View Issue Details

IDProjectCategoryView StatusLast Update
0016512CentOS-7selinux-policypublic2019-10-01 11:19
Reportert3kK4m 
PrioritynormalSeverityminorReproducibilityhave not tried
Status newResolutionopen 
PlatformOSOS Version7
Product Version 
Target VersionFixed in Version 
Summary0016512: SELinux is preventing /usr/bin/gnome-keyring-daemon from using the 'siginh' accesses on a process.
DescriptionDescription of problem:
Audit occurs at graphical logon, once
SELinux is preventing /usr/bin/gnome-keyring-daemon from using the 'siginh' accesses on a process.

***** Plugin catchall (100. confidence) suggests **************************

If you believe that gnome-keyring-daemon should be allowed siginh access on processes labeled unconfined_t by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# ausearch -c 'gnome-keyring-d' --raw | audit2allow -M my-gnomekeyringd
# semodule -i my-gnomekeyringd.pp

Additional Information:
Source Context system_u:system_r:xdm_t:s0-s0:c0.c1023
Target Context unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1
                              023
Target Objects Unknown [ process ]
Source gnome-keyring-d
Source Path /usr/bin/gnome-keyring-daemon
Port <Unknown>
Host (removed)
Source RPM Packages bash-4.2.46-31.el7.x86_64
Target RPM Packages
Policy RPM selinux-policy-3.13.1-229.el7_6.12.noarch
Selinux Enabled True
Policy Type targeted
Enforcing Mode Enforcing
Host Name (removed)
Platform Linux (removed) 3.10.0-862.el7.x86_64 #1 SMP Fri
                              Apr 20 16:44:24 UTC 2018 x86_64 x86_64
Alert Count 2
First Seen 2019-10-01 13:01:00 CEST
Last Seen 2019-10-01 13:01:00 CEST
Local ID 01a33fea-c249-4c59-93f2-e43ea7a464b6

Raw Audit Messages
type=AVC msg=audit(1569927660.741:1736): avc: denied { siginh } for pid=3387 comm="Xsession" scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=process


type=AVC msg=audit(1569927660.741:1736): avc: denied { noatsecure } for pid=3387 comm="Xsession" scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=process


type=SYSCALL msg=audit(1569927660.741:1736): arch=x86_64 syscall=execve success=yes exit=0 a0=c36d50 a1=c36d30 a2=c3b470 a3=7ffe94f5e720 items=0 ppid=3336 pid=3387 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=(none) ses=25 comm=Xsession exe=/usr/bin/bash subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null)

Hash: gnome-keyring-d,xdm_t,unconfined_t,process,siginh

Version-Release number of selected component:
selinux-policy-3.13.1-229.el7_6.12.noarch
Additional Informationreporter: libreport-2.1.11.1
hashmarkername: setroubleshoot
kernel: 3.10.0-862.el7.x86_64
reproducible: Not sure how to reproduce the problem
type: libreport
TagsNo tags attached.
abrt_hash89e9f84e49c860d88e73db92d26fb2d49b278cb295fe3cf72fd92c4fdd9bf8c6
URL

Activities

There are no notes attached to this issue.

Issue History

Date Modified Username Field Change
2019-10-01 11:19 t3kK4m New Issue