View Issue Details

IDProjectCategoryView StatusLast Update
0015886CentOS-7selinux-policypublic2019-03-06 04:59
Reporternthiyaga 
PrioritynormalSeverityminorReproducibilityhave not tried
Status newResolutionopen 
PlatformOSOS Version7
Product Version 
Target VersionFixed in Version 
Summary0015886: SELinux is preventing /usr/libexec/geoclue from 'open' accesses on the file /proc/<pid>/cgroup.
DescriptionDescription of problem:
SELinux is preventing /usr/libexec/geoclue from 'open' accesses on the file /proc/<pid>/cgroup.

***** Plugin catchall (100. confidence) suggests **************************

If you believe that geoclue should be allowed open access on the cgroup file by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# ausearch -c 'geoclue' --raw | audit2allow -M my-geoclue
# semodule -i my-geoclue.pp

Additional Information:
Source Context system_u:system_r:geoclue_t:s0
Target Context system_u:system_r:unconfined_service_t:s0
Target Objects /proc/<pid>/cgroup [ file ]
Source geoclue
Source Path /usr/libexec/geoclue
Port <Unknown>
Host (removed)
Source RPM Packages geoclue2-2.4.8-1.el7.x86_64
Target RPM Packages
Policy RPM selinux-policy-3.13.1-229.el7.noarch
Selinux Enabled True
Policy Type targeted
Enforcing Mode Permissive
Host Name (removed)
Platform Linux (removed) 3.10.0-957.el7.x86_64 #1 SMP Thu
                              Nov 8 23:39:32 UTC 2018 x86_64 x86_64
Alert Count 2
First Seen 2019-02-12 19:35:40 UTC
Last Seen 2019-02-12 19:47:28 UTC
Local ID fe612db1-edeb-466e-9dfa-0be60b0e7247

Raw Audit Messages
type=AVC msg=audit(1550000848.602:6913): avc: denied { open } for pid=27348 comm="geoclue" path="/proc/26731/cgroup" dev="proc" ino=184393875 scontext=system_u:system_r:geoclue_t:s0 tcontext=system_u:system_r:unconfined_service_t:s0 tclass=file permissive=1


type=SYSCALL msg=audit(1550000848.602:6913): arch=x86_64 syscall=open success=yes exit=EBADF a0=18510a0 a1=0 a2=0 a3=32 items=0 ppid=1 pid=27348 auid=4294967295 uid=993 gid=988 euid=993 suid=993 fsuid=993 egid=988 sgid=988 fsgid=988 tty=(none) ses=4294967295 comm=geoclue exe=/usr/libexec/geoclue subj=system_u:system_r:geoclue_t:s0 key=(null)

Hash: geoclue,geoclue_t,unconfined_service_t,file,open

Version-Release number of selected component:
selinux-policy-3.13.1-229.el7.noarch
Additional Informationreporter: libreport-2.1.11.1
hashmarkername: setroubleshoot
kernel: 3.10.0-957.el7.x86_64
reproducible: Not sure how to reproduce the problem
type: libreport
TagsNo tags attached.
abrt_hashcad020f7ea68e10e42d83a592ba22aa8cc2933b81ccc73dcfd2aaf0609a4408d
URL

Activities

ryzn

ryzn

2019-03-06 04:59

reporter   ~0033942

Another user experienced a similar problem:

I have already resolved everything in this post. And it appears again.

reporter: libreport-2.1.11.1
hashmarkername: setroubleshoot
kernel: 3.10.0-957.5.1.el7.x86_64
package: selinux-policy-3.13.1-229.el7_6.9.noarch
reason: SELinux is preventing /usr/libexec/geoclue from 'open' accesses on the file /proc/<pid>/cgroup.
reproducible: Not sure how to reproduce the problem
type: libreport

Issue History

Date Modified Username Field Change
2019-03-01 21:37 nthiyaga New Issue
2019-03-06 04:59 ryzn Note Added: 0033942