Bug 1815789
Summary: | SELinux is preventing /usr/libexec/platform-python3.6 from using the dac_override capability. | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 8 | Reporter: | Simon Sekidde <ssekidde> |
Component: | selinux-policy | Assignee: | Zdenek Pytela <zpytela> |
Status: | CLOSED NOTABUG | QA Contact: | BaseOS QE Security Team <qe-baseos-security> |
Severity: | medium | Docs Contact: | |
Priority: | low | ||
Version: | 8.1 | CC: | lvrabec, mmalik, plautrba, ssekidde |
Target Milestone: | rc | Keywords: | Triaged |
Target Release: | 8.0 | ||
Hardware: | x86_64 | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2020-04-30 14:02:37 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Simon Sekidde
2020-03-21 18:18:27 UTC
Hi Simon, Thank you for reporting the issue. The dac_override permission is requested on an access attempt where DAC permission do not allow this access, the file path is not audited though. Please follow the recommendations of the restorecon plugin to turn on full auditing and when reproduced again, check permissions for the file or directory. ***** Plugin dac_override (91.4 confidence) suggests ********************** If you want to help identify if domain needs this access or you have a file with the wrong permissions on your system Then turn on full auditing to get path information about the offending file and generate the error again. Do Turn on full auditing # auditctl -w /etc/shadow -p w Try to recreate AVC. Then execute # ausearch -m avc -ts recent If you see PATH record check ownership/permissions on file, and fix it, otherwise report as a bugzilla. Simon, Did you manage to check if permissions are correct? If you want us to continue working on this bz, could you provide the requested information or reproducer steps? Zdenek, I am unable to reproduce this issue on a clean OS install. Thanks. |