Re: Weird selinux message

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 12/7/22 13:04, Jeffrey Walton wrote:
On Wed, Dec 7, 2022 at 11:16 AM Robert McBroom via users
<users@xxxxxxxxxxxxxxxxxxxxxxx> wrote:
SELinux is preventing gdb from read access on the chr_file pcmC0D0p.

What would call debug on boot sequence?
More information may be found in /var/log/audit/audit.log. `sealert -l
"*"` might also provide more information.

I think chr_file is part of a SELinux macro. I'm not used to seeing it
in an alert. Is that rule Ok?

Maybe relabel the filesystem with `fixfiles -B onboot`?

Jeff

There is nothing in audit.log referring to any of the files or processes in the alerts.

I've run the relabel command several times and the alerts are still there.

~]# sealert -l "*"  
SELinux is preventing gdb from read access on the chr_file pcmC0D0p.

*****  Plugin catchall (100. confidence) suggests   **************************

If you believe that gdb should be allowed read access on the pcmC0D0p chr_file by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# ausearch -c 'gdb' --raw | audit2allow -M my-gdb
# semodule -X 300 -i my-gdb.pp


Additional Information:
Source Context                system_u:system_r:abrt_t:s0-s0:c0.c1023
Target Context                system_u:object_r:sound_device_t:s0
Target Objects                pcmC0D0p [ chr_file ]
Source                        gdb
Source Path                   gdb
Port                          <Unknown>
Host                          RobertPC.attlocal.net
Source RPM Packages            
Target RPM Packages            
SELinux Policy RPM            selinux-policy-targeted-35.11-1.fc35.noarch
Local Policy RPM              selinux-policy-targeted-35.11-1.fc35.noarch
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Permissive
Host Name                     RobertPC.attlocal.net
Platform                      Linux RobertPC.attlocal.net
                             5.15.16-200.fc35.x86_64 #1 SMP Thu Jan 20 15:38:18
                             UTC 2022 x86_64 x86_64
Alert Count                   2
First Seen                    2022-01-30 01:27:15 EST
Last Seen                     2022-01-30 01:31:02 EST
Local ID                      ecbe31dd-1a2a-4daf-bd46-8ef565e6b227

Raw Audit Messages
type=AVC msg=audit(1643524262.137:695): avc:  denied  { read } for  pid=74330 comm="gdb" name="pcmC0D0p" dev="devtmpfs" ino
=532 scontext=system_u:system_r:abrt_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sound_device_t:s0 tclass=chr_file permissi
ve=1


Hash: gdb,abrt_t,sound_device_t,chr_file,read

SELinux is preventing gdb from open access on the chr_file /dev/snd/pcmC0D0p.

*****  Plugin catchall (100. confidence) suggests   **************************

If you believe that gdb should be allowed open access on the pcmC0D0p chr_file by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# ausearch -c 'gdb' --raw | audit2allow -M my-gdb
# semodule -X 300 -i my-gdb.pp


Additional Information:
Source Context                system_u:system_r:abrt_t:s0-s0:c0.c1023
Target Context                system_u:object_r:sound_device_t:s0
Target Objects                /dev/snd/pcmC0D0p [ chr_file ]
Source                        gdb
Source Path                   gdb
Port                          <Unknown>
Host                          RobertPC.attlocal.net
Source RPM Packages            
Target RPM Packages            
SELinux Policy RPM            selinux-policy-targeted-35.11-1.fc35.noarch
Local Policy RPM              selinux-policy-targeted-35.11-1.fc35.noarch
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Permissive
Host Name                     RobertPC.attlocal.net
Platform                      Linux RobertPC.attlocal.net
                             5.15.16-200.fc35.x86_64 #1 SMP Thu Jan 20 15:38:18
                             UTC 2022 x86_64 x86_64
Alert Count                   2
First Seen                    2022-01-30 01:27:15 EST
Last Seen                     2022-01-30 01:31:02 EST
Local ID                      fdbfada1-c6ac-42a3-990d-f574024ef660

Raw Audit Messages
type=AVC msg=audit(1643524262.137:696): avc:  denied  { open } for  pid=74330 comm="gdb" path="/dev/snd/pcmC0D0p" dev="devt
mpfs" ino=532 scontext=system_u:system_r:abrt_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sound_device_t:s0 tclass=chr_file
permissive=1


Hash: gdb,abrt_t,sound_device_t,chr_file,open


_______________________________________________
users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux