View Issue Details

IDProjectCategoryView StatusLast Update
0014677CentOS-7selinux-policypublic2018-04-11 09:33
PrioritynormalSeverityminorReproducibilityhave not tried
Status newResolutionopen 
PlatformOSOS Version7
Product Version 
Target VersionFixed in Version 
Summary0014677: SELinux is preventing 57656220436F6E74656E74 from using the 'dac_read_search' capabilities.
DescriptionDescription of problem:
SELinux is preventing 57656220436F6E74656E74 from using the 'dac_read_search' capabilities.

***** Plugin mozplugger (87.7 confidence) suggests ************************

If you want to use the plugin package
Then you must turn off SELinux controls on the Firefox plugins.
# setsebool -P unconfined_mozilla_plugin_transition 0

***** Plugin dac_override (12.1 confidence) suggests **********************

If you want to help identify if domain needs this access or you have a file with the wrong permissions on your system
Then turn on full auditing to get path information about the offending file and generate the error again.

Turn on full auditing
# auditctl -w /etc/shadow -p w
Try to recreate AVC. Then execute
# ausearch -m avc -ts recent
If you see PATH record check ownership/permissions on file, and fix it,
otherwise report as a bugzilla.

***** Plugin catchall (1.66 confidence) suggests **************************

If you believe that 57656220436F6E74656E74 should have the dac_read_search capability by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
allow this access for now by executing:
# ausearch -c '57656220436F6E74656E74' --raw | audit2allow -M my-57656220436F6E74656E74
# semodule -i my-57656220436F6E74656E74.pp

Additional Information:
Source Context unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c
Target Context unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c
Target Objects Unknown [ capability ]
Source 57656220436F6E74656E74
Source Path 57656220436F6E74656E74
Port <Unknown>
Host (removed)
Source RPM Packages
Target RPM Packages
Policy RPM selinux-policy-3.13.1-166.el7_4.9.noarch
Selinux Enabled True
Policy Type targeted
Enforcing Mode Enforcing
Host Name (removed)
Platform Linux (removed) 3.10.0-693.21.1.el7.x86_64 #1 SMP
                              Wed Mar 7 19:03:37 UTC 2018 x86_64 x86_64
Alert Count 9
First Seen 2018-04-10 04:33:14 IST
Last Seen 2018-04-10 04:46:20 IST
Local ID 1cad23f6-0f52-42ef-a878-2b27ec71b647

Raw Audit Messages
type=AVC msg=audit(1523315780.579:1317): avc: denied { dac_read_search } for pid=2624 comm=57656220436F6E74656E74 capability=2 scontext=unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c0.c1023 tclass=capability

Hash: 57656220436F6E74656E74,mozilla_plugin_t,mozilla_plugin_t,capability,dac_read_search

Version-Release number of selected component:
Additional Informationreporter: libreport-
hashmarkername: setroubleshoot
kernel: 3.10.0-693.21.1.el7.x86_64
reproducible: Not sure how to reproduce the problem
type: libreport
TagsNo tags attached.


There are no notes attached to this issue.

Issue History

Date Modified Username Field Change
2018-04-11 09:33 SandeepSwargam New Issue