0017899: SELinux is preventing rtkit-daemon from sys_ptrace access on the cap_userns labeled rtkit_daemon_t. - CentOS Bug Tracker

ID	Project	Category	View Status	Date Submitted	Last Update

0017899	CentOS-8	selinux-policy	public	2020-12-01 02:37	2020-12-23 12:18

Reporter	Sat San	Assigned To
Priority	normal	Severity	minor	Reproducibility	random
Status	new	Resolution	open
Platform	x86_64	OS	CentOS Linux	OS Version	8.2.2004
Product Version	8.2.2004

Summary	0017899: SELinux is preventing rtkit-daemon from sys_ptrace access on the cap_userns labeled rtkit_daemon_t.
Description	*** Plugin catchall (100. confidence) suggests ************************ If you believe that rtkit-daemon should be allowed sys_ptrace access on cap_userns labeled rtkit_daemon_t by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # ausearch -c 'rtkit-daemon' --raw \| audit2allow -M my-rtkitdaemon # semodule -X 300 -i my-rtkitdaemon.pp Additional Information: Source Context system_u:system_r:rtkit_daemon_t:s0 Target Context system_u:system_r:rtkit_daemon_t:s0 Target Objects Unknown [ cap_userns ] Source rtkit-daemon Source Path rtkit-daemon Port <Unknown> Host localhost.localdomain Source RPM Packages Target RPM Packages Policy RPM selinux-policy-3.14.3-41.el8_2.8.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name localhost.localdomain Platform Linux localhost.localdomain 4.18.0-193.28.1.el8_2.x86_64 #1 SMP Thu Oct 22 00:20:22 UTC 2020 x86_64 x86_64 Alert Count 31 First Seen 2020-11-26 23:29:07 +08 Last Seen 2020-11-30 13:52:31 +08 Local ID 7c621ee8-6228-42fc-806a-80904a1e6662 Raw Audit Messages type=AVC msg=audit(1606715551.143:238): avc: denied { sys_ptrace } for pid=952 comm="rtkit-daemon" capability=19 scontext=system_u:system_r:rtkit_daemon_t:s0 tcontext=system_u:system_r:rtkit_daemon_t:s0 tclass=cap_userns permissive=0 Hash: rtkit-daemon,rtkit_daemon_t,rtkit_daemon_t,cap_userns,sys_ptrace
Steps To Reproduce	Launched Mozilla Firefox 78.4.0esr under terminal mode $firefox -private-window www.google.com will try to rollback to previous version or uninstall+install previous version!
Tags	No tags attached.

huw 2020-12-23 12:18 reporter ~0038134	I get sealert popups related to this regularly and have done for a number of months. Previously thought this was caused by using a newer version of selinux policy (from staging) to workaround a nvidia issue. However with 8.3, this update is now part of base and the problem persists. In addition to triggering seemingly randomly the problem can be reproduced by playing any youtube video.

Date Modified	Username	Field	Change
2020-12-01 02:37	Sat San	New Issue
2020-12-23 12:18	huw	Note Added: 0038134