1666088 – SELinux triggered by tumbler-0.1.31-2.el7.src.rpm

Bug 1666088 - SELinux triggered by tumbler-0.1.31-2.el7.src.rpm

Summary: SELinux triggered by tumbler-0.1.31-2.el7.src.rpm

Keywords:
Status:	CLOSED EOL
Alias:	None
Product:	Fedora EPEL
Classification:	Fedora
Component:	tumbler
Sub Component:
Version:	epel7
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Assignee:	Kevin Fenzi
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2019-01-14 20:54 UTC by R P Herrold
Modified:	2024-07-09 15:39 UTC (History)
CC List:	5 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2024-07-09 15:39:05 UTC
Type:	Bug
Embargoed:

Attachments	(Terms of Use)

Description R P Herrold 2019-01-14 20:54:30 UTC

[herrold@centos-7 ~]$ rpm -qi tumbler
Name        : tumbler
Version     : 0.1.31
Release     : 2.el7
Architecture: x86_64
Install Date: Wed 15 Jun 2016 02:57:22 PM EDT
Group       : Applications/System
Size        : 765031
License     : GPLv2+ and LGPLv2+
Signature   : RSA/SHA256, Tue 19 Apr 2016 09:41:09 AM EDT, Key ID 6a2faea2352c64e5
Source RPM  : tumbler-0.1.31-2.el7.src.rpm
Build Date  : Thu 14 Apr 2016 09:59:53 PM EDT
Build Host  : buildvm-14-nfs.phx2.fedoraproject.org


SELinux is preventing pool from link access on the file home-627737a7.log.

*****  Plugin catchall (100. confidence) suggests   **************************

If you believe that pool should be allowed link access on the home-627737a7.log file by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# ausearch -c 'pool' --raw | audit2allow -M my-pool
# semodule -i my-pool.pp

Additional Information:
Source Context                unconfined_u:unconfined_r:thumb_t:s0-s0:c0.c1023
Target Context                unconfined_u:object_r:user_tmp_t:s0
Target Objects                home-627737a7.log [ file ]
Source                        pool
Source Path                   pool
Port                          <Unknown>
Host                          centos-7.first.owlriver.net
Source RPM Packages           
Target RPM Packages           
Policy RPM                    selinux-policy-3.13.1-229.el7_6.6.noarch
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Enforcing
Host Name                     centos-7.first.owlriver.net
Platform                      Linux centos-7.first.owlriver.net
                              3.10.0-957.1.3.el7.x86_64 #1 SMP Thu Nov 29
                              14:49:43 UTC 2018 x86_64 x86_64
Alert Count                   1
First Seen                    2019-01-14 15:23:44 EST
Last Seen                     2019-01-14 15:23:44 EST
Local ID                      72e5f3a8-4ef6-4c07-85b8-c611672616a2

Raw Audit Messages
type=AVC msg=audit(1547497424.574:11585): avc:  denied  { link } for  pid=14925 comm="pool" name="home-627737a7.log" dev="tmpfs" ino=66083 scontext=unconfined_u:unconfined_r:thumb_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_tmp_t:s0 tclass=file permissive=0


Hash: pool,thumb_t,user_tmp_t,file,link

==============

file provoking the problem was a simple PDF --- looks like a permissions SElinux error

Comment 1 Kevin Fenzi 2020-04-20 01:45:54 UTC

Is this issue still happening?

Comment 2 David C. Chipman 2022-01-20 06:12:49 UTC

Yes, this is happening to me, on Fedora 35.

arget Context                system_u:object_r:session_dbusd_tmp_t:s0
Target Objects                bus [ sock_file ]
Source                        tumblerd
Source Path                   tumblerd
Port                          <Unknown>
Host                          fedora
Source RPM Packages           
Target RPM Packages           
SELinux Policy RPM            selinux-policy-targeted-35.10-1.fc35.noarch
Local Policy RPM              selinux-policy-targeted-35.10-1.fc35.noarch
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Enforcing
Host Name                     fedora
Platform                      Linux fedora 5.15.14-200.fc35.x86_64 #1 SMP Tue
                              Jan 11 16:49:27 UTC 2022 x86_64 x86_64
Alert Count                   2
First Seen                    2022-01-19 23:10:11 EST
Last Seen                     2022-01-19 23:10:11 EST
Local ID                      2ff0dd36-ac06-4511-9eba-837a381ddedb

Raw Audit Messages
type=AVC msg=audit(1642651811.952:1749): avc:  denied  { write } for  pid=768827 comm="tumblerd" name="bus" dev="tmpfs" ino=60 scontext=unconfined_u:unconfined_r:thumb_t:s0-s0:c0.c1023 tcontext=system_u:object_r:session_dbusd_tmp_t:s0 tclass=sock_file permissive=0

Comment 3 Troy Dawson 2024-07-09 15:39:05 UTC

EPEL 7 entered end-of-life (EOL) status on 2024-06-30.  EPEL 7 is no longer maintained, which means that it will not receive any further security or bug fix updates. As a result we are closing this bug.

Note You need to log in before you can comment on or make changes to this bug.