses=4294967295 comm=bash exe=/usr/bin/bash subj=system_u:system_r:cupsd_t:s0-s0:c0.c1023 key=(null)

Hash: bash,cupsd_t,vmware_sys_conf_t,dir,search
TagsNo tags attached.
abrt_hash
URL

Activities

TrevorH

TrevorH

2018-03-11 19:04

manager   ~0031409

VMWare is not a CentOS product and the mislabeling of their files and directories is something you need to report to them. To solve your current issue you might want to look at the following:

Useful resources for SELinux: http://wiki.centos.org/HowTos/SELinux | http://wiki.centos.org/TipsAndTricks/SelinuxBooleans | http://docs.fedoraproject.org/en-US/Fedora/13/html/Security-Enhanced_Linux/ | http://www.youtube.com/watch?v=bQqX3RWn0Yw | http://opensource.com/business/13/11/selinux-policy-guide

Issue History

Date Modified Username Field Change
2018-03-11 16:07 fbures New Issue
2018-03-11 19:04 TrevorH Status new => closed
2018-03-11 19:04 TrevorH Resolution open => won't fix
2018-03-11 19:04 TrevorH Note Added: 0031409