Bug 1663876

Summary: [selinux-policy] SELinux is preventing /usr/bin/Xephyr from write access on the file 2F7661722F746D702F23313331303836202864656C6574656429.
Product: Red Hat Enterprise Linux 8 Reporter: Joachim Frieben <jfrieben>
Component: selinux-policyAssignee: Lukas Vrabec <lvrabec>
Status: CLOSED DUPLICATE QA Contact: BaseOS QE Security Team <qe-baseos-security>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 8.0CC: lvrabec, mgrepl, mmalik, plautrba, ssekidde, zpytela
Target Milestone: rc   
Target Release: 8.0   
Hardware: noarch   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2019-01-07 15:16:49 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Joachim Frieben 2019-01-07 09:25:50 UTC 
SELinux is preventing /usr/bin/Xephyr from write access on the file 2F7661722F746D702F23313331303836202864656C6574656429.

*****  Plugin catchall (100. confidence) suggests   **************************

If you believe that Xephyr should be allowed write access on the 2F7661722F746D702F23313331303836202864656C6574656429 file by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# ausearch -c 'Xephyr' --raw | audit2allow -M my-Xephyr
# semodule -X 300 -i my-Xephyr.pp

Additional Information:
Source Context                unconfined_u:unconfined_r:sandbox_xserver_t:s0:c43
                              3,c492
Target Context                unconfined_u:object_r:user_tmp_t:s0
Target Objects                2F7661722F746D702F23313331303836202864656C65746564
                              29 [ file ]
Source                        Xephyr
Source Path                   /usr/bin/Xephyr
Port                          <Unknown>
Host                          riemann
Source RPM Packages           xorg-x11-server-Xephyr-1.20.2-5.el8.x86_64
Target RPM Packages           
Policy RPM                    selinux-policy-3.14.1-46.el8.noarch
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Enforcing
Host Name                     riemann
Platform                      Linux riemann 4.18.0-32.el8.x86_64 #1 SMP Sat Oct
                              27 19:26:37 UTC 2018 x86_64 x86_64
Alert Count                   1
First Seen                    2019-01-06 07:38:55 CET
Last Seen                     2019-01-06 07:38:55 CET
Local ID                      5f3519ac-32d2-44b3-976c-77855f6fb166

Raw Audit Messages
type=AVC msg=audit(1546756735.501:115): avc:  denied  { write } for  pid=3919 comm="Xephyr" path=2F7661722F746D702F23313331303836202864656C6574656429 dev="dm-4" ino=131086 scontext=unconfined_u:unconfined_r:sandbox_xserver_t:s0:c433,c492 tcontext=unconfined_u:object_r:user_tmp_t:s0 tclass=file permissive=0


type=SYSCALL msg=audit(1546756735.501:115): arch=x86_64 syscall=recvmsg success=yes exit=EPIPE a0=4 a1=7ffc332293c0 a2=0 a3=fffffffffffff8fe items=0 ppid=3912 pid=3919 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=(none) ses=3 comm=Xephyr exe=/usr/bin/Xephyr subj=unconfined_u:unconfined_r:sandbox_xserver_t:s0:c433,c492 key=(null)

Hash: Xephyr,sandbox_xserver_t,user_tmp_t,file,write
Comment 1 Milos Malik 2019-01-07 15:10:50 UTC 
I believe this bug is either a duplicate of BZ#1644315 or a duplicate of BZ#1646521.
Comment 2 Lukas Vrabec 2019-01-07 15:16:49 UTC 

*** This bug has been marked as a duplicate of bug 1646521 ***