View Issue Details

IDProjectCategoryView StatusLast Update
0015909CentOS-7selinux-policypublic2019-03-11 12:59
PrioritynormalSeverityminorReproducibilityhave not tried
Status closedResolutionwon't fix 
PlatformOSOS Version7
Product Version 
Target VersionFixed in Version 
Summary0015909: SELinux is preventing /usr/sbin/NetworkManager from 'read' accesses on the file /root/.cat_installer/ca.pem.
DescriptionDescription of problem:
SELinux is preventing /usr/sbin/NetworkManager from 'read' accesses on the file /root/.cat_installer/ca.pem.

***** Plugin catchall (100. confidence) suggests **************************

If you believe that NetworkManager should be allowed read access on the ca.pem file by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
allow this access for now by executing:
# ausearch -c 'NetworkManager' --raw | audit2allow -M my-NetworkManager
# semodule -i my-NetworkManager.pp

Additional Information:
Source Context system_u:system_r:NetworkManager_t:s0
Target Context unconfined_u:object_r:admin_home_t:s0
Target Objects /root/.cat_installer/ca.pem [ file ]
Source NetworkManager
Source Path /usr/sbin/NetworkManager
Port <Unknown>
Host (removed)
Source RPM Packages NetworkManager-1.12.0-8.el7_6.x86_64
Target RPM Packages
Policy RPM selinux-policy-3.13.1-229.el7_6.9.noarch
Selinux Enabled True
Policy Type targeted
Enforcing Mode Enforcing
Host Name (removed)
Platform Linux (removed) 3.10.0-957.5.1.el7.x86_64 #1 SMP
                              Fri Feb 1 14:54:57 UTC 2019 x86_64 x86_64
Alert Count 204
First Seen 2018-10-16 16:20:52 CEST
Last Seen 2019-03-11 10:26:00 CET
Local ID 05e1ada0-0cef-4c94-b400-98a47ec86a26

Raw Audit Messages
type=AVC msg=audit(1552296360.452:302): avc: denied { read } for pid=4734 comm="NetworkManager" name="ca.pem" dev="dm-1" ino=33614547 scontext=system_u:system_r:NetworkManager_t:s0 tcontext=unconfined_u:object_r:admin_home_t:s0 tclass=file permissive=0

type=SYSCALL msg=audit(1552296360.452:302): arch=x86_64 syscall=open success=no exit=EACCES a0=55e537f419c0 a1=0 a2=7ffc8a08f980 a3=7f081d8042d0 items=1 ppid=1 pid=4734 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=NetworkManager exe=/usr/sbin/NetworkManager subj=system_u:system_r:NetworkManager_t:s0 key=(null)

type=CWD msg=audit(1552296360.452:302): cwd=/

type=PATH msg=audit(1552296360.452:302): item=0 name=/root/.cat_installer/ca.pem inode=33614547 dev=fd:01 mode=0100644 ouid=0 ogid=0 rdev=00:00 obj=unconfined_u:object_r:admin_home_t:s0 objtype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0

Hash: NetworkManager,NetworkManager_t,admin_home_t,file,read

Version-Release number of selected component:
Additional Informationreporter: libreport-
hashmarkername: setroubleshoot
kernel: 3.10.0-957.5.1.el7.x86_64
reproducible: Not sure how to reproduce the problem
type: libreport
TagsNo tags attached.




2019-03-11 12:59

manager   ~0033975

Putting your certificate under /root is almost certainly the wrong place for it. Certs belong in /etc/pki/tls/certs.

Issue History

Date Modified Username Field Change
2019-03-11 12:58 ChocolateAndStrawberry New Issue
2019-03-11 12:59 TrevorH Status new => closed
2019-03-11 12:59 TrevorH Resolution open => won't fix
2019-03-11 12:59 TrevorH Note Added: 0033975