View Issue Details

IDProjectCategoryView StatusLast Update
0015240CentOS-7selinux-policypublic2018-09-05 15:22
Reporterreyesgarciacortes 
PrioritynormalSeverityminorReproducibilityhave not tried
Status newResolutionopen 
PlatformOSOS Version7
Product Version 
Target VersionFixed in Version 
Summary0015240: SELinux is preventing /usr/bin/bash from 'write' accesses on the fifo_file /opt/BitDefender/var/tmp/pamNotifyPipe.
DescriptionDescription of problem:
SELinux is preventing /usr/bin/bash from 'write' accesses on the fifo_file /opt/BitDefender/var/tmp/pamNotifyPipe.

***** Plugin catchall (100. confidence) suggests **************************

Si cree que de manera predeterminada se debería permitir a bash el acceso write sobre pamNotifyPipe fifo_file.
Then debería reportar esto como un error.
Puede generar un módulo de política local para permitir este acceso.
Do
permita el acceso temporalmente ejecutando:
# ausearch -c 'notify_script.s' --raw | audit2allow -M mi-notifyscripts
# semodule -i mi-notifyscripts.pp

Additional Information:
Source Context system_u:system_r:local_login_t:s0-s0:c0.c1023
Target Context system_u:object_r:usr_t:s0
Target Objects /opt/BitDefender/var/tmp/pamNotifyPipe [ fifo_file
                              ]
Source notify_script.s
Source Path /usr/bin/bash
Port <Unknown>
Host (removed)
Source RPM Packages
Target RPM Packages
Policy RPM selinux-policy-3.13.1-166.el7_4.4.noarch
Selinux Enabled True
Policy Type targeted
Enforcing Mode Enforcing
Host Name (removed)
Platform Linux (removed) 3.10.0-693.2.2.el7.x86_64 #1 SMP
                              Tue Sep 12 22:26:13 UTC 2017 x86_64 x86_64
Alert Count 4
First Seen 2017-10-28 13:57:48 CDT
Last Seen 2017-10-28 13:57:48 CDT
Local ID 6fe20871-35b5-4e73-b58e-0ddad3b9e2c0

Raw Audit Messages
type=AVC msg=audit(1509217068.621:155): avc: denied { write } for pid=2595 comm="notify_script.s" name="pamNotifyPipe" dev="dm-0" ino=539008746 scontext=system_u:system_r:local_login_t:s0-s0:c0.c1023 tcontext=system_u:object_r:usr_t:s0 tclass=fifo_file


Hash: notify_script.s,local_login_t,usr_t,fifo_file,write

Version-Release number of selected component:
selinux-policy-3.13.1-166.el7_4.4.noarch
Additional Informationreporter: libreport-2.1.11.1
hashmarkername: setroubleshoot
kernel: 3.10.0-693.el7.x86_64
reproducible: Not sure how to reproduce the problem
type: libreport
TagsNo tags attached.
abrt_hasha508091dc3f340dad95eef41e4eac78a420ea954a999629c7abb74c95f3f6015
URL

Activities

TrevorH

TrevorH

2018-09-05 15:22

manager   ~0032654

This doesn't look like a bug in CentOS to me. It looks like a file in an unknown location is being used and selinux is stopping it. Try using our wiki article to set up a rule using the semanage command to set the target file's context to something useful.

Useful resources for SELinux: http://wiki.centos.org/HowTos/SELinux | http://wiki.centos.org/TipsAndTricks/SelinuxBooleans | http://docs.fedoraproject.org/en-US/Fedora/13/html/Security-Enhanced_Linux/ | http://www.youtube.com/watch?v=bQqX3RWn0Yw | http://opensource.com/business/13/11/selinux-policy-guide | http://freecomputerbooks.com/The-SELinux-Notebook-The-Foundations.html

Issue History

Date Modified Username Field Change
2018-09-05 15:18 reyesgarciacortes New Issue
2018-09-05 15:22 TrevorH Note Added: 0032654