| Summary: | SELinux is preventing /usr/libexec/gsd-datetime-mechanism from 'read' accesses on the plik /proc/<pid>/cmdline. | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Maciej Kaczmarek <mkaczma> |
| Component: | selinux-policy | Assignee: | Miroslav Grepl <mgrepl> |
| Status: | CLOSED INSUFFICIENT_DATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | medium | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 15 | CC: | dominick.grift, dwalsh, mgrepl, ttonybrowning |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | x86_64 | ||
| OS: | Linux | ||
| Whiteboard: | setroubleshoot_trace_hash:a8ac319984597c53d44be525c2a8d2da46d29e90abdc1f43b99e31db1747e5ae | ||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2011-12-02 13:19:07 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
What were you doing when this happened? (In reply to comment #1) > What were you doing when this happened? Hello I don't remember what I did when that error occured. SELinux Alert browser says that it happened 25.08.2011 at 22:38 CEST. If I remember well I played Pegnum Online (game). Don't worry about it. This looks like gdm sending a dbus message to gnomeclock and gnomeclock checking out the cmdline of the app that send the dbus message. The strange thing is, I don't see why gdm would be communicating with gnomeclock. I will close this for now since it has not happened since august, please reopen if it happens again. Happened to me recently but i'm going to try updating, all i know to do. because now i have lost my clock, if this is connected. Happened to me recently but i'm going to try updating, all i know to do. because now i have lost my clock, if this is connected. |
SELinux is preventing /usr/libexec/gsd-datetime-mechanism from 'read' accesses on the plik /proc/<pid>/cmdline. ***** Plugin catchall (100. confidence) suggests *************************** If aby gsd-datetime-mechanism powinno mieć domyślnie read dostęp do cmdline file. Then proszę to zgłosić jako błąd. Można utworzyć lokalny moduł polityki, aby umożliwić ten dostęp. Do można tymczasowo zezwolić na ten dostęp wykonując polecenia: # grep gsd-datetime-me /var/log/audit/audit.log | audit2allow -M moja_polityka # semodule -i moja_polityka.pp Additional Information: Source Context system_u:system_r:gnomeclock_t:s0-s0:c0.c1023 Target Context system_u:system_r:xdm_t:s0-s0:c0.c1023 Target Objects /proc/<pid>/cmdline [ file ] Source gsd-datetime-me Source Path /usr/libexec/gsd-datetime-mechanism Port <Nieznane> Host (removed) Source RPM Packages gnome-settings-daemon-3.0.1-8.fc15 Target RPM Packages Policy RPM selinux-policy-3.9.16-35.fc15 Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 2.6.40.3-0.fc15.x86_64 #1 SMP Tue Aug 16 04:10:59 UTC 2011 x86_64 x86_64 Alert Count 1 First Seen czw, 25 sie 2011, 22:38:09 Last Seen czw, 25 sie 2011, 22:38:09 Local ID e74efc7f-0f0c-4263-9f3b-746d94eb6378 Raw Audit Messages type=AVC msg=audit(1314304689.649:316): avc: denied { read } for pid=10492 comm="gsd-datetime-me" path="/proc/28713/cmdline" dev=proc ino=87801 scontext=system_u:system_r:gnomeclock_t:s0-s0:c0.c1023 tcontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tclass=file type=AVC msg=audit(1314304689.649:316): avc: denied { read } for pid=10492 comm="gsd-datetime-me" path="/proc/2860/cmdline" dev=proc ino=101987 scontext=system_u:system_r:gnomeclock_t:s0-s0:c0.c1023 tcontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tclass=file type=SYSCALL msg=audit(1314304689.649:316): arch=x86_64 syscall=execve success=yes exit=0 a0=15cc760 a1=15cc710 a2=15cb010 a3=6473672f63657865 items=0 ppid=10491 pid=10492 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=gsd-datetime-me exe=/usr/libexec/gsd-datetime-mechanism subj=system_u:system_r:gnomeclock_t:s0-s0:c0.c1023 key=(null) Hash: gsd-datetime-me,gnomeclock_t,xdm_t,file,read audit2allow #============= gnomeclock_t ============== allow gnomeclock_t xdm_t:file read; audit2allow -R #============= gnomeclock_t ============== allow gnomeclock_t xdm_t:file read;