View Issue Details

IDProjectCategoryView StatusLast Update
0016331CentOS-7selinux-policypublic2019-08-13 12:52
ReporterEduard Hofer 
PrioritynormalSeverityminorReproducibilityhave not tried
Status newResolutionopen 
PlatformOSOS Version7
Product Version 
Target VersionFixed in Version 
Summary0016331: SELinux is preventing /usr/bin/spice-vdagent from 'getattr' accesses on the chr_file /dev/vport0p1.
DescriptionDescription of problem:
SELinux is preventing /usr/bin/spice-vdagent from 'getattr' accesses on the chr_file /dev/vport0p1.

***** Plugin catchall (100. confidence) suggests **************************

If you believe that spice-vdagent should be allowed getattr access on the vport0p1 chr_file by default.
Then sie sollten dies als Fehler melden.
Um diesen Zugriff zu erlauben, k├Ânnen Sie ein lokales Richtlinien-Modul erstellen.
allow this access for now by executing:
# ausearch -c 'spice-vdagent' --raw | audit2allow -M my-spicevdagent
# semodule -i my-spicevdagent.pp

Additional Information:
Source Context system_u:system_r:xdm_t:s0-s0:c0.c1023
Target Context system_u:object_r:virtio_device_t:s0
Target Objects /dev/vport0p1 [ chr_file ]
Source spice-vdagent
Source Path /usr/bin/spice-vdagent
Port <Unknown>
Host (removed)
Source RPM Packages spice-vdagent-0.14.0-10.el7.x86_64
Target RPM Packages
Policy RPM selinux-policy-3.13.1-60.el7.noarch
Selinux Enabled True
Policy Type targeted
Enforcing Mode Enforcing
Host Name (removed)
Platform Linux (removed) 3.10.0-327.el7.x86_64 #1 SMP Thu
                              Nov 19 22:10:57 UTC 2015 x86_64 x86_64
Alert Count 1
First Seen 2019-08-11 13:52:42 CEST
Last Seen 2019-08-11 13:52:42 CEST
Local ID 95fc0419-32e1-4078-99d4-6076b2c76f0c

Raw Audit Messages
type=AVC msg=audit(1565524362.175:379): avc: denied { getattr } for pid=4404 comm="spice-vdagent" path="/dev/vport0p1" dev="devtmpfs" ino=1762 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:virtio_device_t:s0 tclass=chr_file

type=SYSCALL msg=audit(1565524362.175:379): arch=x86_64 syscall=stat success=no exit=EACCES a0=409bd0 a1=7ffe8811c2e0 a2=7ffe8811c2e0 a3=7ffe8811bfd0 items=0 ppid=4149 pid=4404 auid=4294967295 uid=42 gid=42 euid=42 suid=42 fsuid=42 egid=42 sgid=42 fsgid=42 tty=(none) ses=4294967295 comm=spice-vdagent exe=/usr/bin/spice-vdagent subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 key=(null)

Hash: spice-vdagent,xdm_t,virtio_device_t,chr_file,getattr

Version-Release number of selected component:
Additional Informationreporter: libreport-
hashmarkername: setroubleshoot
kernel: 3.10.0-957.27.2.el7.x86_64
reproducible: Not sure how to reproduce the problem
type: libreport
TagsNo tags attached.


There are no notes attached to this issue.

Issue History

Date Modified Username Field Change
2019-08-13 12:52 Eduard Hofer New Issue