Bug 2046295

Summary: SELinux is preventing coredumpctl from 'read' accesses on the file core.kwalletd5.1000.a024c174fb11458f8d6a7018f8a73647.1163.1643206776000000.zst.
Product: [Fedora] Fedora Reporter: Mr. Beedell, Roke Julian Lockhart (RJLB) <8ru2u4gz>
Component: selinux-policyAssignee: Zdenek Pytela <zpytela>
Status: CLOSED NOTABUG QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: rawhideCC: dwalsh, fedora, grepl.miroslav, lvrabec, mmalik, omosnace, pkoncity, vmojzis, zpytela
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Unspecified   
Whiteboard: abrt_hash:b74b0983f8d68eae42e4cbe4dd4bdf0827881896ee9304d71f5a7ab8fb21eda7;
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2022-01-26 14:51:46 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Mr. Beedell, Roke Julian Lockhart (RJLB) 2022-01-26 14:29:49 UTC 
Description of problem:
Occurrence after initialisation of this computer.
SELinux is preventing coredumpctl from 'read' accesses on the file core.kwalletd5.1000.a024c174fb11458f8d6a7018f8a73647.1163.1643206776000000.zst.

*****  Plugin catchall (100. confidence) suggests   **************************

If you believe that coredumpctl should be allowed read access on the core.kwalletd5.1000.a024c174fb11458f8d6a7018f8a73647.1163.1643206776000000.zst file by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# ausearch -c 'coredumpctl' --raw | audit2allow -M my-coredumpctl
# semodule -X 300 -i my-coredumpctl.pp

Additional Information:
Source Context                system_u:system_r:abrt_t:s0-s0:c0.c1023
Target Context                system_u:object_r:systemd_coredump_var_lib_t:s0
Target Objects                core.kwalletd5.1000.a024c174fb11458f8d6a7018f8a736
                              47.1163.1643206776000000.zst [ file ]
Source                        coredumpctl
Source Path                   coredumpctl
Port                          <Unknown>
Host                          (removed)
Source RPM Packages           
Target RPM Packages           
SELinux Policy RPM            selinux-policy-targeted-35.11-1.fc36.noarch
Local Policy RPM              selinux-policy-targeted-35.11-1.fc36.noarch
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Enforcing
Host Name                     (removed)
Platform                      Linux (removed) 5.17.0-
                              0.rc0.20220112gitdaadb3bd0e8d.63.fc36.x86_64 #1
                              SMP PREEMPT Wed Jan 12 18:54:57 UTC 2022 x86_64
                              x86_64
Alert Count                   7
First Seen                    2022-01-26 12:20:55 UTC
Last Seen                     2022-01-26 14:19:37 UTC
Local ID                      26d89570-7a28-443d-b3cc-d95d5ad4a931

Raw Audit Messages
type=AVC msg=audit(1643206777.913:276): avc:  denied  { read } for  pid=1288 comm="coredumpctl" name="core.kwalletd5.1000.a024c174fb11458f8d6a7018f8a73647.1163.1643206776000000.zst" dev="dm-0" ino=1406863 scontext=system_u:system_r:abrt_t:s0-s0:c0.c1023 tcontext=system_u:object_r:systemd_coredump_var_lib_t:s0 tclass=file permissive=0


Hash: coredumpctl,abrt_t,systemd_coredump_var_lib_t,file,read

Version-Release number of selected component:
selinux-policy-targeted-35.11-1.fc36.noarch

Additional info:
component:      selinux-policy
reporter:       libreport-2.16.0
hashmarkername: setroubleshoot
kernel:         5.17.0-0.rc0.20220112gitdaadb3bd0e8d.63.fc36.x86_64
type:           libreport
Comment 1 Zdenek Pytela 2022-01-26 14:51:46 UTC 
Please turn on the following boolean for enabling the event scripts:

setsebool abrt_handle_event on
Comment 2 Mr. Beedell, Roke Julian Lockhart (RJLB) 2022-02-05 16:13:17 UTC 
PS /> setsebool abrt_handle_event on
Could not change active booleans: Invalid boolean
PS /> sudo setsebool abrt_handle_event on
Could not change active booleans: Invalid boolean
Comment 3 Zdenek Pytela 2022-02-08 20:09:40 UTC 
Are you running these commands as root? What is the output of:

$ getsebool abrt_handle_event
abrt_handle_event --> off
Comment 4 Mr. Beedell, Roke Julian Lockhart (RJLB) 2022-02-09 15:43:44 UTC 
The command that was invoked by sudo was invoked as the superuser, whereas the command that was not invoked by sudo was not invoked as the superuser.

The consequence of 'getsebool abrt_handle_event' is:
'PS /> getsebool abrt_handle_event
/usr/sbin/getsebool:  SELinux is disabled'

SELinux is disabled because I disabled it after proding my previous response, but the consequence of invocation of 'setsebool abrt_handle_event on' is identical despite the opposite status of SELinux, so hopefully that is not important.
Comment 5 Sergei S. Rublёv 2022-02-16 11:42:29 UTC 
Similar problem has been detected:

First reboot after installation of kernel 5.17.0-0.rc4.96.fc37 from rawhide

hashmarkername: setroubleshoot
kernel:         5.17.0-0.rc4.96.fc37.x86_64
package:        selinux-policy-targeted-36.2-1.fc37.noarch
reason:         SELinux is preventing coredumpctl from 'read' accesses on the file core.gutenprint53+us.0.52305d5ea1de4f56a557db1ddccdc829.2392.1645011521000000.zst.
type:           libreport
Comment 6 Sergei S. Rublёv 2022-02-16 21:20:28 UTC 
Similar problem has been detected:

Strawberry fresh install at rawhide fc37 produces this

hashmarkername: setroubleshoot
kernel:         5.17.0-0.rc4.96.fc37.x86_64
package:        selinux-policy-targeted-36.2-1.fc37.noarch
reason:         SELinux is preventing coredumpctl from 'read' accesses on the file core.strawberry.1000.19c55a95b7fe4b599b2368f5b0cf3afd.5915.1645045888000000.zst.
type:           libreport