View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0018482 | CentOS-7 | selinux-policy | public | 2022-07-07 07:33 | 2022-07-07 09:14 |
| Reporter | supravat94 | Assigned To | |||
| Priority | normal | Severity | minor | Reproducibility | have not tried |
| Status | new | Resolution | open | ||
| OS Version | 7 | ||||
| Summary | 0018482: SELinux is preventing /usr/bin/reporter-ureport from 'remove_name' accesses on the directory dbTemp.vEBN7a. | ||||
| Description | Description of problem: SELinux is preventing /usr/bin/reporter-ureport from 'remove_name' accesses on the directory dbTemp.vEBN7a. ***** Plugin catchall (100. confidence) suggests ************************** If you believe that reporter-ureport should be allowed remove_name access on the dbTemp.vEBN7a directory by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # ausearch -c 'reporter-urepor' --raw | audit2allow -M my-reporterurepor # semodule -i my-reporterurepor.pp Additional Information: Source Context system_u:system_r:abrt_t:s0-s0:c0.c1023 Target Context system_u:object_r:cert_t:s0 Target Objects dbTemp.vEBN7a [ dir ] Source reporter-urepor Source Path /usr/bin/reporter-ureport Port <Unknown> Host (removed) Source RPM Packages Target RPM Packages Policy RPM selinux-policy-3.13.1-268.el7_9.2.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Permissive Host Name (removed) Platform Linux (removed) 3.10.0-1160.71.1.el7.x86_64 #1 SMP Tue Jun 28 15:37:28 UTC 2022 x86_64 x86_64 Alert Count 14 First Seen 2022-07-05 18:59:47 IST Last Seen 2022-07-07 12:30:18 IST Local ID 83d4f927-1be1-4597-9f5f-4799a94752d5 Raw Audit Messages type=AVC msg=audit(1657177218.909:421): avc: denied { remove_name } for pid=9697 comm="reporter-urepor" name="dbTemp.vEBN7a" dev="dm-0" ino=68384650 scontext=system_u:system_r:abrt_t:s0-s0:c0.c1023 tcontext=system_u:object_r:cert_t:s0 tclass=dir permissive=1 Hash: reporter-urepor,abrt_t,cert_t,dir,remove_name Version-Release number of selected component: selinux-policy-3.13.1-268.el7_9.2.noarch | ||||
| Additional Information | reporter: libreport-2.1.11.1 hashmarkername: setroubleshoot kernel: 3.10.0-1160.71.1.el7.x86_64 reproducible: Not sure how to reproduce the problem type: libreport | ||||
| Tags | No tags attached. | ||||
| abrt_hash | 65b998fc9c6f5648168d930b4d85d08ad757b69a85e66d12dccce94610fcf4ba | ||||
| URL | |||||
 |
If I were to guess, there is a mislabel on that folder or it was created in a different place than where the defaults assume that it should be. Placing it in the default location and / or a relabel of the file system should solve the problem without the need of a custom policy. |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2022-07-07 07:33 | supravat94 | New Issue | |
| 2022-07-07 09:14 | ManuelWolfshant | Note Added: 0038958 |
