Bug 2290509
| Summary: | SELinux is preventing systemd-coredum from using the 'sys_admin' capabilities. | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | William Saffery <william.saffery> | ||||||
| Component: | selinux-policy | Assignee: | Zdenek Pytela <zpytela> | ||||||
| Status: | CLOSED DUPLICATE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||||
| Severity: | unspecified | Docs Contact: | |||||||
| Priority: | unspecified | ||||||||
| Version: | 40 | CC: | dwalsh, lvrabec, mmalik, omosnacek, pkoncity, vmojzis, william.saffery, zpytela | ||||||
| Target Milestone: | --- | ||||||||
| Target Release: | --- | ||||||||
| Hardware: | x86_64 | ||||||||
| OS: | Unspecified | ||||||||
| Whiteboard: | abrt_hash:3f3c41747902206a7bd50598ec7bf5dcf9adec13d24f9578c4d6f532f6ac1b6c;VARIANT_ID=kde; | ||||||||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |||||||
| Doc Text: | Story Points: | --- | |||||||
| Clone Of: | Environment: | ||||||||
| Last Closed: | 2024-06-05 08:12:47 UTC | Type: | --- | ||||||
| Regression: | --- | Mount Type: | --- | ||||||
| Documentation: | --- | CRM: | |||||||
| Verified Versions: | Category: | --- | |||||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||||
| Embargoed: | |||||||||
| Attachments: |
|
||||||||
Created attachment 2036381 [details]
File: description
Created attachment 2036382 [details]
File: os_info
*** This bug has been marked as a duplicate of bug 2278902 *** |
Description of problem: I opened a text file with over 2080404 lines in VS Code. The program presumably coredumped, and then this errror was thrown by SELinux. VS Code version was 1.89.1 in case that's relevant to anyone reading (redhat or otherwise). Running Fedora 40, KDE Spin. SELinux is preventing systemd-coredum from using the 'sys_admin' capabilities. ***** Plugin catchall (100. confidence) suggests ************************** If you believe that systemd-coredum should have the sys_admin capability by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # ausearch -c 'systemd-coredum' --raw | audit2allow -M my-systemdcoredum # semodule -X 300 -i my-systemdcoredum.pp Additional Information: Source Context system_u:system_r:systemd_coredump_t:s0 Target Context system_u:system_r:systemd_coredump_t:s0 Target Objects Unknown [ capability ] Source systemd-coredum Source Path systemd-coredum Port <Unknown> Host (removed) Source RPM Packages Target RPM Packages SELinux Policy RPM selinux-policy-targeted-40.20-1.fc40.noarch Local Policy RPM selinux-policy-targeted-40.20-1.fc40.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 6.8.10-300.fc40.x86_64 #1 SMP PREEMPT_DYNAMIC Fri May 17 21:20:54 UTC 2024 x86_64 Alert Count 2 First Seen 2024-06-02 18:53:43 AEST Last Seen 2024-06-05 16:28:34 AEST Local ID 82cbf0fa-2edd-4797-abd8-1e18aedaf916 Raw Audit Messages type=AVC msg=audit(1717568914.793:2279): avc: denied { sys_admin } for pid=443191 comm="systemd-coredum" capability=21 scontext=system_u:system_r:systemd_coredump_t:s0 tcontext=system_u:system_r:systemd_coredump_t:s0 tclass=capability permissive=0 Hash: systemd-coredum,systemd_coredump_t,systemd_coredump_t,capability,sys_admin Version-Release number of selected component: selinux-policy-targeted-40.20-1.fc40.noarch Additional info: reporter: libreport-2.17.15 reason: SELinux is preventing systemd-coredum from using the 'sys_admin' capabilities. package: selinux-policy-targeted-40.20-1.fc40.noarch component: selinux-policy hashmarkername: setroubleshoot type: libreport kernel: 6.8.10-300.fc40.x86_64 component: selinux-policy