View Issue Details

IDProjectCategoryView StatusLast Update
0015487CentOS-7selinux-policypublic2020-07-10 10:24
Reportercarpi031 Assigned To 
PrioritynormalSeverityminorReproducibilityhave not tried
Status newResolutionopen 
OS Version7 
Summary0015487: SELinux is preventing /usr/bin/gnome-shell from using the 'getattr' accesses on a process.
DescriptionDescription of problem:
SELinux is preventing /usr/bin/gnome-shell from using the 'getattr' accesses on a process.

***** Plugin catchall (100. confidence) suggests **************************

Si vous pensez que gnome-shell devrait être autorisé à accéder getattr sur les processus étiquetés xserver_t par défaut.
Then vous devriez rapporter ceci en tant qu'anomalie.
Vous pouvez générer un module de stratégie local pour autoriser cet accès.
autoriser cet accès pour le moment en exécutant :
# ausearch -c "gnome-shell" --raw | audit2allow -M my-gnomeshell
# semodule -X 300 -i my-gnomeshell.pp

Additional Information:
Source Context system_u:system_r:xdm_t:s0-s0:c0.c1023
Target Context system_u:system_r:xserver_t:s0-s0:c0.c1023
Target Objects Unknown [ process ]
Source gnome-shell
Source Path /usr/bin/gnome-shell
Port <Unknown>
Host (removed)
Source RPM Packages gnome-shell-3.26.2-5.el7.x86_64
Target RPM Packages
Policy RPM selinux-policy-3.13.1-192.el7_5.6.noarch
Selinux Enabled True
Policy Type targeted
Enforcing Mode Enforcing
Host Name (removed)
Platform Linux (removed) 3.10.0-862.14.4.el7.x86_64 #1 SMP
                              Wed Sep 26 15:12:11 UTC 2018 x86_64 x86_64
Alert Count 2
First Seen 2018-11-24 02:11:17 CET
Last Seen 2018-11-24 03:18:19 CET
Local ID 6d8f0343-aa99-4dd0-b139-6a28622d38f7

Raw Audit Messages
type=AVC msg=audit(1543025899.407:949): avc: denied { getattr } for pid=2152 comm="gnome-shell" scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:system_r:xserver_t:s0-s0:c0.c1023 tclass=process

type=SYSCALL msg=audit(1543025899.407:949): arch=x86_64 syscall=read success=no exit=EACCES a0=25 a1=7ffc29f9f550 a2=1000 a3=22 items=0 ppid=2073 pid=2152 auid=4294967295 uid=42 gid=42 euid=42 suid=42 fsuid=42 egid=42 sgid=42 fsgid=42 tty=(none) ses=4294967295 comm=gnome-shell exe=/usr/bin/gnome-shell subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 key=(null)

Hash: gnome-shell,xdm_t,xserver_t,process,getattr

Version-Release number of selected component:
Additional Informationreporter: libreport-
hashmarkername: setroubleshoot
kernel: 3.10.0-862.14.4.el7.x86_64
reproducible: Not sure how to reproduce the problem
type: libreport
TagsNo tags attached.




2020-07-10 10:24

reporter   ~0037351

Another user experienced a similar problem:

right after system reboot installing latest updates.

reporter: libreport-
hashmarkername: setroubleshoot
kernel: 3.10.0-1127.13.1.el7.x86_64
package: selinux-policy-3.13.1-266.el7_8.1.noarch
reason: SELinux is preventing gnome-shell from using the 'getattr' accesses on a process.
reproducible: Not sure how to reproduce the problem
type: libreport

Issue History

Date Modified Username Field Change
2018-11-24 02:50 carpi031 New Issue
2020-07-10 10:24 tdoczkal Note Added: 0037351