Description of problem:
SELinux is preventing tumblerd from using the 'sys_nice' capabilities.
***** Plugin catchall (100. confidence) suggests **************************
Si cree que tumblerd debería tener la capacidad de sys_nice de forma predeterminada.
Then debería reportar esto como un error.
Puede generar un módulo de política local para permitir este acceso.
Do
permita el acceso temporalmente ejecutando:
# ausearch -c 'tumblerd' --raw | audit2allow -M mi-tumblerd
# semodule -X 300 -i mi-tumblerd.pp
Additional Information:
Source Context unconfined_u:unconfined_r:thumb_t:s0-s0:c0.c1023
Target Context unconfined_u:unconfined_r:thumb_t:s0-s0:c0.c1023
Target Objects Desconocido [ capability ]
Source tumblerd
Source Path tumblerd
Port <Desconocido>
Host (removed)
Source RPM Packages
Target RPM Packages
SELinux Policy RPM selinux-policy-targeted-3.14.5-42.fc32.noarch
Local Policy RPM selinux-policy-targeted-3.14.5-42.fc32.noarch
Selinux Enabled True
Policy Type targeted
Enforcing Mode Enforcing
Host Name (removed)
Platform Linux (removed) 5.7.9-200.fc32.x86_64 #1 SMP Fri
Jul 17 16:23:37 UTC 2020 x86_64 x86_64
Alert Count 1
First Seen 2020-07-27 09:41:16 -05
Last Seen 2020-07-27 09:41:16 -05
Local ID 051ec1d1-96f7-4b19-b94b-9800ebb633c3
Raw Audit Messages
type=AVC msg=audit(1595860876.669:231): avc: denied { sys_nice } for pid=1935 comm="tumblerd" capability=23 scontext=unconfined_u:unconfined_r:thumb_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:thumb_t:s0-s0:c0.c1023 tclass=capability permissive=0
Hash: tumblerd,thumb_t,thumb_t,capability,sys_nice
Version-Release number of selected component:
selinux-policy-targeted-3.14.5-42.fc32.noarch
Additional info:
component: selinux-policy
reporter: libreport-2.13.1
hashmarkername: setroubleshoot
kernel: 5.7.9-200.fc32.x86_64
type: libreport
Description of problem: SELinux is preventing tumblerd from using the 'sys_nice' capabilities. ***** Plugin catchall (100. confidence) suggests ************************** Si cree que tumblerd debería tener la capacidad de sys_nice de forma predeterminada. Then debería reportar esto como un error. Puede generar un módulo de política local para permitir este acceso. Do permita el acceso temporalmente ejecutando: # ausearch -c 'tumblerd' --raw | audit2allow -M mi-tumblerd # semodule -X 300 -i mi-tumblerd.pp Additional Information: Source Context unconfined_u:unconfined_r:thumb_t:s0-s0:c0.c1023 Target Context unconfined_u:unconfined_r:thumb_t:s0-s0:c0.c1023 Target Objects Desconocido [ capability ] Source tumblerd Source Path tumblerd Port <Desconocido> Host (removed) Source RPM Packages Target RPM Packages SELinux Policy RPM selinux-policy-targeted-3.14.5-42.fc32.noarch Local Policy RPM selinux-policy-targeted-3.14.5-42.fc32.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 5.7.9-200.fc32.x86_64 #1 SMP Fri Jul 17 16:23:37 UTC 2020 x86_64 x86_64 Alert Count 1 First Seen 2020-07-27 09:41:16 -05 Last Seen 2020-07-27 09:41:16 -05 Local ID 051ec1d1-96f7-4b19-b94b-9800ebb633c3 Raw Audit Messages type=AVC msg=audit(1595860876.669:231): avc: denied { sys_nice } for pid=1935 comm="tumblerd" capability=23 scontext=unconfined_u:unconfined_r:thumb_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:thumb_t:s0-s0:c0.c1023 tclass=capability permissive=0 Hash: tumblerd,thumb_t,thumb_t,capability,sys_nice Version-Release number of selected component: selinux-policy-targeted-3.14.5-42.fc32.noarch Additional info: component: selinux-policy reporter: libreport-2.13.1 hashmarkername: setroubleshoot kernel: 5.7.9-200.fc32.x86_64 type: libreport