View Issue Details

IDProjectCategoryView StatusLast Update
0016690CentOS-7selinux-policypublic2019-11-23 21:02
PrioritynormalSeverityminorReproducibilityhave not tried
Status newResolutionopen 
PlatformOSOS Version7
Product Version 
Target VersionFixed in Version 
Summary0016690: SELinux is preventing /usr/libexec/gsd-xsettings from 'setattr' accesses on the directory /usr/lib/fontconfig/cache.
DescriptionDescription of problem:
I dont know what hapen...
SELinux is preventing /usr/libexec/gsd-xsettings from 'setattr' accesses on the directory /usr/lib/fontconfig/cache.

***** Plugin catchall (100. confidence) suggests **************************

If you believe that gsd-xsettings should be allowed setattr access on the cache directory by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
allow this access for now by executing:
# ausearch -c 'pool' --raw | audit2allow -M my-pool
# semodule -i my-pool.pp

Additional Information:
Source Context system_u:system_r:xdm_t:s0-s0:c0.c1023
Target Context system_u:object_r:lib_t:s0
Target Objects /usr/lib/fontconfig/cache [ dir ]
Source pool
Source Path /usr/libexec/gsd-xsettings
Port <Unknown>
Host (removed)
Source RPM Packages
Target RPM Packages fontconfig-2.13.0-4.3.el7.x86_64
Policy RPM selinux-policy-3.13.1-252.el7.1.noarch
Selinux Enabled True
Policy Type targeted
Enforcing Mode Enforcing
Host Name (removed)
Platform Linux (removed) 3.10.0-862.el7.x86_64 #1 SMP Fri
                              Apr 20 16:44:24 UTC 2018 x86_64 x86_64
Alert Count 46
First Seen 2019-11-02 22:28:20 CET
Last Seen 2019-11-02 22:36:17 CET
Local ID 578bbab1-3f7e-4502-a2a5-6a771219c6f2

Raw Audit Messages
type=AVC msg=audit(1572730577.603:125858): avc: denied { setattr } for pid=10319 comm="pool" name="cache" dev="dm-0" ino=7135 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:lib_t:s0 tclass=dir

type=SYSCALL msg=audit(1572730577.603:125858): arch=x86_64 syscall=chmod success=no exit=EACCES a0=7f18d0067650 a1=1ed a2=7f18d0067669 a3=1 items=1 ppid=10191 pid=10319 auid=4294967295 uid=42 gid=42 euid=42 suid=42 fsuid=42 egid=42 sgid=42 fsgid=42 tty=(none) ses=4294967295 comm=pool exe=/usr/libexec/gsd-xsettings;5dbdf4dd (deleted) subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 key=(null)

type=CWD msg=audit(1572730577.603:125858): cwd=/var/lib/gdm

type=PATH msg=audit(1572730577.603:125858): item=0 name=/usr/lib/fontconfig/cache inode=7135 dev=fd:00 mode=040755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:lib_t:s0 objtype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0

Hash: pool,xdm_t,lib_t,dir,setattr

Version-Release number of selected component:
Additional Informationreporter: libreport-
hashmarkername: setroubleshoot
kernel: 3.10.0-1062.4.1.el7.x86_64
reproducible: Not sure how to reproduce the problem
type: libreport
TagsNo tags attached.




2019-11-23 21:02

reporter   ~0035742

Another user experienced a similar problem:

i dont know what hapen!

reporter: libreport-
hashmarkername: setroubleshoot
kernel: 3.10.0-1062.4.3.el7.x86_64
package: selinux-policy-3.13.1-252.el7.1.noarch
reason: SELinux is preventing /usr/libexec/gsd-xsettings from 'setattr' accesses on the directory cache.
reproducible: Not sure how to reproduce the problem
type: libreport

Issue History

Date Modified Username Field Change
2019-11-03 11:28 plober New Issue
2019-11-23 21:02 plober Note Added: 0035742