View Issue Details

IDProjectCategoryView StatusLast Update
0016670CentOS-7selinux-policypublic2019-10-29 19:34
Reportermagpie 
PrioritynormalSeverityminorReproducibilityhave not tried
Status newResolutionopen 
PlatformOSOS Version7
Product Version 
Target VersionFixed in Version 
Summary0016670: SELinux is preventing /usr/libexec/snapd/snapd from 'remove_name' accesses on the directory snap.krita.
DescriptionDescription of problem:
SELinux is preventing /usr/libexec/snapd/snapd from 'remove_name' accesses on the directory snap.krita.

***** Plugin catchall (100. confidence) suggests **************************

If you believe that snapd should be allowed remove_name access on the snap.krita directory by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# ausearch -c 'snapd' --raw | audit2allow -M my-snapd
# semodule -i my-snapd.pp

Additional Information:
Source Context system_u:system_r:snappy_t:s0
Target Context system_u:object_r:user_tmp_t:s0
Target Objects snap.krita [ dir ]
Source snapd
Source Path /usr/libexec/snapd/snapd
Port <Unknown>
Host (removed)
Source RPM Packages snapd-2.39.2-1.el7.x86_64
Target RPM Packages
Policy RPM selinux-policy-3.13.1-252.el7.1.noarch
Selinux Enabled True
Policy Type targeted
Enforcing Mode Enforcing
Host Name (removed)
Platform Linux (removed) 3.10.0-1062.4.1.el7.x86_64 #1 SMP
                              Fri Oct 18 17:15:30 UTC 2019 x86_64 x86_64
Alert Count 4
First Seen 2019-10-26 19:55:58 CEST
Last Seen 2019-10-29 20:29:18 CET
Local ID 6670c500-1c55-4fc7-adb1-0af3acef8777

Raw Audit Messages
type=AVC msg=audit(1572377358.668:378): avc: denied { remove_name } for pid=15136 comm="snapd" name="snap.krita" dev="tmpfs" ino=105909 scontext=system_u:system_r:snappy_t:s0 tcontext=system_u:object_r:user_tmp_t:s0 tclass=dir permissive=1


type=AVC msg=audit(1572377358.668:378): avc: denied { rmdir } for pid=15136 comm="snapd" name="snap.krita" dev="tmpfs" ino=105909 scontext=system_u:system_r:snappy_t:s0 tcontext=unconfined_u:object_r:user_tmp_t:s0 tclass=dir permissive=1


type=SYSCALL msg=audit(1572377358.668:378): arch=x86_64 syscall=unlinkat success=yes exit=0 a0=ffffffffffffff9c a1=c000672e80 a2=200 a3=0 items=0 ppid=1 pid=15136 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=snapd exe=/usr/libexec/snapd/snapd subj=system_u:system_r:snappy_t:s0 key=(null)

Hash: snapd,snappy_t,user_tmp_t,dir,remove_name

Version-Release number of selected component:
selinux-policy-3.13.1-252.el7.1.noarch
Additional Informationreporter: libreport-2.1.11.1
hashmarkername: setroubleshoot
kernel: 3.10.0-1062.4.1.el7.x86_64
reproducible: Not sure how to reproduce the problem
type: libreport
TagsNo tags attached.
abrt_hash533dccd2255edae4b7d8a2b9e229baead57e6ecf868c5ee3038aae879cdc3e44
URL

Activities

There are no notes attached to this issue.

Issue History

Date Modified Username Field Change
2019-10-29 19:34 magpie New Issue