View Issue Details

IDProjectCategoryView StatusLast Update
0015714CentOS-7selinux-policypublic2019-01-16 12:30
Reporterdaroheroc 
PrioritynormalSeverityminorReproducibilityhave not tried
Status newResolutionopen 
PlatformOSOS Version7
Product Version 
Target VersionFixed in Version 
Summary0015714: SELinux is preventing /usr/bin/spamc from 'read' accesses on the memoria compartida labeled unconfined_service_t.
DescriptionDescription of problem:
SELinux is preventing /usr/bin/spamc from 'read' accesses on the memoria compartida labeled unconfined_service_t.

***** Plugin catchall (100. confidence) suggests **************************

Si cree que de manera predeterminada se debería permitir a spamc el acceso read sobre shm etiquetados como unconfined_service_t.
Then debería reportar esto como un error.
Puede generar un módulo de política local para permitir este acceso.
Do
permita el acceso temporalmente ejecutando:
# ausearch -c 'spamc' --raw | audit2allow -M mi-spamc
# semodule -i mi-spamc.pp

Additional Information:
Source Context system_u:system_r:spamc_t:s0
Target Context system_u:system_r:unconfined_service_t:s0
Target Objects Unknown [ shm ]
Source spamc
Source Path /usr/bin/spamc
Port <Unknown>
Host (removed)
Source RPM Packages spamassassin-3.4.0-4.el7_5.x86_64
Target RPM Packages
Policy RPM selinux-policy-3.13.1-229.el7_6.6.noarch
Selinux Enabled True
Policy Type targeted
Enforcing Mode Permissive
Host Name (removed)
Platform Linux (removed) 3.10.0-957.1.3.el7.x86_64 #1 SMP
                              Thu Nov 29 14:49:43 UTC 2018 x86_64 x86_64
Alert Count 1
First Seen 2019-01-16 13:26:41 CET
Last Seen 2019-01-16 13:26:41 CET
Local ID 91e763c0-e5f4-4e5a-ac7e-584c975683c2

Raw Audit Messages
type=AVC msg=audit(1547641601.943:297760): avc: denied { read } for pid=82923 comm="spamc" key=838875571 scontext=system_u:system_r:spamc_t:s0 tcontext=system_u:system_r:unconfined_service_t:s0 tclass=shm permissive=1


type=AVC msg=audit(1547641601.943:297760): avc: denied { read } for pid=82923 comm="spamc" path=2F535953563332303033396233202864656C6574656429 dev="tmpfs" ino=0 scontext=system_u:system_r:spamc_t:s0 tcontext=system_u:object_r:tmpfs_t:s0 tclass=file permissive=1


type=SYSCALL msg=audit(1547641601.943:297760): arch=x86_64 syscall=shmat success=yes exit=139908526686208 a0=0 a1=0 a2=1000 a3=7ffd3be56160 items=0 ppid=82922 pid=82923 auid=4294967295 uid=30 gid=30 euid=30 suid=30 fsuid=30 egid=30 sgid=30 fsgid=30 tty=(none) ses=4294967295 comm=spamc exe=/usr/bin/spamc subj=system_u:system_r:spamc_t:s0 key=(null)

Hash: spamc,spamc_t,unconfined_service_t,shm,read

Version-Release number of selected component:
selinux-policy-3.13.1-229.el7_6.6.noarch
Additional Informationreporter: libreport-2.1.11.1
hashmarkername: setroubleshoot
kernel: 3.10.0-957.1.3.el7.x86_64
reproducible: Not sure how to reproduce the problem
type: libreport
TagsNo tags attached.
abrt_hasheb7f3f440524621004183d90101039e51156b2ab368cee50ef18c80eaadfdb9a
URL

Activities

There are no notes attached to this issue.

Issue History

Date Modified Username Field Change
2019-01-16 12:30 daroheroc New Issue