View Issue Details

IDProjectCategoryView StatusLast Update
0015487CentOS-7selinux-policypublic2020-07-10 10:24
Reportercarpi031 
PrioritynormalSeverityminorReproducibilityhave not tried
Status newResolutionopen 
PlatformOSOS Version7
Product Version 
Target VersionFixed in Version 
Summary0015487: SELinux is preventing /usr/bin/gnome-shell from using the 'getattr' accesses on a process.
DescriptionDescription of problem:
SELinux is preventing /usr/bin/gnome-shell from using the 'getattr' accesses on a process.

***** Plugin catchall (100. confidence) suggests **************************

Si vous pensez que gnome-shell devrait être autorisé à accéder getattr sur les processus étiquetés xserver_t par défaut.
Then vous devriez rapporter ceci en tant qu'anomalie.
Vous pouvez générer un module de stratégie local pour autoriser cet accès.
Do
autoriser cet accès pour le moment en exécutant :
# ausearch -c "gnome-shell" --raw | audit2allow -M my-gnomeshell
# semodule -X 300 -i my-gnomeshell.pp

Additional Information:
Source Context system_u:system_r:xdm_t:s0-s0:c0.c1023
Target Context system_u:system_r:xserver_t:s0-s0:c0.c1023
Target Objects Unknown [ process ]
Source gnome-shell
Source Path /usr/bin/gnome-shell
Port <Unknown>
Host (removed)
Source RPM Packages gnome-shell-3.26.2-5.el7.x86_64
Target RPM Packages
Policy RPM selinux-policy-3.13.1-192.el7_5.6.noarch
Selinux Enabled True
Policy Type targeted
Enforcing Mode Enforcing
Host Name (removed)
Platform Linux (removed) 3.10.0-862.14.4.el7.x86_64 #1 SMP
                              Wed Sep 26 15:12:11 UTC 2018 x86_64 x86_64
Alert Count 2
First Seen 2018-11-24 02:11:17 CET
Last Seen 2018-11-24 03:18:19 CET
Local ID 6d8f0343-aa99-4dd0-b139-6a28622d38f7

Raw Audit Messages
type=AVC msg=audit(1543025899.407:949): avc: denied { getattr } for pid=2152 comm="gnome-shell" scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:system_r:xserver_t:s0-s0:c0.c1023 tclass=process


type=SYSCALL msg=audit(1543025899.407:949): arch=x86_64 syscall=read success=no exit=EACCES a0=25 a1=7ffc29f9f550 a2=1000 a3=22 items=0 ppid=2073 pid=2152 auid=4294967295 uid=42 gid=42 euid=42 suid=42 fsuid=42 egid=42 sgid=42 fsgid=42 tty=(none) ses=4294967295 comm=gnome-shell exe=/usr/bin/gnome-shell subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 key=(null)

Hash: gnome-shell,xdm_t,xserver_t,process,getattr

Version-Release number of selected component:
selinux-policy-3.13.1-192.el7_5.6.noarch
Additional Informationreporter: libreport-2.1.11.1
hashmarkername: setroubleshoot
kernel: 3.10.0-862.14.4.el7.x86_64
reproducible: Not sure how to reproduce the problem
type: libreport
TagsNo tags attached.
abrt_hashdfbe07e2f3d5dce79669bc26e4fe395a1a68432c2ad3a260ac9d65a4d9405f11
URL

Activities

tdoczkal

tdoczkal

2020-07-10 10:24

reporter   ~0037351

Another user experienced a similar problem:

right after system reboot installing latest updates.

reporter: libreport-2.1.11.1
hashmarkername: setroubleshoot
kernel: 3.10.0-1127.13.1.el7.x86_64
package: selinux-policy-3.13.1-266.el7_8.1.noarch
reason: SELinux is preventing gnome-shell from using the 'getattr' accesses on a process.
reproducible: Not sure how to reproduce the problem
type: libreport

Issue History

Date Modified Username Field Change
2018-11-24 02:50 carpi031 New Issue
2020-07-10 10:24 tdoczkal Note Added: 0037351