| Summary: | SELinux is preventing /usr/bin/kdm (deleted) from 'entrypoint' accesses on the file /usr/bin/bash. | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | kitmaxter |
| Component: | selinux-policy | Assignee: | Miroslav Grepl <mgrepl> |
| Status: | CLOSED DUPLICATE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 19 | CC: | dominick.grift, dwalsh, lvrabec, mgrepl |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | x86_64 | ||
| OS: | Unspecified | ||
| Whiteboard: | abrt_hash:ba091eb337175f0520a374be63237f69e6c6287a94d3950445eeb164977c72fb | ||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2013-12-16 07:52:42 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
*** This bug has been marked as a duplicate of bug 1043288 *** |
Description of problem: SELinux is preventing /usr/bin/kdm (deleted) from 'entrypoint' accesses on the file /usr/bin/bash. ***** Plugin catchall (100. confidence) suggests *************************** If якщо ви вважаєте, що kdm (deleted) має бути надано типовий доступ entrypoint до bash file. Then вам слід повідомити про цю помилку як про ваду. Ви можете створити модуль локальних правил для надання подібного доступу. Do надайте доступ за допомогою команд: # grep kdm /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context system_u:system_r:xdm_t:s0-s0:c0.c1023 Target Context system_u:object_r:shell_exec_t:s0 Target Objects /usr/bin/bash [ file ] Source kdm Source Path /usr/bin/kdm (deleted) Port <Невідомо> Host (removed) Source RPM Packages Target RPM Packages bash-4.2.45-1.fc19.x86_64 Policy RPM selinux-policy-3.12.1-74.13.fc19.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 3.11.6-200.fc19.x86_64 #1 SMP Fri Oct 18 22:34:18 UTC 2013 x86_64 x86_64 Alert Count 1 First Seen 2013-11-23 23:32:54 EET Last Seen 2013-11-23 23:32:54 EET Local ID c6ca73e4-feab-40ec-bb1f-913ba939b6cc Raw Audit Messages type=AVC msg=audit(1385242374.742:28707): avc: denied { entrypoint } for pid=3331 comm="kdm" path="/usr/bin/bash" dev="sda2" ino=7841254 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:shell_exec_t:s0 tclass=file type=SYSCALL msg=audit(1385242374.742:28707): arch=x86_64 syscall=execve success=no exit=EACCES a0=7f83c7316f70 a1=7f83c7314af0 a2=0 a3=0 items=0 ppid=531 pid=3331 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 ses=4294967295 tty=(none) comm=kdm exe=2F7573722F62696E2F6B646D202864656C6574656429 subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 key=(null) Hash: kdm,xdm_t,shell_exec_t,file,entrypoint Additional info: reporter: libreport-2.1.9 hashmarkername: setroubleshoot kernel: 3.11.10-200.fc19.x86_64 type: libreport