View Issue Details

IDProjectCategoryView StatusLast Update
0015876CentOS-7selinux-policypublic2019-02-26 20:33
Reportercgreen1124 
PrioritynormalSeverityminorReproducibilityhave not tried
Status newResolutionopen 
PlatformOSOS Version7
Product Version 
Target VersionFixed in Version 
Summary0015876: SELinux is preventing /usr/lib/cups/backend/tpvmlp from 'search' accesses on the directory /etc/vmware-tools.
DescriptionDescription of problem:
SELinux is preventing /usr/lib/cups/backend/tpvmlp from search access on the directory /etc/vmware-tools.

Plugin: catchall
SELinux denied access requested by tpvmlp. It is not expected that this access
is required by tpvmlp and this access may signal an intrusion attempt. It is
also possible that the specific version or configuration of the application is
causing it to require additional access.

If you believe that tpvmlp should be allowed search access on the vmware-tools directory by default.
You should report this as a bug.
You can generate a local policy module to allow this access.
Allow this access for now by executing:
# ausearch -c 'tpvmlp' --raw | audit2allow -M my-tpvmlp
# semodule -i my-tpvmlp.pp
SELinux is preventing /usr/lib/cups/backend/tpvmlp from 'search' accesses on the directory /etc/vmware-tools.

***** Plugin catchall (100. confidence) suggests **************************

If you believe that tpvmlp should be allowed search access on the vmware-tools directory by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# ausearch -c 'tpvmlp' --raw | audit2allow -M my-tpvmlp
# semodule -i my-tpvmlp.pp

Additional Information:
Source Context system_u:system_r:cupsd_t:s0-s0:c0.c1023
Target Context system_u:object_r:vmtools_unconfined_exec_t:s0
Target Objects /etc/vmware-tools [ dir ]
Source tpvmlp
Source Path /usr/lib/cups/backend/tpvmlp
Port <Unknown>
Host (removed)
Source RPM Packages
Target RPM Packages open-vm-tools-10.2.5-3.el7.x86_64
Policy RPM selinux-policy-3.13.1-229.el7_6.9.noarch
Selinux Enabled True
Policy Type targeted
Enforcing Mode Enforcing
Host Name (removed)
Platform Linux (removed) 3.10.0-957.5.1.el7.x86_64 #1 SMP
                              Fri Feb 1 14:54:57 UTC 2019 x86_64 x86_64
Alert Count 229
First Seen 2019-02-26 14:58:54 EST
Last Seen 2019-02-26 15:32:22 EST
Local ID 8cc7ec59-0922-4761-ad2e-c28fbc378044

Raw Audit Messages
type=AVC msg=audit(1551213142.378:1287): avc: denied { search } for pid=59506 comm="tpvmgp" name="vmware-tools" dev="dm-0" ino=1137574 scontext=system_u:system_r:cupsd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:vmtools_unconfined_exec_t:s0 tclass=dir permissive=0


Hash: tpvmlp,cupsd_t,vmtools_unconfined_exec_t,dir,search

Version-Release number of selected component:
selinux-policy-3.13.1-229.el7_6.9.noarch
Additional Informationreporter: libreport-2.1.11.1
hashmarkername: setroubleshoot
kernel: 3.10.0-957.5.1.el7.x86_64
reproducible: Not sure how to reproduce the problem
type: libreport
TagsNo tags attached.
abrt_hash67bf60f1258daa231bd50e09d6835ab304ae14a83d636db620c254cbb7b61633
URL

Activities

There are no notes attached to this issue.

Issue History

Date Modified Username Field Change
2019-02-26 20:33 cgreen1124 New Issue