Bug 1464454
Summary: | selinux denials when launching online documentation from subscription-manager-gui | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 7 | Reporter: | Rehana <redakkan> |
Component: | selinux-policy | Assignee: | Lukas Vrabec <lvrabec> |
Status: | CLOSED NOTABUG | QA Contact: | BaseOS QE Security Team <qe-baseos-security> |
Severity: | low | Docs Contact: | |
Priority: | low | ||
Version: | 7.4 | CC: | lvrabec, mgrepl, mmalik, plautrba, pvrabec, redakkan, ssekidde |
Target Milestone: | rc | ||
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2017-07-18 12:15:43 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Rehana
2017-06-23 13:03:21 UTC
Did you log in via GDM as root? (In reply to Milos Malik from comment #2) > Did you log in via GDM as root? yes , i logged in via GUI to the system. On RHEL7.4 RC1.0 compose ( server variant) seeing a different denial message when launched online documentation from subscription-manager gui (gnome session) , the web page was launched after some time; Sharing the information for reference ---- type=PROCTITLE msg=audit(07/05/2017 06:34:07.810:245) : proctitle=/usr/lib64/firefox/plugin-container -greomni /usr/lib64/firefox/omni.ja -appomni /usr/lib64/firefox/browser/omni.ja -appdir /usr type=SYSCALL msg=audit(07/05/2017 06:34:07.810:245) : arch=x86_64 syscall=open success=no exit=EACCES(Permission denied) a0=0x7f8c3d69fc00 a1=O_RDONLY a2=0x1b6 a3=0x7f8c3d6cc400 items=0 ppid=3506 pid=3580 auid=tester uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=2 comm=Web Content exe=/usr/lib64/firefox/plugin-container subj=unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c0.c1023 key=(null) type=AVC msg=audit(07/05/2017 06:34:07.810:245) : avc: denied { read } for pid=3580 comm=Web Content name=user-dirs.dirs dev="dm-0" ino=5450089 scontext=unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:admin_home_t:s0 tclass=file Rehana, We do *NOT* support this. From security reasons please use regular user to login via GUI. Closing as NOTABUG. Thanks, Lukas |