View Issue Details

IDProjectCategoryView StatusLast Update
0017978CentOS-7selinux-policypublic2021-02-16 09:27
ReporterTuxHandwerker Assigned To 
PrioritynormalSeverityminorReproducibilityhave not tried
Status newResolutionopen 
OS Version7 
Summary0017978: SELinux is preventing reporter-urepor from 'write' accesses on the Verzeichnis /etc/pki/nssdb.
DescriptionDescription of problem:
SELinux is preventing reporter-urepor from 'write' accesses on the Verzeichnis /etc/pki/nssdb.

***** Plugin catchall (100. confidence) suggests **************************

Wenn Sie denken, dass es reporter-urepor standardmäßig erlaubt sein sollte, write Zugriff auf nssdb directory zu erhalten.
Then sie sollten dies als Fehler melden.
Um diesen Zugriff zu erlauben, können Sie ein lokales Richtlinien-Modul erstellen.
allow this access for now by executing:
# ausearch -c 'reporter-urepor' --raw | audit2allow -M my-reporterurepor
# semodule -i my-reporterurepor.pp

Additional Information:
Source Context system_u:system_r:abrt_t:s0-s0:c0.c1023
Target Context system_u:object_r:cert_t:s0
Target Objects /etc/pki/nssdb [ dir ]
Source reporter-urepor
Source Path reporter-urepor
Port <Unknown>
Host (removed)
Source RPM Packages
Target RPM Packages nss-3.53.1-3.el7_9.x86_64
Policy RPM selinux-policy-3.13.1-268.el7_9.2.noarch
Selinux Enabled True
Policy Type targeted
Enforcing Mode Enforcing
Host Name (removed)
Platform Linux (removed) 3.10.0-1160.6.1.el7.x86_64 #1 SMP
                              Tue Nov 17 13:59:11 UTC 2020 x86_64 x86_64
Alert Count 7
First Seen 2020-12-18 07:11:28 CET
Last Seen 2020-12-18 12:07:54 CET
Local ID 26643a9b-bfa3-43d0-8276-2209940703c4

Raw Audit Messages
type=AVC msg=audit(1608289674.474:26009): avc: denied { write } for pid=31858 comm="reporter-urepor" name="nssdb" dev="dm-0" ino=384077 scontext=system_u:system_r:abrt_t:s0-s0:c0.c1023 tcontext=system_u:object_r:cert_t:s0 tclass=dir permissive=0

Hash: reporter-urepor,abrt_t,cert_t,dir,write

Version-Release number of selected component:
Additional Informationreporter: libreport-
hashmarkername: setroubleshoot
kernel: 3.10.0-1160.6.1.el7.x86_64
reproducible: Not sure how to reproduce the problem
type: libreport
TagsNo tags attached.




2021-02-16 09:27

reporter   ~0038248

Another user experienced a similar problem:

Python application Jupyter Lab triggered the attempt when a remote user entered the authentication token
for the web server session from a client computer.

reporter: libreport-
hashmarkername: setroubleshoot
kernel: 3.10.0-1127.19.1.el7.x86_64
package: selinux-policy-3.13.1-268.el7_9.2.noarch
reason: SELinux is preventing /usr/bin/reporter-ureport from 'write' accesses on the directory /etc/pki/nssdb.
reproducible: Not sure how to reproduce the problem
type: libreport

Issue History

Date Modified Username Field Change
2020-12-28 07:23 TuxHandwerker New Issue
2021-02-16 09:27 DeHollander Note Added: 0038248