View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0015487 | CentOS-7 | selinux-policy | public | 2018-11-24 02:50 | 2020-07-10 10:24 |
Reporter | carpi031 | Assigned To | |||
Priority | normal | Severity | minor | Reproducibility | have not tried |
Status | new | Resolution | open | ||
OS Version | 7 | ||||
Summary | 0015487: SELinux is preventing /usr/bin/gnome-shell from using the 'getattr' accesses on a process. | ||||
Description | Description of problem: SELinux is preventing /usr/bin/gnome-shell from using the 'getattr' accesses on a process. ***** Plugin catchall (100. confidence) suggests ************************** Si vous pensez que gnome-shell devrait être autorisé à accéder getattr sur les processus étiquetés xserver_t par défaut. Then vous devriez rapporter ceci en tant qu'anomalie. Vous pouvez générer un module de stratégie local pour autoriser cet accès. Do autoriser cet accès pour le moment en exécutant : # ausearch -c "gnome-shell" --raw | audit2allow -M my-gnomeshell # semodule -X 300 -i my-gnomeshell.pp Additional Information: Source Context system_u:system_r:xdm_t:s0-s0:c0.c1023 Target Context system_u:system_r:xserver_t:s0-s0:c0.c1023 Target Objects Unknown [ process ] Source gnome-shell Source Path /usr/bin/gnome-shell Port <Unknown> Host (removed) Source RPM Packages gnome-shell-3.26.2-5.el7.x86_64 Target RPM Packages Policy RPM selinux-policy-3.13.1-192.el7_5.6.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 3.10.0-862.14.4.el7.x86_64 #1 SMP Wed Sep 26 15:12:11 UTC 2018 x86_64 x86_64 Alert Count 2 First Seen 2018-11-24 02:11:17 CET Last Seen 2018-11-24 03:18:19 CET Local ID 6d8f0343-aa99-4dd0-b139-6a28622d38f7 Raw Audit Messages type=AVC msg=audit(1543025899.407:949): avc: denied { getattr } for pid=2152 comm="gnome-shell" scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:system_r:xserver_t:s0-s0:c0.c1023 tclass=process type=SYSCALL msg=audit(1543025899.407:949): arch=x86_64 syscall=read success=no exit=EACCES a0=25 a1=7ffc29f9f550 a2=1000 a3=22 items=0 ppid=2073 pid=2152 auid=4294967295 uid=42 gid=42 euid=42 suid=42 fsuid=42 egid=42 sgid=42 fsgid=42 tty=(none) ses=4294967295 comm=gnome-shell exe=/usr/bin/gnome-shell subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 key=(null) Hash: gnome-shell,xdm_t,xserver_t,process,getattr Version-Release number of selected component: selinux-policy-3.13.1-192.el7_5.6.noarch | ||||
Additional Information | reporter: libreport-2.1.11.1 hashmarkername: setroubleshoot kernel: 3.10.0-862.14.4.el7.x86_64 reproducible: Not sure how to reproduce the problem type: libreport | ||||
Tags | No tags attached. | ||||
abrt_hash | dfbe07e2f3d5dce79669bc26e4fe395a1a68432c2ad3a260ac9d65a4d9405f11 | ||||
URL | |||||
Another user experienced a similar problem: right after system reboot installing latest updates. reporter: libreport-2.1.11.1 hashmarkername: setroubleshoot kernel: 3.10.0-1127.13.1.el7.x86_64 package: selinux-policy-3.13.1-266.el7_8.1.noarch reason: SELinux is preventing gnome-shell from using the 'getattr' accesses on a process. reproducible: Not sure how to reproduce the problem type: libreport |
|