View Issue Details

IDProjectCategoryView StatusLast Update
0014677CentOS-7selinux-policypublic2018-04-11 09:33
ReporterSandeepSwargam 
PrioritynormalSeverityminorReproducibilityhave not tried
Status newResolutionopen 
PlatformOSOS Version7
Product Version 
Target VersionFixed in Version 
Summary0014677: SELinux is preventing 57656220436F6E74656E74 from using the 'dac_read_search' capabilities.
DescriptionDescription of problem:
SELinux is preventing 57656220436F6E74656E74 from using the 'dac_read_search' capabilities.

***** Plugin mozplugger (87.7 confidence) suggests ************************

If you want to use the plugin package
Then you must turn off SELinux controls on the Firefox plugins.
Do
# setsebool -P unconfined_mozilla_plugin_transition 0

***** Plugin dac_override (12.1 confidence) suggests **********************

If you want to help identify if domain needs this access or you have a file with the wrong permissions on your system
Then turn on full auditing to get path information about the offending file and generate the error again.
Do

Turn on full auditing
# auditctl -w /etc/shadow -p w
Try to recreate AVC. Then execute
# ausearch -m avc -ts recent
If you see PATH record check ownership/permissions on file, and fix it,
otherwise report as a bugzilla.

***** Plugin catchall (1.66 confidence) suggests **************************

If you believe that 57656220436F6E74656E74 should have the dac_read_search capability by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# ausearch -c '57656220436F6E74656E74' --raw | audit2allow -M my-57656220436F6E74656E74
# semodule -i my-57656220436F6E74656E74.pp

Additional Information:
Source Context unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c
                              0.c1023
Target Context unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c
                              0.c1023
Target Objects Unknown [ capability ]
Source 57656220436F6E74656E74
Source Path 57656220436F6E74656E74
Port <Unknown>
Host (removed)
Source RPM Packages
Target RPM Packages
Policy RPM selinux-policy-3.13.1-166.el7_4.9.noarch
Selinux Enabled True
Policy Type targeted
Enforcing Mode Enforcing
Host Name (removed)
Platform Linux (removed) 3.10.0-693.21.1.el7.x86_64 #1 SMP
                              Wed Mar 7 19:03:37 UTC 2018 x86_64 x86_64
Alert Count 9
First Seen 2018-04-10 04:33:14 IST
Last Seen 2018-04-10 04:46:20 IST
Local ID 1cad23f6-0f52-42ef-a878-2b27ec71b647

Raw Audit Messages
type=AVC msg=audit(1523315780.579:1317): avc: denied { dac_read_search } for pid=2624 comm=57656220436F6E74656E74 capability=2 scontext=unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c0.c1023 tclass=capability


Hash: 57656220436F6E74656E74,mozilla_plugin_t,mozilla_plugin_t,capability,dac_read_search

Version-Release number of selected component:
selinux-policy-3.13.1-166.el7_4.9.noarch
Additional Informationreporter: libreport-2.1.11.1
hashmarkername: setroubleshoot
kernel: 3.10.0-693.21.1.el7.x86_64
reproducible: Not sure how to reproduce the problem
type: libreport
TagsNo tags attached.
abrt_hashb3e4a00823a4bfd5a11300d50191cf5d0a1844eabaae187a56862e37d7bcc116
URL

Activities

There are no notes attached to this issue.

Issue History

Date Modified Username Field Change
2018-04-11 09:33 SandeepSwargam New Issue