Bug 1666088

Summary: SELinux triggered by tumbler-0.1.31-2.el7.src.rpm
Product: [Fedora] Fedora EPEL Reporter: R P Herrold <herrold>
Component: tumblerAssignee: Kevin Fenzi <kevin>
Status: CLOSED EOL QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: epel7CC: chipmand, igeorgex, kevin, metherid, nonamedotc
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2024-07-09 15:39:05 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description R P Herrold 2019-01-14 20:54:30 UTC 
[herrold@centos-7 ~]$ rpm -qi tumbler
Name        : tumbler
Version     : 0.1.31
Release     : 2.el7
Architecture: x86_64
Install Date: Wed 15 Jun 2016 02:57:22 PM EDT
Group       : Applications/System
Size        : 765031
License     : GPLv2+ and LGPLv2+
Signature   : RSA/SHA256, Tue 19 Apr 2016 09:41:09 AM EDT, Key ID 6a2faea2352c64e5
Source RPM  : tumbler-0.1.31-2.el7.src.rpm
Build Date  : Thu 14 Apr 2016 09:59:53 PM EDT
Build Host  : buildvm-14-nfs.phx2.fedoraproject.org


SELinux is preventing pool from link access on the file home-627737a7.log.

*****  Plugin catchall (100. confidence) suggests   **************************

If you believe that pool should be allowed link access on the home-627737a7.log file by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# ausearch -c 'pool' --raw | audit2allow -M my-pool
# semodule -i my-pool.pp

Additional Information:
Source Context                unconfined_u:unconfined_r:thumb_t:s0-s0:c0.c1023
Target Context                unconfined_u:object_r:user_tmp_t:s0
Target Objects                home-627737a7.log [ file ]
Source                        pool
Source Path                   pool
Port                          <Unknown>
Host                          centos-7.first.owlriver.net
Source RPM Packages           
Target RPM Packages           
Policy RPM                    selinux-policy-3.13.1-229.el7_6.6.noarch
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Enforcing
Host Name                     centos-7.first.owlriver.net
Platform                      Linux centos-7.first.owlriver.net
                              3.10.0-957.1.3.el7.x86_64 #1 SMP Thu Nov 29
                              14:49:43 UTC 2018 x86_64 x86_64
Alert Count                   1
First Seen                    2019-01-14 15:23:44 EST
Last Seen                     2019-01-14 15:23:44 EST
Local ID                      72e5f3a8-4ef6-4c07-85b8-c611672616a2

Raw Audit Messages
type=AVC msg=audit(1547497424.574:11585): avc:  denied  { link } for  pid=14925 comm="pool" name="home-627737a7.log" dev="tmpfs" ino=66083 scontext=unconfined_u:unconfined_r:thumb_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_tmp_t:s0 tclass=file permissive=0


Hash: pool,thumb_t,user_tmp_t,file,link

==============

file provoking the problem was a simple PDF --- looks like a permissions SElinux error
Comment 1 Kevin Fenzi 2020-04-20 01:45:54 UTC 
Is this issue still happening?
Comment 2 David C. Chipman 2022-01-20 06:12:49 UTC 
Yes, this is happening to me, on Fedora 35.

arget Context                system_u:object_r:session_dbusd_tmp_t:s0
Target Objects                bus [ sock_file ]
Source                        tumblerd
Source Path                   tumblerd
Port                          <Unknown>
Host                          fedora
Source RPM Packages           
Target RPM Packages           
SELinux Policy RPM            selinux-policy-targeted-35.10-1.fc35.noarch
Local Policy RPM              selinux-policy-targeted-35.10-1.fc35.noarch
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Enforcing
Host Name                     fedora
Platform                      Linux fedora 5.15.14-200.fc35.x86_64 #1 SMP Tue
                              Jan 11 16:49:27 UTC 2022 x86_64 x86_64
Alert Count                   2
First Seen                    2022-01-19 23:10:11 EST
Last Seen                     2022-01-19 23:10:11 EST
Local ID                      2ff0dd36-ac06-4511-9eba-837a381ddedb

Raw Audit Messages
type=AVC msg=audit(1642651811.952:1749): avc:  denied  { write } for  pid=768827 comm="tumblerd" name="bus" dev="tmpfs" ino=60 scontext=unconfined_u:unconfined_r:thumb_t:s0-s0:c0.c1023 tcontext=system_u:object_r:session_dbusd_tmp_t:s0 tclass=sock_file permissive=0
Comment 3 Troy Dawson 2024-07-09 15:39:05 UTC 
EPEL 7 entered end-of-life (EOL) status on 2024-06-30.  EPEL 7 is no longer maintained, which means that it will not receive any further security or bug fix updates. As a result we are closing this bug.