View Issue Details

IDProjectCategoryView StatusLast Update
0018544CentOS-7selinux-policypublic2022-11-24 02:42
Reporterjaortega Assigned To 
PrioritynormalSeverityminorReproducibilityhave not tried
Status newResolutionopen 
OS Version7 
Summary0018544: SELinux is preventing /usr/bin/bash from 'write' accesses on the file ADC_PROCESSES.txt.
DescriptionDescription of problem:
SELinux is preventing /usr/bin/bash from 'write' accesses on the file ADC_PROCESSES.txt.

***** Plugin catchall (100. confidence) suggests **************************

If you believe that bash should be allowed write access on the ADC_PROCESSES.txt file by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
allow this access for now by executing:
# ausearch -c '' --raw | audit2allow -M my-nsdsh
# semodule -i my-nsdsh.pp

Additional Information:
Source Context system_u:system_r:xdm_t:s0-s0:c0.c1023
Target Context system_u:object_r:user_home_t:s0
Target Objects ADC_PROCESSES.txt [ file ]
Source Path /usr/bin/bash
Port <Unknown>
Host (removed)
Source RPM Packages bash-4.2.46-35.el7_9.x86_64
Target RPM Packages
Policy RPM selinux-policy-3.13.1-268.el7_9.2.noarch
Selinux Enabled True
Policy Type targeted
Enforcing Mode Enforcing
Host Name (removed)
Platform Linux (removed) 3.10.0-1160.80.1.el7.x86_64 #1 SMP
                              Tue Nov 8 15:48:59 UTC 2022 x86_64 x86_64
Alert Count 7
First Seen 2022-11-14 15:09:55 CET
Last Seen 2022-11-22 17:02:19 CET
Local ID 8544a7eb-76cf-4061-b690-45287bb6aa63

Raw Audit Messages
type=AVC msg=audit(1669132939.790:844): avc: denied { write } for pid=16403 comm="" name="ADC_PROCESSES.txt" dev="dm-2" ino=402653956 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:user_home_t:s0 tclass=file permissive=0

type=SYSCALL msg=audit(1669132939.790:844): arch=x86_64 syscall=open success=no exit=EACCES a0=1172d90 a1=201 a2=1b6 a3=fffffff0 items=0 ppid=15714 pid=16403 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 exe=/usr/bin/bash subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 key=(null)


Version-Release number of selected component:
Additional Informationreporter: libreport-
hashmarkername: setroubleshoot
kernel: 3.10.0-1160.80.1.el7.x86_64
reproducible: Not sure how to reproduce the problem
type: libreport
TagsNo tags attached.




2022-11-24 02:42

manager   ~0039037

Based on the AVC message, I suspect that your script does not have a correct selinux label. I suggest to use restorecon -Rv /path/to/ and retry running it after that..

Issue History

Date Modified Username Field Change
2022-11-23 15:11 jaortega New Issue
2022-11-24 02:42 ManuelWolfshant Note Added: 0039037