View Issue Details

IDProjectCategoryView StatusLast Update
0015641CentOS-7selinux-policypublic2018-12-26 05:24
Reportertester2 
PrioritynormalSeverityminorReproducibilityhave not tried
Status newResolutionopen 
PlatformOSOS Version7
Product Version 
Target VersionFixed in Version 
Summary0015641: SELinux is preventing /usr/lib64/tumbler-1/tumblerd from 'write' accesses on the directory normal.
DescriptionDescription of problem:
SELinux is preventing /usr/lib64/tumbler-1/tumblerd from 'write' accesses on the directory normal.

***** Plugin catchall (100. confidence) suggests **************************

If you believe that tumblerd should be allowed write access on the normal directory by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# ausearch -c 'pool' --raw | audit2allow -M my-pool
# semodule -i my-pool.pp

Additional Information:
Source Context unconfined_u:unconfined_r:thumb_t:s0-s0:c0.c1023
Target Context unconfined_u:object_r:user_home_t:s0
Target Objects normal [ dir ]
Source pool
Source Path /usr/lib64/tumbler-1/tumblerd
Port <Unknown>
Host (removed)
Source RPM Packages tumbler-0.1.31-2.el7.x86_64
Target RPM Packages
Policy RPM selinux-policy-3.13.1-229.el7_6.6.noarch
Selinux Enabled True
Policy Type targeted
Enforcing Mode Enforcing
Host Name (removed)
Platform Linux (removed) 3.10.0-957.1.3.el7.x86_64 #1 SMP
                              Thu Nov 29 14:49:43 UTC 2018 x86_64 x86_64
Alert Count 1
First Seen 2018-12-26 06:12:41 CET
Last Seen 2018-12-26 06:12:41 CET
Local ID e08fe1b3-e2ad-4207-bee0-dbb59b687be1

Raw Audit Messages
type=AVC msg=audit(1545801161.873:2091): avc: denied { write } for pid=4098 comm="pool" name="normal" dev="sda7" ino=1610614086 scontext=unconfined_u:unconfined_r:thumb_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=dir permissive=0


type=SYSCALL msg=audit(1545801161.873:2091): arch=x86_64 syscall=unlink success=no exit=EACCES a0=7f7090001220 a1=0 a2=0 a3=0 items=0 ppid=1 pid=4098 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=(none) ses=166 comm=pool exe=/usr/lib64/tumbler-1/tumblerd subj=unconfined_u:unconfined_r:thumb_t:s0-s0:c0.c1023 key=(null)

Hash: pool,thumb_t,user_home_t,dir,write

Version-Release number of selected component:
selinux-policy-3.13.1-229.el7_6.6.noarch
Additional Informationreporter: libreport-2.1.11.1
hashmarkername: setroubleshoot
kernel: 3.10.0-957.1.3.el7.x86_64
reproducible: Not sure how to reproduce the problem
type: libreport
TagsNo tags attached.
abrt_hashf4b0b98d7997d7cfa485976a8d5f5a1b3bdea71e4abf303cce7c3f5c04706dac
URL

Activities

tester2

tester2

2018-12-26 05:20

reporter   ~0033457

Another user experienced a similar problem:

It happens every time I delete a .png file in $HOME/Pictures/

reporter: libreport-2.1.11.1
hashmarkername: setroubleshoot
kernel: 3.10.0-957.1.3.el7.x86_64
package: selinux-policy-3.13.1-229.el7_6.6.noarch
reason: SELinux is preventing /usr/lib64/tumbler-1/tumblerd from 'write' accesses on the directory large.
reproducible: Not sure how to reproduce the problem
type: libreport
tester2

tester2

2018-12-26 05:24

reporter   ~0033459

Another user experienced a similar problem:

Exception: When the file is created very shortly before deletion - in that case this alert does not show up.

reporter: libreport-2.1.11.1
hashmarkername: setroubleshoot
kernel: 3.10.0-957.1.3.el7.x86_64
package: selinux-policy-3.13.1-229.el7_6.6.noarch
reason: SELinux is preventing /usr/lib64/tumbler-1/tumblerd from 'write' accesses on the directory normal.
reproducible: Not sure how to reproduce the problem
type: libreport

Issue History

Date Modified Username Field Change
2018-12-26 05:13 tester2 New Issue
2018-12-26 05:20 tester2 Note Added: 0033457
2018-12-26 05:24 tester2 Note Added: 0033459