View Issue Details

IDProjectCategoryView StatusLast Update
0016542CentOS-7selinux-policypublic2019-10-04 19:37
Reporterdenvalk 
PrioritynormalSeverityminorReproducibilityhave not tried
Status newResolutionopen 
PlatformOSOS Version7
Product Version 
Target VersionFixed in Version 
Summary0016542: SELinux is preventing gdm-session-wor from 'kill' accesses on the cap_userns labeled xdm_t.
DescriptionDescription of problem:
SELinux is preventing gdm-session-wor from 'kill' accesses on the cap_userns labeled xdm_t.

***** Plugin catchall (100. confidence) suggests **************************

If you believe that gdm-session-wor should be allowed kill access on cap_userns labeled xdm_t by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# ausearch -c 'gdm-session-wor' --raw | audit2allow -M my-gdmsessionwor
# semodule -i my-gdmsessionwor.pp

Additional Information:
Source Context system_u:system_r:xdm_t:s0-s0:c0.c1023
Target Context system_u:system_r:xdm_t:s0-s0:c0.c1023
Target Objects Unknown [ cap_userns ]
Source gdm-session-wor
Source Path gdm-session-wor
Port <Unknown>
Host (removed)
Source RPM Packages
Target RPM Packages
Policy RPM selinux-policy-3.13.1-252.el7.1.noarch
Selinux Enabled True
Policy Type targeted
Enforcing Mode Enforcing
Host Name (removed)
Platform Linux (removed) 5.2.11-1.el7.elrepo.x86_64 #1 SMP
                              Thu Aug 29 08:10:52 EDT 2019 x86_64 x86_64
Alert Count 1
First Seen 2019-09-30 17:01:46 MDT
Last Seen 2019-09-30 17:01:46 MDT
Local ID 2dadee7f-d382-492f-9360-1ebc363a799a

Raw Audit Messages
type=AVC msg=audit(1569884506.453:259): avc: denied { kill } for pid=8838 comm="gdm-session-wor" capability=5 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tclass=cap_userns permissive=0


type=AVC msg=audit(1569884506.453:259): avc: denied { kill } for pid=8838 comm="gdm-session-wor" capability=5 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tclass=cap_userns permissive=0


type=AVC msg=audit(1569884506.453:259): avc: denied { kill } for pid=8838 comm="gdm-session-wor" capability=5 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tclass=cap_userns permissive=0


type=AVC msg=audit(1569884506.453:259): avc: denied { kill } for pid=8838 comm="gdm-session-wor" capability=5 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tclass=cap_userns permissive=0


Hash: gdm-session-wor,xdm_t,xdm_t,cap_userns,kill

Version-Release number of selected component:
selinux-policy-3.13.1-252.el7.1.noarch
Additional Informationreporter: libreport-2.1.11.1
hashmarkername: setroubleshoot
kernel: 5.3.2-1.el7.elrepo.x86_64
reproducible: Not sure how to reproduce the problem
type: libreport
TagsNo tags attached.
abrt_hashff5c171467973d2d3a75bd0811916e733bd0875f5357091966b561b6ca963c46
URL

Activities

There are no notes attached to this issue.

Issue History

Date Modified Username Field Change
2019-10-04 19:37 denvalk New Issue