View Issue Details

IDProjectCategoryView StatusLast Update
0015455CentOS-7selinux-policypublic2019-09-10 11:56
PrioritynormalSeverityminorReproducibilityhave not tried
Status newResolutionopen 
PlatformOSOS Version7
Product Version 
Target VersionFixed in Version 
Summary0015455: SELinux is preventing /usr/libexec/abrt-hook-ccpp from 'sys_ptrace' accesses on the cap_userns Unknown.
DescriptionDescription of problem:
SELinux is preventing /usr/libexec/abrt-hook-ccpp from 'sys_ptrace' accesses on the cap_userns Unknown.

***** Plugin catchall (100. confidence) suggests **************************

If you believe that abrt-hook-ccpp should be allowed sys_ptrace access on the Unknown cap_userns by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
allow this access for now by executing:
# ausearch -c 'abrt-hook-ccpp' --raw | audit2allow -M my-abrthookccpp
# semodule -i my-abrthookccpp.pp

Additional Information:
Source Context system_u:system_r:abrt_dump_oops_t:s0
Target Context system_u:system_r:abrt_dump_oops_t:s0
Target Objects Unknown [ cap_userns ]
Source abrt-hook-ccpp
Source Path /usr/libexec/abrt-hook-ccpp
Port <Unknown>
Host (removed)
Source RPM Packages abrt-addon-ccpp-2.1.11-50.el7.centos.x86_64
Target RPM Packages
Policy RPM selinux-policy-3.13.1-192.el7_5.6.noarch
Selinux Enabled True
Policy Type targeted
Enforcing Mode Enforcing
Host Name (removed)
Platform Linux (removed) 4.19.1-1.el7.elrepo.x86_64 #1 SMP
                              Sun Nov 4 18:04:04 EST 2018 x86_64 x86_64
Alert Count 5
First Seen 2018-11-10 16:01:18 PST
Last Seen 2018-11-10 16:01:18 PST
Local ID eea063b6-3c8b-425f-8115-622b4ea1595e

Raw Audit Messages
type=AVC msg=audit(1541894478.917:566): avc: denied { sys_ptrace } for pid=1540 comm="abrt-hook-ccpp" capability=19 scontext=system_u:system_r:abrt_dump_oops_t:s0 tcontext=system_u:system_r:abrt_dump_oops_t:s0 tclass=cap_userns permissive=0

type=SYSCALL msg=audit(1541894478.917:566): arch=x86_64 syscall=readlink success=no exit=EACCES a0=7fff7478c2a0 a1=7fff7478a0d0 a2=1000 a3=22 items=0 ppid=2 pid=1540 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=abrt-hook-ccpp exe=/usr/libexec/abrt-hook-ccpp subj=system_u:system_r:abrt_dump_oops_t:s0 key=(null)

Hash: abrt-hook-ccpp,abrt_dump_oops_t,abrt_dump_oops_t,cap_userns,sys_ptrace

Version-Release number of selected component:
Additional Informationreporter: libreport-
hashmarkername: setroubleshoot
kernel: 4.19.1-1.el7.elrepo.x86_64
reproducible: Not sure how to reproduce the problem
type: libreport
TagsNo tags attached.




2019-09-10 11:56

reporter   ~0035085

Another user experienced a similar problem:

This issue occured when force quitting an unresponsive firefox. Firefox became unresponsive, the system asked if I wished to wait or force quit, on selecting force quit, the denial happened.

reporter: libreport-
hashmarkername: setroubleshoot
kernel: 5.2.11-1.el7.elrepo.x86_64
package: selinux-policy-3.13.1-229.el7_6.15.noarch
reason: SELinux is preventing abrt-hook-ccpp from 'sys_ptrace' accesses on the cap_userns labeled abrt_dump_oops_t.
reproducible: Not sure how to reproduce the problem
type: libreport

Issue History

Date Modified Username Field Change
2018-11-11 00:12 zethan191 New Issue
2019-09-10 11:56 denvalk Note Added: 0035085