View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0015876 | CentOS-7 | selinux-policy | public | 2019-02-26 20:33 | 2019-02-26 20:33 |
| Reporter | cgreen1124 | ||||
| Priority | normal | Severity | minor | Reproducibility | have not tried |
| Status | new | Resolution | open | ||
| Platform | OS | OS Version | 7 | ||
| Product Version | |||||
| Target Version | Fixed in Version | ||||
| Summary | 0015876: SELinux is preventing /usr/lib/cups/backend/tpvmlp from 'search' accesses on the directory /etc/vmware-tools. | ||||
| Description | Description of problem: SELinux is preventing /usr/lib/cups/backend/tpvmlp from search access on the directory /etc/vmware-tools. Plugin: catchall SELinux denied access requested by tpvmlp. It is not expected that this access is required by tpvmlp and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. If you believe that tpvmlp should be allowed search access on the vmware-tools directory by default. You should report this as a bug. You can generate a local policy module to allow this access. Allow this access for now by executing: # ausearch -c 'tpvmlp' --raw | audit2allow -M my-tpvmlp # semodule -i my-tpvmlp.pp SELinux is preventing /usr/lib/cups/backend/tpvmlp from 'search' accesses on the directory /etc/vmware-tools. ***** Plugin catchall (100. confidence) suggests ************************** If you believe that tpvmlp should be allowed search access on the vmware-tools directory by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # ausearch -c 'tpvmlp' --raw | audit2allow -M my-tpvmlp # semodule -i my-tpvmlp.pp Additional Information: Source Context system_u:system_r:cupsd_t:s0-s0:c0.c1023 Target Context system_u:object_r:vmtools_unconfined_exec_t:s0 Target Objects /etc/vmware-tools [ dir ] Source tpvmlp Source Path /usr/lib/cups/backend/tpvmlp Port <Unknown> Host (removed) Source RPM Packages Target RPM Packages open-vm-tools-10.2.5-3.el7.x86_64 Policy RPM selinux-policy-3.13.1-229.el7_6.9.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 3.10.0-957.5.1.el7.x86_64 #1 SMP Fri Feb 1 14:54:57 UTC 2019 x86_64 x86_64 Alert Count 229 First Seen 2019-02-26 14:58:54 EST Last Seen 2019-02-26 15:32:22 EST Local ID 8cc7ec59-0922-4761-ad2e-c28fbc378044 Raw Audit Messages type=AVC msg=audit(1551213142.378:1287): avc: denied { search } for pid=59506 comm="tpvmgp" name="vmware-tools" dev="dm-0" ino=1137574 scontext=system_u:system_r:cupsd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:vmtools_unconfined_exec_t:s0 tclass=dir permissive=0 Hash: tpvmlp,cupsd_t,vmtools_unconfined_exec_t,dir,search Version-Release number of selected component: selinux-policy-3.13.1-229.el7_6.9.noarch | ||||
| Additional Information | reporter: libreport-2.1.11.1 hashmarkername: setroubleshoot kernel: 3.10.0-957.5.1.el7.x86_64 reproducible: Not sure how to reproduce the problem type: libreport | ||||
| Tags | No tags attached. | ||||
| abrt_hash | 67bf60f1258daa231bd50e09d6835ab304ae14a83d636db620c254cbb7b61633 | ||||
| URL | |||||
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2019-02-26 20:33 | cgreen1124 | New Issue |
