View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0018331 | CentOS-7 | selinux-policy | public | 2021-10-20 11:49 | 2021-10-20 11:49 |
| Reporter | Effervescent_llama | Assigned To | |||
| Priority | normal | Severity | minor | Reproducibility | have not tried |
| Status | new | Resolution | open | ||
| OS Version | 7 | ||||
| Summary | 0018331: SELinux is preventing /usr/bin/ps from 'sys_ptrace' accesses on the cap_userns labeled unconfined_service_t. | ||||
| Description | Description of problem: SELinux is preventing /usr/bin/ps from 'sys_ptrace' accesses on the cap_userns labeled unconfined_service_t. ***** Plugin catchall (100. confidence) suggests ************************** If you believe that ps should be allowed sys_ptrace access on cap_userns labeled unconfined_service_t by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # ausearch -c 'ps' --raw | audit2allow -M my-ps # semodule -i my-ps.pp Additional Information: Source Context system_u:system_r:unconfined_service_t:s0 Target Context system_u:system_r:unconfined_service_t:s0 Target Objects Unknown [ cap_userns ] Source ps Source Path /usr/bin/ps Port <Unknown> Host (removed) Source RPM Packages sysvinit-tools-2.88-14.dsf.el7.x86_64 Target RPM Packages Policy RPM selinux-policy-3.13.1-268.el7_9.2.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 5.11.5-1.el7.elrepo.x86_64 #1 SMP Mon Mar 8 17:22:31 EST 2021 x86_64 x86_64 Alert Count 96482 First Seen 2021-09-29 15:42:14 BST Last Seen 2021-10-20 12:37:08 BST Local ID 8bbb74bd-f9c3-4282-8ed0-86699ec8d804 Raw Audit Messages type=AVC msg=audit(1634729828.219:660): avc: denied { sys_ptrace } for pid=21565 comm="pidof" capability=19 scontext=system_u:system_r:unconfined_service_t:s0 tcontext=system_u:system_r:unconfined_service_t:s0 tclass=cap_userns permissive=0 type=SYSCALL msg=audit(1634729828.219:660): arch=x86_64 syscall=stat success=no exit=EACCES a0=7ffee17b1ef0 a1=7ffee17b1e60 a2=7ffee17b1e60 a3=2 items=0 ppid=21539 pid=21565 auid=4294967295 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts3 ses=4294967295 comm=pidof exe=/usr/sbin/killall5 subj=system_u:system_r:unconfined_service_t:s0 key=(null) Hash: ps,unconfined_service_t,unconfined_service_t,cap_userns,sys_ptrace Version-Release number of selected component: selinux-policy-3.13.1-268.el7_9.2.noarch | ||||
| Additional Information | reporter: libreport-2.1.11.1 hashmarkername: setroubleshoot kernel: 5.11.5-1.el7.elrepo.x86_64 reproducible: Not sure how to reproduce the problem type: libreport | ||||
| Tags | No tags attached. | ||||
| abrt_hash | 7aee48d1163285d8e76caf3e0819176b3bf41cdc44eb3d2ca145d580581e9577 | ||||
| URL | |||||
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2021-10-20 11:49 | Effervescent_llama | New Issue |
