View Issue Details

IDProjectCategoryView StatusLast Update
0015865CentOS-7selinux-policypublic2019-02-23 17:09
Reporterwrthissell 
PrioritynormalSeverityminorReproducibilityhave not tried
Status newResolutionopen 
PlatformOSOS Version7
Product Version 
Target VersionFixed in Version 
Summary0015865: SELinux is preventing /usr/libexec/gstreamer-1.0/gst-plugin-scanner from using the 'execstack' accesses on a process.
DescriptionDescription of problem:
SELinux is preventing /usr/libexec/gstreamer-1.0/gst-plugin-scanner from using the 'execstack' accesses on a process.

***** Plugin catchall (100. confidence) suggests **************************

If you believe that gst-plugin-scanner should be allowed execstack access on processes labeled thumb_t by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# ausearch -c 'gst-plugin-scan' --raw | audit2allow -M my-gstpluginscan
# semodule -i my-gstpluginscan.pp

Additional Information:
Source Context unconfined_u:unconfined_r:thumb_t:s0-s0:c0.c1023
Target Context unconfined_u:unconfined_r:thumb_t:s0-s0:c0.c1023
Target Objects Unknown [ process ]
Source gst-plugin-scan
Source Path /usr/libexec/gstreamer-1.0/gst-plugin-scanner
Port <Unknown>
Host (removed)
Source RPM Packages gstreamer1-1.10.4-2.el7.x86_64
Target RPM Packages
Policy RPM selinux-policy-3.13.1-229.el7_6.9.noarch
Selinux Enabled True
Policy Type targeted
Enforcing Mode Permissive
Host Name (removed)
Platform Linux (removed) 4.20.7-1.el7.elrepo.x86_64 #1 SMP
                              Wed Feb 6 13:17:46 EST 2019 x86_64 x86_64
Alert Count 1
First Seen 2019-02-23 11:41:32 EST
Last Seen 2019-02-23 11:41:32 EST
Local ID 420f4f43-0f45-4556-bbd3-fa6f22ce47a1

Raw Audit Messages
type=AVC msg=audit(1550940092.935:61536): avc: denied { execstack } for pid=14270 comm="gst-plugin-scan" scontext=unconfined_u:unconfined_r:thumb_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:thumb_t:s0-s0:c0.c1023 tclass=process permissive=1


type=SYSCALL msg=audit(1550940092.935:61536): arch=x86_64 syscall=mprotect success=yes exit=0 a0=7fff7181b000 a1=1000 a2=1000007 a3=0 items=0 ppid=14269 pid=14270 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=(none) ses=1 comm=gst-plugin-scan exe=/usr/libexec/gstreamer-1.0/gst-plugin-scanner subj=unconfined_u:unconfined_r:thumb_t:s0-s0:c0.c1023 key=(null)

Hash: gst-plugin-scan,thumb_t,thumb_t,process,execstack

Version-Release number of selected component:
selinux-policy-3.13.1-229.el7_6.9.noarch
Additional Informationreporter: libreport-2.1.11.1
hashmarkername: setroubleshoot
kernel: 4.20.7-1.el7.elrepo.x86_64
reproducible: Not sure how to reproduce the problem
type: libreport
TagsNo tags attached.
abrt_hash34586d6526e118d7d64e74276e2330781a1ae2eb073d7f4b9861c70f24eee77e
URL

Activities

There are no notes attached to this issue.

Issue History

Date Modified Username Field Change
2019-02-23 17:09 wrthissell New Issue