View Issue Details

IDProjectCategoryView StatusLast Update
0016405CentOS-7selinux-policypublic2019-09-17 14:38
ReporterLorenP 
PrioritynormalSeverityminorReproducibilityhave not tried
Status newResolutionopen 
PlatformOSOS Version7
Product Version 
Target VersionFixed in Version 
Summary0016405: SELinux is preventing /usr/libexec/gsd-clipboard from 'setattr' accesses on the directory /usr/lib/fontconfig/cache.
DescriptionDescription of problem:
as far as I can tell this happened while updating the system during sudo dnf upgrade -y
SELinux is preventing /usr/libexec/gsd-clipboard from 'setattr' accesses on the directory /usr/lib/fontconfig/cache.

***** Plugin catchall (100. confidence) suggests **************************

If you believe that gsd-clipboard should be allowed setattr access on the cache directory by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# ausearch -c 'gsd-clipboard' --raw | audit2allow -M my-gsdclipboard
# semodule -i my-gsdclipboard.pp

Additional Information:
Source Context system_u:system_r:xdm_t:s0-s0:c0.c1023
Target Context system_u:object_r:lib_t:s0
Target Objects /usr/lib/fontconfig/cache [ dir ]
Source gsd-clipboard
Source Path /usr/libexec/gsd-clipboard
Port <Unknown>
Host (removed)
Source RPM Packages gnome-settings-daemon-3.28.1-2.el7.x86_64
Target RPM Packages fontconfig-2.13.0-4.3.el7.x86_64
Policy RPM selinux-policy-3.13.1-229.el7_6.15.noarch
Selinux Enabled True
Policy Type targeted
Enforcing Mode Enforcing
Host Name (removed)
Platform Linux (removed) 3.10.0-957.21.2.el7.x86_64 #1 SMP
                              Wed Jun 5 14:26:44 UTC 2019 x86_64 x86_64
Alert Count 7
First Seen 2019-09-17 08:26:35 MDT
Last Seen 2019-09-17 08:28:06 MDT
Local ID 1c653ead-d27d-4a8c-94c2-c3ad835a4874

Raw Audit Messages
type=AVC msg=audit(1568730486.788:19240): avc: denied { setattr } for pid=13207 comm="gsd-clipboard" name="cache" dev="dm-0" ino=101425285 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:lib_t:s0 tclass=dir permissive=0


type=SYSCALL msg=audit(1568730486.788:19240): arch=x86_64 syscall=chmod success=no exit=EACCES a0=108def0 a1=1ed a2=108df09 a3=1 items=0 ppid=1 pid=13207 auid=4294967295 uid=42 gid=42 euid=42 suid=42 fsuid=42 egid=42 sgid=42 fsgid=42 tty=(none) ses=4294967295 comm=gsd-clipboard exe=/usr/libexec/gsd-clipboard subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 key=(null)

Hash: gsd-clipboard,xdm_t,lib_t,dir,setattr

Version-Release number of selected component:
selinux-policy-3.13.1-229.el7_6.15.noarch
Additional Informationreporter: libreport-2.1.11.1
hashmarkername: setroubleshoot
kernel: 3.10.0-957.21.2.el7.x86_64
reproducible: Not sure how to reproduce the problem
type: libreport
TagsNo tags attached.
abrt_hash3fcd5862071cab8a923ea1f1c99cc34159ae92fb4a8e283d2aa23be5008f513e
URL

Activities

There are no notes attached to this issue.

Issue History

Date Modified Username Field Change
2019-09-17 14:38 LorenP New Issue