View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0018544 | CentOS-7 | selinux-policy | public | 2022-11-23 15:11 | 2022-11-24 02:42 |
| Reporter | jaortega | Assigned To | |||
| Priority | normal | Severity | minor | Reproducibility | have not tried |
| Status | new | Resolution | open | ||
| OS Version | 7 | ||||
| Summary | 0018544: SELinux is preventing /usr/bin/bash from 'write' accesses on the file ADC_PROCESSES.txt. | ||||
| Description | Description of problem: SELinux is preventing /usr/bin/bash from 'write' accesses on the file ADC_PROCESSES.txt. ***** Plugin catchall (100. confidence) suggests ************************** If you believe that bash should be allowed write access on the ADC_PROCESSES.txt file by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # ausearch -c 'nsd.sh' --raw | audit2allow -M my-nsdsh # semodule -i my-nsdsh.pp Additional Information: Source Context system_u:system_r:xdm_t:s0-s0:c0.c1023 Target Context system_u:object_r:user_home_t:s0 Target Objects ADC_PROCESSES.txt [ file ] Source nsd.sh Source Path /usr/bin/bash Port <Unknown> Host (removed) Source RPM Packages bash-4.2.46-35.el7_9.x86_64 Target RPM Packages Policy RPM selinux-policy-3.13.1-268.el7_9.2.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 3.10.0-1160.80.1.el7.x86_64 #1 SMP Tue Nov 8 15:48:59 UTC 2022 x86_64 x86_64 Alert Count 7 First Seen 2022-11-14 15:09:55 CET Last Seen 2022-11-22 17:02:19 CET Local ID 8544a7eb-76cf-4061-b690-45287bb6aa63 Raw Audit Messages type=AVC msg=audit(1669132939.790:844): avc: denied { write } for pid=16403 comm="nsd.sh" name="ADC_PROCESSES.txt" dev="dm-2" ino=402653956 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:user_home_t:s0 tclass=file permissive=0 type=SYSCALL msg=audit(1669132939.790:844): arch=x86_64 syscall=open success=no exit=EACCES a0=1172d90 a1=201 a2=1b6 a3=fffffff0 items=0 ppid=15714 pid=16403 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=nsd.sh exe=/usr/bin/bash subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 key=(null) Hash: nsd.sh,xdm_t,user_home_t,file,write Version-Release number of selected component: selinux-policy-3.13.1-268.el7_9.2.noarch | ||||
| Additional Information | reporter: libreport-2.1.11.1 hashmarkername: setroubleshoot kernel: 3.10.0-1160.80.1.el7.x86_64 reproducible: Not sure how to reproduce the problem type: libreport | ||||
| Tags | No tags attached. | ||||
| abrt_hash | a4364fd37884265325b4d40e407f19b00591b8b14446b5228beb0853256a0661 | ||||
| URL | |||||
 |
Based on the AVC message, I suspect that your script does not have a correct selinux label. I suggest to use restorecon -Rv /path/to/nsd.sh and retry running it after that.. |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2022-11-23 15:11 | jaortega | New Issue | |
| 2022-11-24 02:42 | ManuelWolfshant | Note Added: 0039037 |
