Description of problem: SELinux is preventing ps from 'sys_ptrace' accesses on the cap_userns Unknown. ***** Plugin mozplugger (99.1 confidence) suggests ************************ If vous voulez utiliser le paquet plugin Then vous devez désactiver les contrôles SELinux sur les extensions Firefox. Do # setsebool -P unconfined_mozilla_plugin_transition 0 ***** Plugin catchall (1.81 confidence) suggests ************************** If vous pensez que ps devrait être autorisé à accéder sys_ptrace sur Unknown cap_userns par défaut. Then vous devriez rapporter ceci en tant qu'anomalie. Vous pouvez générer un module de stratégie local pour autoriser cet accès. Do allow this access for now by executing: # ausearch -c 'ps' --raw | audit2allow -M my-ps # semodule -X 300 -i my-ps.pp Additional Information: Source Context unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c 0.c1023 Target Context unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c 0.c1023 Target Objects Unknown [ cap_userns ] Source ps Source Path ps Port <Unknown> Host (removed) Source RPM Packages Target RPM Packages Policy RPM selinux-policy-3.13.1-191.14.fc24.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 4.7.2-201.fc24.x86_64 #1 SMP Fri Aug 26 15:58:40 UTC 2016 x86_64 x86_64 Alert Count 12 First Seen 2016-09-10 21:26:11 CEST Last Seen 2016-09-10 21:26:11 CEST Local ID 38d4fd58-d593-4142-8af4-794a40063d79 Raw Audit Messages type=AVC msg=audit(1473535571.393:2578): avc: denied { sys_ptrace } for pid=22449 comm="ps" capability=19 scontext=unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c0.c1023 tclass=cap_userns permissive=0 Hash: ps,mozilla_plugin_t,mozilla_plugin_t,cap_userns,sys_ptrace Version-Release number of selected component: selinux-policy-3.13.1-191.14.fc24.noarch Additional info: reporter: libreport-2.7.2 hashmarkername: setroubleshoot kernel: 4.7.2-201.fc24.x86_64 type: libreport
This should probably be dontaudited.
selinux-policy-3.13.1-191.16.fc24 has been submitted as an update to Fedora 24. https://bodhi.fedoraproject.org/updates/FEDORA-2016-fe39b806b6
selinux-policy-3.13.1-191.16.fc24 has been pushed to the Fedora 24 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-fe39b806b6
selinux-policy-3.13.1-191.16.fc24 has been pushed to the Fedora 24 stable repository. If problems still persist, please make note of it in this bug report.