View Issue Details

IDProjectCategoryView StatusLast Update
0018482CentOS-7selinux-policypublic2022-07-07 09:14
Reportersupravat94 Assigned To 
PrioritynormalSeverityminorReproducibilityhave not tried
Status newResolutionopen 
OS Version7 
Summary0018482: SELinux is preventing /usr/bin/reporter-ureport from 'remove_name' accesses on the directory dbTemp.vEBN7a.
DescriptionDescription of problem:
SELinux is preventing /usr/bin/reporter-ureport from 'remove_name' accesses on the directory dbTemp.vEBN7a.

***** Plugin catchall (100. confidence) suggests **************************

If you believe that reporter-ureport should be allowed remove_name access on the dbTemp.vEBN7a directory by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
allow this access for now by executing:
# ausearch -c 'reporter-urepor' --raw | audit2allow -M my-reporterurepor
# semodule -i my-reporterurepor.pp

Additional Information:
Source Context system_u:system_r:abrt_t:s0-s0:c0.c1023
Target Context system_u:object_r:cert_t:s0
Target Objects dbTemp.vEBN7a [ dir ]
Source reporter-urepor
Source Path /usr/bin/reporter-ureport
Port <Unknown>
Host (removed)
Source RPM Packages
Target RPM Packages
Policy RPM selinux-policy-3.13.1-268.el7_9.2.noarch
Selinux Enabled True
Policy Type targeted
Enforcing Mode Permissive
Host Name (removed)
Platform Linux (removed) 3.10.0-1160.71.1.el7.x86_64 #1 SMP
                              Tue Jun 28 15:37:28 UTC 2022 x86_64 x86_64
Alert Count 14
First Seen 2022-07-05 18:59:47 IST
Last Seen 2022-07-07 12:30:18 IST
Local ID 83d4f927-1be1-4597-9f5f-4799a94752d5

Raw Audit Messages
type=AVC msg=audit(1657177218.909:421): avc: denied { remove_name } for pid=9697 comm="reporter-urepor" name="dbTemp.vEBN7a" dev="dm-0" ino=68384650 scontext=system_u:system_r:abrt_t:s0-s0:c0.c1023 tcontext=system_u:object_r:cert_t:s0 tclass=dir permissive=1

Hash: reporter-urepor,abrt_t,cert_t,dir,remove_name

Version-Release number of selected component:
Additional Informationreporter: libreport-
hashmarkername: setroubleshoot
kernel: 3.10.0-1160.71.1.el7.x86_64
reproducible: Not sure how to reproduce the problem
type: libreport
TagsNo tags attached.




2022-07-07 09:14

manager   ~0038958

If I were to guess, there is a mislabel on that folder or it was created in a different place than where the defaults assume that it should be. Placing it in the default location and / or a relabel of the file system should solve the problem without the need of a custom policy.

Issue History

Date Modified Username Field Change
2022-07-07 07:33 supravat94 New Issue
2022-07-07 09:14 ManuelWolfshant Note Added: 0038958