Re: disabling the boolean staff_exec_content prevents future logins after restarts

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi, 
i tried out the .15 build but i still get the same errors as before. managed to get several sealert errors concerning it. 

SELinux is preventing /usr/bin/gnome-shell from execute access on the file 2F6465762F6D71756575652F666669366548614844202864656C6574656429.

*****  Plugin catchall_boolean (89.3 confidence) suggests   ******************

If you want to allow staff to exec content
Then you must tell SELinux about this by enabling the 'staff_exec_content' boolean.

Do
setsebool -P staff_exec_content 1

*****  Plugin catchall (11.6 confidence) suggests   **************************

If you believe that gnome-shell should be allowed execute access on the 2F6465762F6D71756575652F666669366548614844202864656C6574656429 file by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# ausearch -c 'gnome-shell' --raw | audit2allow -M my-gnomeshell
# semodule -X 300 -i my-gnomeshell.pp

Additional Information:
Source Context                staff_u:staff_r:staff_t:s0-s0:c0.c1023
Target Context                staff_u:object_r:user_tmp_t:s0
Target Objects                2F6465762F6D71756575652F66666936654861484420286465
                              6C6574656429 [ file ]
Source                        gnome-shell
Source Path                   /usr/bin/gnome-shell
Port                          <Unknown>
Host                          localhost.localdomain
Source RPM Packages           gnome-shell-3.24.3-2.fc26.x86_64
Target RPM Packages           
Policy RPM                    selinux-policy-3.13.1-260.15.fc26.noarch
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Enforcing
Host Name                     localhost.localdomain
Platform                      Linux localhost.localdomain
                              4.13.11-200.fc26.x86_64 #1 SMP Thu Nov 2 18:28:35
                              UTC 2017 x86_64 x86_64
Alert Count                   169
First Seen                    2017-11-08 15:10:57 EET
Last Seen                     2017-11-08 15:40:56 EET
Local ID                      1ee8e0ca-857d-4d2f-8f9b-8e16c68d6ee5

Raw Audit Messages
type=AVC msg=audit(1510148456.218:4834): avc:  denied  { execute } for  pid=2120 comm="gnome-shell" path=2F6465762F6D71756575652F666669366548614844202864656C6574656429 dev="mqueue" ino=45757 scontext=staff_u:staff_r:staff_t:s0-s0:c0.c1023 tcontext=staff_u:object_r:user_tmp_t:s0 tclass=file permissive=0


type=SYSCALL msg=audit(1510148456.218:4834): arch=x86_64 syscall=mmap success=no exit=EACCES a0=0 a1=1000 a2=5 a3=1 items=0 ppid=2027 pid=2120 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=tty2 ses=4 comm=gnome-shell exe=/usr/bin/gnome-shell subj=staff_u:staff_r:staff_t:s0-s0:c0.c1023 key=(null)

Hash: gnome-shell,staff_t,user_tmp_t,file,execute
........................
Thanks.
Sindano
_______________________________________________
selinux mailing list -- selinux@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to selinux-leave@xxxxxxxxxxxxxxxxxxxxxxx
[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux