View Issue Details

IDProjectCategoryView StatusLast Update
0016510CentOS-7selinux-policypublic2019-10-01 11:04
Reportert3kK4m 
PrioritynormalSeverityminorReproducibilityhave not tried
Status newResolutionopen 
PlatformOSOS Version7
Product Version 
Target VersionFixed in Version 
Summary0016510: SELinux is preventing /usr/bin/pkla-check-authorization from using the 'rlimitinh' accesses on a process.
DescriptionDescription of problem:
Audit appears at graphical login once.
SELinux is preventing /usr/bin/pkla-check-authorization from using the 'rlimitinh' accesses on a process.

***** Plugin catchall (100. confidence) suggests **************************

If you believe that pkla-check-authorization should be allowed rlimitinh access on processes labeled policykit_auth_t by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# ausearch -c 'pkla-check-auth' --raw | audit2allow -M my-pklacheckauth
# semodule -i my-pklacheckauth.pp

Additional Information:
Source Context system_u:system_r:policykit_t:s0
Target Context system_u:system_r:policykit_auth_t:s0
Target Objects Unknown [ process ]
Source pkla-check-auth
Source Path /usr/bin/pkla-check-authorization
Port <Unknown>
Host (removed)
Source RPM Packages polkit-pkla-compat-0.1-4.el7.x86_64
Target RPM Packages
Policy RPM selinux-policy-3.13.1-229.el7_6.12.noarch
Selinux Enabled True
Policy Type targeted
Enforcing Mode Enforcing
Host Name (removed)
Platform Linux (removed) 3.10.0-862.el7.x86_64 #1 SMP Fri
                              Apr 20 16:44:24 UTC 2018 x86_64 x86_64
Alert Count 42
First Seen 2019-10-01 13:01:01 CEST
Last Seen 2019-10-01 13:01:05 CEST
Local ID 190ee21a-2e63-48de-a019-cc2664e720fd

Raw Audit Messages
type=AVC msg=audit(1569927665.301:1797): avc: denied { rlimitinh } for pid=3924 comm="pkla-check-auth" scontext=system_u:system_r:policykit_t:s0 tcontext=system_u:system_r:policykit_auth_t:s0 tclass=process


type=AVC msg=audit(1569927665.301:1797): avc: denied { siginh } for pid=3924 comm="pkla-check-auth" scontext=system_u:system_r:policykit_t:s0 tcontext=system_u:system_r:policykit_auth_t:s0 tclass=process


type=AVC msg=audit(1569927665.301:1797): avc: denied { noatsecure } for pid=3924 comm="pkla-check-auth" scontext=system_u:system_r:policykit_t:s0 tcontext=system_u:system_r:policykit_auth_t:s0 tclass=process


type=SYSCALL msg=audit(1569927665.301:1797): arch=x86_64 syscall=execve success=yes exit=0 a0=557b61e2dfb0 a1=557b61e2de90 a2=7ffda8334770 a3=7ffda8333060 items=0 ppid=5307 pid=3924 auid=4294967295 uid=999 gid=998 euid=999 suid=999 fsuid=999 egid=998 sgid=998 fsgid=998 tty=(none) ses=4294967295 comm=pkla-check-auth exe=/usr/bin/pkla-check-authorization subj=system_u:system_r:policykit_auth_t:s0 key=(null)

Hash: pkla-check-auth,policykit_t,policykit_auth_t,process,rlimitinh

Version-Release number of selected component:
selinux-policy-3.13.1-229.el7_6.12.noarch
Additional Informationreporter: libreport-2.1.11.1
hashmarkername: setroubleshoot
kernel: 3.10.0-862.el7.x86_64
reproducible: Not sure how to reproduce the problem
type: libreport
TagsNo tags attached.
abrt_hashe34875941e99ae32c4e214c52be86f2adb741e573d2457409eec67a0a16ebf9d
URL

Activities

There are no notes attached to this issue.

Issue History

Date Modified Username Field Change
2019-10-01 11:04 t3kK4m New Issue