View Issue Details

IDProjectCategoryView StatusLast Update
0016195CentOS-7selinux-policypublic2021-06-09 21:52
Reporterdupool Assigned To 
PrioritynormalSeverityminorReproducibilityhave not tried
Status closedResolutionno change required 
OS Version7 
Summary0016195: SELinux is preventing /usr/lib64/tumbler-1/tumblerd from 'sendto' accesses on the unix_dgram_socket /run/systemd/journal/socket.
DescriptionDescription of problem:
detected during startup
SELinux is preventing /usr/lib64/tumbler-1/tumblerd from 'sendto' accesses on the unix_dgram_socket /run/systemd/journal/socket.

***** Plugin catchall (100. confidence) suggests **************************

If you believe that tumblerd should be allowed sendto access on the socket unix_dgram_socket by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
allow this access for now by executing:
# ausearch -c 'tumblerd' --raw | audit2allow -M my-tumblerd
# semodule -i my-tumblerd.pp

Additional Information:
Source Context unconfined_u:unconfined_r:thumb_t:s0-s0:c0.c1023
Target Context system_u:system_r:kernel_t:s0
Target Objects /run/systemd/journal/socket [ unix_dgram_socket ]
Source tumblerd
Source Path /usr/lib64/tumbler-1/tumblerd
Port <Unknown>
Host (removed)
Source RPM Packages
Target RPM Packages
Policy RPM selinux-policy-3.13.1-229.el7_6.12.noarch
Selinux Enabled True
Policy Type targeted
Enforcing Mode Permissive
Host Name (removed)
Platform Linux (removed) 3.10.0-957.21.2.el7.x86_64 #1 SMP
                              Wed Jun 5 14:26:44 UTC 2019 x86_64 x86_64
Alert Count 60
First Seen 2019-05-12 12:02:33 +08
Last Seen 2019-06-19 06:40:55 +08
Local ID 3396d377-8035-4dea-a034-5bddaeac943a

Raw Audit Messages
type=AVC msg=audit(1560897655.498:138): avc: denied { sendto } for pid=6396 comm="tumblerd" path="/run/systemd/journal/socket" scontext=unconfined_u:unconfined_r:thumb_t:s0-s0:c0.c1023 tcontext=system_u:system_r:kernel_t:s0 tclass=unix_dgram_socket permissive=1

Hash: tumblerd,thumb_t,kernel_t,unix_dgram_socket,sendto

Version-Release number of selected component:
Additional Informationreporter: libreport-
hashmarkername: setroubleshoot
kernel: 3.10.0-957.21.2.el7.x86_64
reproducible: Not sure how to reproduce the problem
type: libreport
TagsNo tags attached.




2021-06-09 19:55

reporter   ~0038486

Fresh install today, did yum update -y, installed group "Server with GUI, installed xfce desktop, installed Rivendell Automation according to instructions... that created user "rd"... reboot... when user rd auto logins SELinux Alert Browser pops up a window saying :

SELinux is preventing /usr/lib64/tumbler-1/tumblerd from sendto access on the unix_dgram_socket /run/systemd/journal/socket.

Seems something wants a thumbnail and was denied?

Didn't do this until after I installed Rivendell automation from the root account. prior to that root or my unprivileged user could login on xfce and that error didn't pop up.


2021-06-09 21:52

manager   ~0038488

This certainly looks like either a mislabel of the filesystem or a need for a custom policy. However since the situation is triggered by elements which are not part of the OS ( CentOS does not ship xfce, you probably got it from EPEL which is a completely independent project ) we cannot assist here.
As a first attempt to fix your problem, I suggest a full relabel of the filesystem, by issuing touch the commands " /.autorelabel && reboot "
If this approach does not solve your problem you should ask for help via one of the channels suitable for user assistance, like CentOS fora or the #epel channel on If you end up needing a custom policy, you should open a bug at bugzilla, so that either xfce or the main selinux policy gets the required fix.

Issue History

Date Modified Username Field Change
2019-06-18 22:48 dupool New Issue
2021-06-09 19:55 KBIJ-Rivende11 Note Added: 0038486
2021-06-09 21:52 ManuelWolfshant Status new => closed
2021-06-09 21:52 ManuelWolfshant Resolution open => no change required
2021-06-09 21:52 ManuelWolfshant Note Added: 0038488