View Issue Details

IDProjectCategoryView StatusLast Update
0016083CentOS-7selinux-policypublic2019-05-14 15:16
ReporterGoodWolf8 
PrioritynormalSeverityminorReproducibilityhave not tried
Status newResolutionopen 
PlatformOSOS Version7
Product Version 
Target VersionFixed in Version 
Summary0016083: SELinux is preventing phantomjs from using the 'execmem' accesses on a process.
DescriptionDescription of problem:
SELinux is preventing phantomjs from using the 'execmem' accesses on a process.

***** Plugin catchall_boolean (89.3 confidence) suggests ******************

Si quiere allow httpd to execmem
Then debe informar a SELinux de ello activando el indicador 'httpd_execmem'.

Do
setsebool -P httpd_execmem 1

***** Plugin catchall (11.6 confidence) suggests **************************

Si cree que de manera predeterminada se debería permitir a phantomjs el acceso execmem sobre procesos etiquetados como httpd_t.
Then debería reportar esto como un error.
Puede generar un módulo de política local para permitir este acceso.
Do
permita el acceso temporalmente ejecutando:
# ausearch -c 'phantomjs' --raw | audit2allow -M mi-phantomjs
# semodule -i mi-phantomjs.pp

Additional Information:
Source Context system_u:system_r:httpd_t:s0
Target Context system_u:system_r:httpd_t:s0
Target Objects Unknown [ process ]
Source phantomjs
Source Path phantomjs
Port <Unknown>
Host (removed)
Source RPM Packages
Target RPM Packages
Policy RPM selinux-policy-3.13.1-229.el7_6.12.noarch
Selinux Enabled True
Policy Type targeted
Enforcing Mode Permissive
Host Name (removed)
Platform Linux (removed) 3.10.0-957.12.1.el7.x86_64 #1 SMP
                              Mon Apr 29 14:59:59 UTC 2019 x86_64 x86_64
Alert Count 9
First Seen 2019-05-14 16:54:54 CEST
Last Seen 2019-05-14 17:10:02 CEST
Local ID b9dc5a07-9526-4303-ada8-c194ae5bb678

Raw Audit Messages
type=AVC msg=audit(1557846602.464:906): avc: denied { execmem } for pid=13279 comm="phantomjs" scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:system_r:httpd_t:s0 tclass=process permissive=1


Hash: phantomjs,httpd_t,httpd_t,process,execmem

Version-Release number of selected component:
selinux-policy-3.13.1-229.el7_6.12.noarch
Additional Informationreporter: libreport-2.1.11.1
hashmarkername: setroubleshoot
kernel: 3.10.0-957.12.1.el7.x86_64
reproducible: Not sure how to reproduce the problem
type: libreport
TagsNo tags attached.
abrt_hash6ffde15365f5ee6fb65e69bdf4af6a4b2a25d397f1f636032747ff3060de7519
URL

Activities

There are no notes attached to this issue.

Issue History

Date Modified Username Field Change
2019-05-14 15:16 GoodWolf8 New Issue