View Issue Details

IDProjectCategoryView StatusLast Update
0015861CentOS-7selinux-policypublic2019-02-23 01:15
Reporterwrthissell 
PrioritynormalSeverityminorReproducibilityhave not tried
Status newResolutionopen 
PlatformOSOS Version7
Product Version 
Target VersionFixed in Version 
Summary0015861: SELinux is preventing /usr/bin/python2.7 from 'read' accesses on the directory /root/.local/lib/python2.7/site-packages.
DescriptionDescription of problem:
SELinux is preventing /usr/bin/python2.7 from 'read' accesses on the directory /root/.local/lib/python2.7/site-packages.

***** Plugin catchall (100. confidence) suggests **************************

If you believe that python2.7 should be allowed read access on the site-packages directory by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# ausearch -c 'rhsmcertd-worke' --raw | audit2allow -M my-rhsmcertdworke
# semodule -i my-rhsmcertdworke.pp

Additional Information:
Source Context system_u:system_r:rhsmcertd_t:s0
Target Context unconfined_u:object_r:gconf_home_t:s0
Target Objects /root/.local/lib/python2.7/site-packages [ dir ]
Source rhsmcertd-worke
Source Path /usr/bin/python2.7
Port <Unknown>
Host (removed)
Source RPM Packages python-2.7.5-76.el7.x86_64
Target RPM Packages
Policy RPM selinux-policy-3.13.1-229.el7_6.9.noarch
Selinux Enabled True
Policy Type targeted
Enforcing Mode Permissive
Host Name (removed)
Platform Linux (removed) 4.20.7-1.el7.elrepo.x86_64 #1 SMP
                              Wed Feb 6 13:17:46 EST 2019 x86_64 x86_64
Alert Count 4
First Seen 2019-02-21 05:28:38 EST
Last Seen 2019-02-22 18:48:20 EST
Local ID e449fd2e-20dc-4abb-b824-4f6db4f1c350

Raw Audit Messages
type=AVC msg=audit(1550879300.710:1657765): avc: denied { read } for pid=20051 comm="rhsmcertd-worke" name="site-packages" dev="dm-0" ino=56058453 scontext=system_u:system_r:rhsmcertd_t:s0 tcontext=unconfined_u:object_r:gconf_home_t:s0 tclass=dir permissive=1


type=SYSCALL msg=audit(1550879300.710:1657765): arch=x86_64 syscall=openat success=yes exit=EIO a0=ffffffffffffff9c a1=d51f40 a2=90800 a3=0 items=1 ppid=12968 pid=20051 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=rhsmcertd-worke exe=/usr/bin/python2.7 subj=system_u:system_r:rhsmcertd_t:s0 key=(null)

type=CWD msg=audit(1550879300.710:1657765): cwd=/

type=PATH msg=audit(1550879300.710:1657765): item=0 name=/root/.local/lib/python2.7/site-packages inode=56058453 dev=fd:00 mode=040700 ouid=0 ogid=0 rdev=00:00 obj=unconfined_u:object_r:gconf_home_t:s0 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0

Hash: rhsmcertd-worke,rhsmcertd_t,gconf_home_t,dir,read

Version-Release number of selected component:
selinux-policy-3.13.1-229.el7_6.9.noarch
Additional Informationreporter: libreport-2.1.11.1
hashmarkername: setroubleshoot
kernel: 4.20.7-1.el7.elrepo.x86_64
reproducible: Not sure how to reproduce the problem
type: libreport
TagsNo tags attached.
abrt_hashde0ab578ec3d01cc08d243af9fb43b92a9a0b93f23e59247ca379880b331b365
URL

Activities

There are no notes attached to this issue.

Issue History

Date Modified Username Field Change
2019-02-23 01:15 wrthissell New Issue