Bug 1572812
Summary: | SELinux is preventing boinc from 'connectto' accesses on the unix_stream_socket 002F746D702F2E5831312D756E69782F5831. | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Garrett Figueroa <garrett.figueroa> |
Component: | selinux-policy | Assignee: | Lukas Vrabec <lvrabec> |
Status: | CLOSED NOTABUG | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | unspecified | Docs Contact: | |
Priority: | unspecified | ||
Version: | 27 | CC: | dwalsh, lvrabec, mgrepl, plautrba, pmoore |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | x86_64 | ||
OS: | Unspecified | ||
Whiteboard: | abrt_hash:dcbd3666865f0ec50a75ab98d3b2f90f40c2c48bb3bf4a5bfbbbbf6a2afc345e;VARIANT_ID=workstation; | ||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2018-04-28 08:33:20 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Garrett Figueroa
2018-04-27 23:56:19 UTC
This looks correct you definitely do not want to allow containers to connect to the Xserver. SELinux is doing precisely what it is designed to do. Allowing a process to connect to the XServer would allow it to screen scape all of you data on the desktop, it would also allow it to fool humans into typing passwords. It would also allow it to grab all data in the cut and paste buffer. Especially things like passwords. If you want to run trusted applications to connect to the desktop then you need to disable SELinux. The way you do this with podman is podman run --security-opt label=disable ... Or with docker docker run --security-opt label=disable ... |