F28 more SElinux warnings this with Wireshark?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

I just did:

dnf install gftp fping mplayer wireshar* youtube-dl

And got:

SELinux is preventing pool from getattr access on the file /etc/gshadow.

*****  Plugin catchall (100. confidence) suggests **************************
If you believe that pool should be allowed getattr access on the gshadow file by default. 
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# ausearch -c 'pool' --raw | audit2allow -M my-pool
# semodule -X 300 -i my-pool.pp

Additional Information:
Source Context unconfined_u:unconfined_r:thumb_t:s0-s0:c0.c1023
Target Context                system_u:object_r:shadow_t:s0
Target Objects                /etc/gshadow [ file ]
Source                        pool
Source Path                   pool
Port                          <Unknown>
Host                          lx121e.htt-consult.com
Source RPM Packages
Target RPM Packages           setup-2.11.4-1.fc28.noarch
Policy RPM                    selinux-policy-3.14.1-29.fc28.noarch
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Enforcing
Host Name                     lx121e.htt-consult.com
Platform                      Linux lx121e.htt-consult.com
                              4.16.11-300.fc28.x86_64 #1 SMP Tue May 22 18:29:09 
                              UTC 2018 x86_64 x86_64
Alert Count                   6
First Seen                    2018-05-29 17:13:56 EDT
Last Seen                     2018-05-30 08:03:31 EDT
Local ID                      b3355fe8-15e5-4422-9ccf-8794cd452416

Raw Audit Messages
type=AVC msg=audit(1527681811.138:906): avc:  denied  { getattr } for  pid=15866 comm="pool" path="/etc/gshadow" dev="sda3" ino=140981 scontext=unconfined_u:unconfined_r:thumb_t:s0-s0:c0.c1023 tcontext=system_u:object_r:shadow_t:s0 tclass=file permissive=0 


Hash: pool,thumb_t,shadow_t,file,getattr

=============

Groups wireshark and usbmon have been added to /etc/groups...

So is this a bug?  and with what?  WIreshark?  pool? something else?

thanks
_______________________________________________
users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx/message/3ZUCXGOMJ57VQ6YFBJN23OJZIEGPCIL4/
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux