View Issue Details

IDProjectCategoryView StatusLast Update
0015203CentOS-7selinux-policypublic2018-08-22 18:05
Reporterzyksnowy 
PrioritynormalSeverityminorReproducibilityhave not tried
Status newResolutionopen 
PlatformOSOS Version7
Product Version 
Target VersionFixed in Version 
Summary0015203: SELinux is preventing gdk-pixbuf-thum from using the 'dac_read_search' capabilities.
DescriptionDescription of problem:
SELinux is preventing gdk-pixbuf-thum from using the 'dac_read_search' capabilities.

***** Plugin dac_override (91.4 confidence) suggests **********************

If you want to help identify if domain needs this access or you have a file with the wrong permissions on your system
Then 打开全面审核以获得有关违规文件路径信息并再次生成该错误。
Do

开启完整审核
# auditctl -w /etc/shadow -p w
尝试重新生成 AVC。然后执行
# ausearch -m avc -ts recent
如果可看到 PATH 记录,检查文件的所有权及权限,然后修复。
否则需向 bugzila 提交报告。

***** Plugin catchall (9.59 confidence) suggests **************************

If you believe that gdk-pixbuf-thum should have the dac_read_search capability by default.
Then 应该将这个情况作为 bug 报告。
可以生成本地策略模块以允许此访问。
Do
allow this access for now by executing:
# ausearch -c 'gdk-pixbuf-thum' --raw | audit2allow -M my-gdkpixbufthum
# semodule -i my-gdkpixbufthum.pp

Additional Information:
Source Context unconfined_u:unconfined_r:thumb_t:s0-s0:c0.c1023
Target Context unconfined_u:unconfined_r:thumb_t:s0-s0:c0.c1023
Target Objects Unknown [ capability ]
Source gdk-pixbuf-thum
Source Path gdk-pixbuf-thum
Port <Unknown>
Host (removed)
Source RPM Packages
Target RPM Packages
Policy RPM selinux-policy-3.13.1-192.el7.noarch
Selinux Enabled True
Policy Type targeted
Enforcing Mode Enforcing
Host Name (removed)
Platform Linux (removed) 3.10.0-862.el7.x86_64 #1 SMP Fri
                              Apr 20 16:44:24 UTC 2018 x86_64 x86_64
Alert Count 2
First Seen 2018-08-23 00:17:05 CST
Last Seen 2018-08-23 00:17:31 CST
Local ID 543956da-5b1d-4945-a1e5-757023a9108d

Raw Audit Messages
type=AVC msg=audit(1534954651.575:724): avc: denied { dac_read_search } for pid=14260 comm="gdk-pixbuf-thum" capability=2 scontext=unconfined_u:unconfined_r:thumb_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:thumb_t:s0-s0:c0.c1023 tclass=capability


Hash: gdk-pixbuf-thum,thumb_t,thumb_t,capability,dac_read_search

Version-Release number of selected component:
selinux-policy-3.13.1-192.el7.noarch
Additional Informationreporter: libreport-2.1.11.1
hashmarkername: setroubleshoot
kernel: 3.10.0-862.el7.x86_64
reproducible: Not sure how to reproduce the problem
type: libreport
TagsNo tags attached.
abrt_hash58ba9cbaaa5b6dc84d18c1d7e95bc1959a7959a11697089020512432a8db9b6c
URL

Activities

There are no notes attached to this issue.

Issue History

Date Modified Username Field Change
2018-08-22 18:05 zyksnowy New Issue