View Issue Details

IDProjectCategoryView StatusLast Update
0018029CentOS-7selinux-policypublic2021-01-21 17:46
Reporterforwishes Assigned To 
PrioritynormalSeverityminorReproducibilityhave not tried
Status newResolutionopen 
OS Version7 
Summary0018029: SELinux is preventing chcon from using the 'mac_admin' capabilities.
DescriptionDescription of problem:
maybe when using the sonnet software
SELinux is preventing chcon from using the 'mac_admin' capabilities.

***** Plugin catchall (100. confidence) suggests **************************

If you believe that chcon should have the mac_admin capability by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# ausearch -c 'chcon' --raw | audit2allow -M my-chcon
# semodule -i my-chcon.pp

Additional Information:
Source Context unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1
                              023
Target Context unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1
                              023
Target Objects Unknown [ capability2 ]
Source chcon
Source Path chcon
Port <Unknown>
Host (removed)
Source RPM Packages
Target RPM Packages
Policy RPM selinux-policy-3.13.1-268.el7_9.2.noarch
Selinux Enabled True
Policy Type targeted
Enforcing Mode Enforcing
Host Name (removed)
Platform Linux (removed) 3.10.0-1160.11.1.el7.x86_64 #1 SMP
                              Fri Dec 18 16:34:56 UTC 2020 x86_64 x86_64
Alert Count 4
First Seen 2021-01-22 00:44:09 CST
Last Seen 2021-01-22 00:44:12 CST
Local ID 628ae028-dedc-44fe-95b2-b60079a85d3a

Raw Audit Messages
type=AVC msg=audit(1611247452.853:317): avc: denied { mac_admin } for pid=14724 comm="chcon" capability=33 scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=capability2 permissive=0


Hash: chcon,unconfined_t,unconfined_t,capability2,mac_admin

Version-Release number of selected component:
selinux-policy-3.13.1-268.el7_9.2.noarch
Additional Informationreporter: libreport-2.1.11.1
hashmarkername: setroubleshoot
kernel: 3.10.0-1160.11.1.el7.x86_64
reproducible: Not sure how to reproduce the problem
type: libreport
TagsNo tags attached.
abrt_hash4b2836aaae5f8a6b2910ce9e37529854d3c26f7aee986b386d8fea9801a94701
URL

Activities

There are no notes attached to this issue.

Issue History

Date Modified Username Field Change
2021-01-21 17:46 forwishes New Issue