View Issue Details

IDProjectCategoryView StatusLast Update
0016253CentOS-7selinux-policypublic2019-07-09 14:43
PrioritynormalSeverityminorReproducibilityhave not tried
Status newResolutionopen 
PlatformOSOS Version7
Product Version 
Target VersionFixed in Version 
Summary0016253: SELinux is preventing ps from 'sys_ptrace' accesses on the cap_userns labeled mozilla_plugin_t.
DescriptionDescription of problem:
SELinux is preventing ps from 'sys_ptrace' accesses on the cap_userns labeled mozilla_plugin_t.

***** Plugin mozplugger (99.1 confidence) suggests ************************

If you want to use the plugin package
Then you must turn off SELinux controls on the Firefox plugins.
# setsebool -P unconfined_mozilla_plugin_transition 0

***** Plugin catchall (1.81 confidence) suggests **************************

If you believe that ps should be allowed sys_ptrace access on cap_userns labeled mozilla_plugin_t by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
allow this access for now by executing:
# ausearch -c 'ps' --raw | audit2allow -M my-ps
# semodule -i my-ps.pp

Additional Information:
Source Context unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c
Target Context unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c
Target Objects Unknown [ cap_userns ]
Source ps
Source Path ps
Port <Unknown>
Host (removed)
Source RPM Packages
Target RPM Packages
Policy RPM selinux-policy-3.13.1-229.el7_6.12.noarch
Selinux Enabled True
Policy Type targeted
Enforcing Mode Enforcing
Host Name (removed)
Platform Linux (removed) 5.2.0-1.el7.elrepo.x86_64 #1 SMP
                              Mon Jul 8 09:37:45 EDT 2019 x86_64 x86_64
Alert Count 6
First Seen 2019-07-09 11:06:31 -03
Last Seen 2019-07-09 11:06:31 -03
Local ID ec3a4a36-f319-46a3-9d7b-2cf222e91276

Raw Audit Messages
type=AVC msg=audit(1562681191.381:237): avc: denied { sys_ptrace } for pid=5238 comm="ps" capability=19 scontext=unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c0.c1023 tclass=cap_userns permissive=0

Hash: ps,mozilla_plugin_t,mozilla_plugin_t,cap_userns,sys_ptrace

Version-Release number of selected component:
Additional Informationreporter: libreport-
hashmarkername: setroubleshoot
kernel: 5.2.0-1.el7.elrepo.x86_64
reproducible: Not sure how to reproduce the problem
type: libreport
TagsNo tags attached.


There are no notes attached to this issue.

Issue History

Date Modified Username Field Change
2019-07-09 14:43 xpandaren New Issue