Bug 1852513
| Summary: | SELinux is preventing tumblerd from using the 'sys_nice' capabilities. | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Raphos <raphoszap> |
| Component: | selinux-policy | Assignee: | Zdenek Pytela <zpytela> |
| Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | low | Docs Contact: | |
| Priority: | low | ||
| Version: | 32 | CC: | dwalsh, grepl.miroslav, hnaufal123, justice, lvrabec, mmalik, plautrba, vmojzis, zpytela |
| Target Milestone: | --- | Keywords: | Triaged |
| Target Release: | --- | ||
| Hardware: | x86_64 | ||
| OS: | Unspecified | ||
| Whiteboard: | abrt_hash:88f8d5a70ff6383283766b22157628e6b4bce9d309a7e441e5470208d37bef66; | ||
| Fixed In Version: | selinux-policy-3.14.5-43.fc32 | Doc Type: | If docs needed, set a value |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2020-08-31 15:50:07 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
Hi, Apart from the denial, do you also see any problem with how the application works? *** Bug 1830516 has been marked as a duplicate of this bug. *** I've submitted a Fedora PR to address the issue: https://github.com/fedora-selinux/selinux-policy-contrib/pull/307 commit 41c319687340dd7af93da7a38fcd3df78d8f7c3b (HEAD -> rawhide, origin/rawhide, origin/HEAD)
Author: Zdenek Pytela <zpytela>
Date: Thu Jul 23 09:13:15 2020 +0200
Dontaudit thumb_t setting its process scheduling
Resolves: rhbz#1852513
*** Bug 1860958 has been marked as a duplicate of this bug. *** FEDORA-2020-740de661da has been submitted as an update to Fedora 32. https://bodhi.fedoraproject.org/updates/FEDORA-2020-740de661da FEDORA-2020-740de661da has been pushed to the Fedora 32 testing repository. In short time you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2020-740de661da` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2020-740de661da See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates. FEDORA-2020-740de661da has been pushed to the Fedora 32 stable repository. If problem still persists, please make note of it in this bug report. Hi, Everything works now. Thanks ! Similar problem has been detected: When i tried to launch apache web service from xampp manager by clicking the 'Go To Application' button hashmarkername: setroubleshoot kernel: 5.8.18-200.fc32.x86_64 package: selinux-policy-targeted-3.14.5-44.fc32.noarch reason: SELinux is preventing tumblerd from using the 'sys_nice' capabilities. type: libreport (In reply to nopal from comment #10) > Similar problem has been detected: > > When i tried to launch apache web service from xampp manager by clicking the > 'Go To Application' button > > hashmarkername: setroubleshoot > kernel: 5.8.18-200.fc32.x86_64 > package: selinux-policy-targeted-3.14.5-44.fc32.noarch > reason: SELinux is preventing tumblerd from using the 'sys_nice' > capabilities. > type: libreport Hi, Please update to the latest version 3.14.5-45. File a new bugzilla if the issue persists and include the AVC denial. The needinfo request[s] on this closed bug have been removed as they have been unresolved for 1000 days |
Description of problem: SELinux is preventing tumblerd from using the 'sys_nice' capabilities. ***** Plugin catchall (100. confidence) suggests ************************** Si vous pensez que tumblerd devrait avoir des capacités sys_nice par défaut. Then vous devriez rapporter ceci en tant qu'anomalie. Vous pouvez générer un module de stratégie local pour autoriser cet accès. Do autoriser cet accès pour le moment en exécutant : # ausearch -c "tumblerd" --raw | audit2allow -M my-tumblerd # semodule -X 300 -i my-tumblerd.pp Additional Information: Source Context unconfined_u:unconfined_r:thumb_t:s0-s0:c0.c1023 Target Context unconfined_u:unconfined_r:thumb_t:s0-s0:c0.c1023 Target Objects Inconnu [ capability ] Source tumblerd Source Path tumblerd Port <Inconnu> Host (removed) Source RPM Packages Target RPM Packages SELinux Policy RPM selinux-policy-targeted-3.14.5-41.fc32.noarch Local Policy RPM selinux-policy-targeted-3.14.5-41.fc32.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 5.7.6-201.fc32.x86_64 #1 SMP Mon Jun 29 15:15:52 UTC 2020 x86_64 x86_64 Alert Count 2 First Seen 2020-06-30 14:43:50 CEST Last Seen 2020-06-30 16:55:55 CEST Local ID b024db6b-75b2-4c93-8c48-fd62f157a82f Raw Audit Messages type=AVC msg=audit(1593528955.686:231): avc: denied { sys_nice } for pid=1906 comm="tumblerd" capability=23 scontext=unconfined_u:unconfined_r:thumb_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:thumb_t:s0-s0:c0.c1023 tclass=capability permissive=0 Hash: tumblerd,thumb_t,thumb_t,capability,sys_nice Version-Release number of selected component: selinux-policy-targeted-3.14.5-41.fc32.noarch Additional info: component: selinux-policy reporter: libreport-2.13.1 hashmarkername: setroubleshoot kernel: 5.7.6-201.fc32.x86_64 type: libreport