View Issue Details

IDProjectCategoryView StatusLast Update
0018331CentOS-7selinux-policypublic2021-10-20 11:49
ReporterEffervescent_llama Assigned To 
PrioritynormalSeverityminorReproducibilityhave not tried
Status newResolutionopen 
OS Version7 
Summary0018331: SELinux is preventing /usr/bin/ps from 'sys_ptrace' accesses on the cap_userns labeled unconfined_service_t.
DescriptionDescription of problem:
SELinux is preventing /usr/bin/ps from 'sys_ptrace' accesses on the cap_userns labeled unconfined_service_t.

***** Plugin catchall (100. confidence) suggests **************************

If you believe that ps should be allowed sys_ptrace access on cap_userns labeled unconfined_service_t by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
allow this access for now by executing:
# ausearch -c 'ps' --raw | audit2allow -M my-ps
# semodule -i my-ps.pp

Additional Information:
Source Context system_u:system_r:unconfined_service_t:s0
Target Context system_u:system_r:unconfined_service_t:s0
Target Objects Unknown [ cap_userns ]
Source ps
Source Path /usr/bin/ps
Port <Unknown>
Host (removed)
Source RPM Packages sysvinit-tools-2.88-14.dsf.el7.x86_64
Target RPM Packages
Policy RPM selinux-policy-3.13.1-268.el7_9.2.noarch
Selinux Enabled True
Policy Type targeted
Enforcing Mode Enforcing
Host Name (removed)
Platform Linux (removed) 5.11.5-1.el7.elrepo.x86_64 #1 SMP
                              Mon Mar 8 17:22:31 EST 2021 x86_64 x86_64
Alert Count 96482
First Seen 2021-09-29 15:42:14 BST
Last Seen 2021-10-20 12:37:08 BST
Local ID 8bbb74bd-f9c3-4282-8ed0-86699ec8d804

Raw Audit Messages
type=AVC msg=audit(1634729828.219:660): avc: denied { sys_ptrace } for pid=21565 comm="pidof" capability=19 scontext=system_u:system_r:unconfined_service_t:s0 tcontext=system_u:system_r:unconfined_service_t:s0 tclass=cap_userns permissive=0

type=SYSCALL msg=audit(1634729828.219:660): arch=x86_64 syscall=stat success=no exit=EACCES a0=7ffee17b1ef0 a1=7ffee17b1e60 a2=7ffee17b1e60 a3=2 items=0 ppid=21539 pid=21565 auid=4294967295 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts3 ses=4294967295 comm=pidof exe=/usr/sbin/killall5 subj=system_u:system_r:unconfined_service_t:s0 key=(null)

Hash: ps,unconfined_service_t,unconfined_service_t,cap_userns,sys_ptrace

Version-Release number of selected component:
Additional Informationreporter: libreport-
hashmarkername: setroubleshoot
kernel: 5.11.5-1.el7.elrepo.x86_64
reproducible: Not sure how to reproduce the problem
type: libreport
TagsNo tags attached.


There are no notes attached to this issue.

Issue History

Date Modified Username Field Change
2021-10-20 11:49 Effervescent_llama New Issue