Bug 2181670

Summary: SELinux is preventing (o-bridge) from 'execute' accesses on the file /usr/bin/gnome-keyring-daemon.
Product: [Fedora] Fedora Reporter: Cyber Trekker <cyber.trekker>
Component: selinux-policyAssignee: Zdenek Pytela <zpytela>
Status: CLOSED INSUFFICIENT_DATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: low    
Version: 38CC: dwalsh, lvrabec, mmalik, omosnacek, pkoncity, vmojzis, zpytela
Target Milestone: ---Keywords: Triaged
Target Release: ---Flags: zpytela: needinfo? (cyber.trekker)
Hardware: x86_64   
OS: Unspecified   
Whiteboard: abrt_hash:f6e9810889c94f16c22375e507ef11cb129d153167deba4daa523b6a91b7cbfe;VARIANT_ID=xfce;
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2023-06-27 18:34:38 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
File: description
none
File: os_info none

Description Cyber Trekker 2023-03-24 22:57:58 UTC 
Description of problem:
Error message occured after booting into XFCE.
SELinux is preventing (o-bridge) from 'execute' accesses on the file /usr/bin/gnome-keyring-daemon.

*****  Plugin catchall (100. confidence) suggests   **************************

If you believe that (o-bridge) should be allowed execute access on the gnome-keyring-daemon file by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# ausearch -c '(o-bridge)' --raw | audit2allow -M my-obridge
# semodule -X 300 -i my-obridge.pp

Additional Information:
Source Context                system_u:system_r:init_t:s0
Target Context                system_u:object_r:gkeyringd_exec_t:s0
Target Objects                /usr/bin/gnome-keyring-daemon [ file ]
Source                        (o-bridge)
Source Path                   (o-bridge)
Port                          <Unknown>
Host                          (removed)
Source RPM Packages           
Target RPM Packages           gnome-keyring-42.1-3.fc38.x86_64
SELinux Policy RPM            selinux-policy-targeted-38.8-2.fc38.noarch
Local Policy RPM              selinux-policy-targeted-38.8-2.fc38.noarch
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Enforcing
Host Name                     (removed)
Platform                      Linux (removed) 6.2.7-300.fc38.x86_64 #1 SMP
                              PREEMPT_DYNAMIC Fri Mar 17 16:02:49 UTC 2023
                              x86_64
Alert Count                   8
First Seen                    2023-03-24 07:18:16 AEDT
Last Seen                     2023-03-24 07:18:28 AEDT
Local ID                      ad8e7816-2935-4050-934c-e1ef677f9662

Raw Audit Messages
type=AVC msg=audit(1679602708.118:328): avc:  denied  { execute } for  pid=4002 comm="(o-bridge)" name="gnome-keyring-daemon" dev="dm-0" ino=4972422 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:gkeyringd_exec_t:s0 tclass=file permissive=0


Hash: (o-bridge),init_t,gkeyringd_exec_t,file,execute

Version-Release number of selected component:
selinux-policy-targeted-38.8-2.fc38.noarch

Additional info:
reporter:       libreport-2.17.8
reason:         SELinux is preventing (o-bridge) from 'execute' accesses on the file /usr/bin/gnome-keyring-daemon.
package:        selinux-policy-targeted-38.8-2.fc38.noarch
component:      selinux-policy
hashmarkername: setroubleshoot
type:           libreport
kernel:         6.2.8-300.fc38.x86_64
comment:        Error message occured after booting into XFCE.
component:      selinux-policy
Comment 1 Cyber Trekker 2023-03-24 22:58:01 UTC 
Created attachment 1953492 [details]
File: description
Comment 2 Cyber Trekker 2023-03-24 22:58:03 UTC 
Created attachment 1953493 [details]
File: os_info
Comment 3 Zdenek Pytela 2023-04-19 10:01:46 UTC 
Hi,

Is this issue reproducible? Do you have any customizations of your system related to this problem?
Where is systemd-stdio-bridge started from?
Comment 4 Zdenek Pytela 2023-05-11 20:39:30 UTC 
*** Bug 2181368 has been marked as a duplicate of this bug. ***
Comment 5 Zdenek Pytela 2023-05-11 20:39:36 UTC 
*** Bug 2181371 has been marked as a duplicate of this bug. ***
Comment 6 Zdenek Pytela 2023-05-11 20:39:44 UTC 
*** Bug 2181372 has been marked as a duplicate of this bug. ***
Comment 7 Zdenek Pytela 2023-05-11 20:39:51 UTC 
*** Bug 2181374 has been marked as a duplicate of this bug. ***
Comment 8 Zdenek Pytela 2023-05-11 20:39:58 UTC 
*** Bug 2181375 has been marked as a duplicate of this bug. ***
Comment 9 Zdenek Pytela 2023-05-11 20:40:06 UTC 
*** Bug 2181671 has been marked as a duplicate of this bug. ***
Comment 10 Zdenek Pytela 2023-05-11 20:40:29 UTC 
*** Bug 2181366 has been marked as a duplicate of this bug. ***
Comment 11 Zdenek Pytela 2023-06-27 18:34:38 UTC 
As no new information appeared since reported, we are going to close this bug. If you need to pursue this matter further, feel free to reopen this bug and attach the needed information.