0015487: SELinux is preventing /usr/bin/gnome-shell from using the 'getattr' accesses on a process. - CentOS Bug Tracker

ID	Project	Category	View Status	Date Submitted	Last Update

0015487	CentOS-7	selinux-policy	public	2018-11-24 02:50	2020-07-10 10:24

Reporter	carpi031
Priority	normal	Severity	minor	Reproducibility	have not tried
Status	new	Resolution	open
Platform		OS		OS Version	7
Product Version
Target Version		Fixed in Version

Summary	0015487: SELinux is preventing /usr/bin/gnome-shell from using the 'getattr' accesses on a process.
Description	Description of problem: SELinux is preventing /usr/bin/gnome-shell from using the 'getattr' accesses on a process. *** Plugin catchall (100. confidence) suggests ************************ Si vous pensez que gnome-shell devrait être autorisé à accéder getattr sur les processus étiquetés xserver_t par défaut. Then vous devriez rapporter ceci en tant qu'anomalie. Vous pouvez générer un module de stratégie local pour autoriser cet accès. Do autoriser cet accès pour le moment en exécutant : # ausearch -c "gnome-shell" --raw \| audit2allow -M my-gnomeshell # semodule -X 300 -i my-gnomeshell.pp Additional Information: Source Context system_u:system_r:xdm_t:s0-s0:c0.c1023 Target Context system_u:system_r:xserver_t:s0-s0:c0.c1023 Target Objects Unknown [ process ] Source gnome-shell Source Path /usr/bin/gnome-shell Port <Unknown> Host (removed) Source RPM Packages gnome-shell-3.26.2-5.el7.x86_64 Target RPM Packages Policy RPM selinux-policy-3.13.1-192.el7_5.6.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 3.10.0-862.14.4.el7.x86_64 #1 SMP Wed Sep 26 15:12:11 UTC 2018 x86_64 x86_64 Alert Count 2 First Seen 2018-11-24 02:11:17 CET Last Seen 2018-11-24 03:18:19 CET Local ID 6d8f0343-aa99-4dd0-b139-6a28622d38f7 Raw Audit Messages type=AVC msg=audit(1543025899.407:949): avc: denied { getattr } for pid=2152 comm="gnome-shell" scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:system_r:xserver_t:s0-s0:c0.c1023 tclass=process type=SYSCALL msg=audit(1543025899.407:949): arch=x86_64 syscall=read success=no exit=EACCES a0=25 a1=7ffc29f9f550 a2=1000 a3=22 items=0 ppid=2073 pid=2152 auid=4294967295 uid=42 gid=42 euid=42 suid=42 fsuid=42 egid=42 sgid=42 fsgid=42 tty=(none) ses=4294967295 comm=gnome-shell exe=/usr/bin/gnome-shell subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 key=(null) Hash: gnome-shell,xdm_t,xserver_t,process,getattr Version-Release number of selected component: selinux-policy-3.13.1-192.el7_5.6.noarch
Additional Information	reporter: libreport-2.1.11.1 hashmarkername: setroubleshoot kernel: 3.10.0-862.14.4.el7.x86_64 reproducible: Not sure how to reproduce the problem type: libreport
Tags	No tags attached.

abrt_hash	dfbe07e2f3d5dce79669bc26e4fe395a1a68432c2ad3a260ac9d65a4d9405f11
URL

tdoczkal 2020-07-10 10:24 reporter ~0037351	Another user experienced a similar problem: right after system reboot installing latest updates. reporter: libreport-2.1.11.1 hashmarkername: setroubleshoot kernel: 3.10.0-1127.13.1.el7.x86_64 package: selinux-policy-3.13.1-266.el7_8.1.noarch reason: SELinux is preventing gnome-shell from using the 'getattr' accesses on a process. reproducible: Not sure how to reproduce the problem type: libreport

Date Modified	Username	Field	Change
2018-11-24 02:50	carpi031	New Issue
2020-07-10 10:24	tdoczkal	Note Added: 0037351