Description of problem: Got the message just after login SELinux is preventing gdb from 'read' accesses on the chr_file renderD128. ***** Plugin catchall (100. confidence) suggests ************************** If you believe that gdb should be allowed read access on the renderD128 chr_file by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # ausearch -c 'gdb' --raw | audit2allow -M my-gdb # semodule -X 300 -i my-gdb.pp Additional Information: Source Context system_u:system_r:abrt_t:s0-s0:c0.c1023 Target Context system_u:object_r:dri_device_t:s0 Target Objects renderD128 [ chr_file ] Source gdb Source Path gdb Port <Unknown> Host (removed) Source RPM Packages Target RPM Packages SELinux Policy RPM <Unknown> Local Policy RPM selinux-policy-targeted-3.14.6-29.fc33.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 5.8.18-300.fc33.x86_64 #1 SMP Mon Nov 2 19:09:05 UTC 2020 x86_64 x86_64 Alert Count 35 First Seen 2020-11-11 06:38:04 GMT Last Seen 2020-11-11 06:38:04 GMT Local ID 8d7a0eab-7944-4c5b-86da-ae673326bec3 Raw Audit Messages type=AVC msg=audit(1605076684.404:656): avc: denied { read } for pid=6117 comm="gdb" name="renderD128" dev="devtmpfs" ino=3980 scontext=system_u:system_r:abrt_t:s0-s0:c0.c1023 tcontext=system_u:object_r:dri_device_t:s0 tclass=chr_file permissive=0 Hash: gdb,abrt_t,dri_device_t,chr_file,read Additional info: component: selinux-policy reporter: libreport-2.14.0 hashmarkername: setroubleshoot kernel: 5.8.18-300.fc33.x86_64 type: libreport
Similar problem has been detected: Blender import STL utility crashes application and causes this SELinux error hashmarkername: setroubleshoot kernel: 5.8.18-300.fc33.x86_64 package: selinux-policy-targeted-3.14.6-30.fc33.noarch reason: SELinux is preventing gdb from 'read' accesses on the chr_file renderD128. type: libreport
Similar problem has been detected: gnome printer settings crashed hashmarkername: setroubleshoot kernel: 5.8.18-300.fc33.x86_64 package: selinux-policy-targeted-3.14.6-30.fc33.noarch reason: SELinux is preventing gdb from 'read' accesses on the chr_file card0. type: libreport
Similar problem has been detected: Switching on an external hard disk, connected through a firewire port hashmarkername: setroubleshoot kernel: 5.8.18-300.fc33.x86_64 reason: SELinux is preventing gdb from 'read' accesses on the chr_file renderD128. type: libreport
Similar here with file card0 ----- SELinux is preventing gdb from read access on the chr_file card0. ***** Plugin catchall (100. confidence) suggests ************************** If you believe that gdb should be allowed read access on the card0 chr_file by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # ausearch -c 'gdb' --raw | audit2allow -M my-gdb # semodule -X 300 -i my-gdb.pp Additional Information: Source Context system_u:system_r:abrt_t:s0-s0:c0.c1023 Target Context system_u:object_r:dri_device_t:s0 Target Objects card0 [ chr_file ] Source gdb Source Path gdb Port <Unknown> Host fergie Source RPM Packages Target RPM Packages SELinux Policy RPM selinux-policy-targeted-3.14.6-30.fc33.noarch Local Policy RPM selinux-policy-targeted-3.14.6-30.fc33.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name fergie Platform Linux fergie 5.9.8-200.fc33.x86_64 #1 SMP Tue Nov 10 21:58:19 UTC 2020 x86_64 x86_64 Alert Count 10 First Seen 2020-11-15 11:46:19 MSK Last Seen 2020-11-15 11:46:19 MSK Local ID f1d5dc1e-899b-45e8-a667-df71e3a98b2a Raw Audit Messages type=AVC msg=audit(1605429979.62:890): avc: denied { read } for pid=5735 comm="gdb" name="card0" dev="devtmpfs" ino=665 scontext=system_u:system_r:abrt_t:s0-s0:c0.c1023 tcontext=system_u:object_r:dri_device_t:s0 tclass=chr_file permissive=0 Hash: gdb,abrt_t,dri_device_t,chr_file,read
And here is a seemingly related failure, on most recent boot it happened almost 100 times in a few seconds. The file(s) it's trying to access is: ./var/lib/sddm/.cache/sddm-greeter/qmlcache/f608f40699df11a4f08066742c239d574011c351.qmlc There is a whole bunch of them in that directory. ------------------------- SELinux is preventing gdb from read access on the file 01afb6838a82a1f8d70b16ab3b5e324424f3d3ac.qmlc. ***** Plugin catchall (100. confidence) suggests ************************** If you believe that gdb should be allowed read access on the 01afb6838a82a1f8d70b16ab3b5e324424f3d3ac.qmlc file by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # ausearch -c 'gdb' --raw | audit2allow -M my-gdb # semodule -X 300 -i my-gdb.pp Additional Information: Source Context system_u:system_r:abrt_t:s0-s0:c0.c1023 Target Context system_u:object_r:xdm_var_lib_t:s0 Target Objects 01afb6838a82a1f8d70b16ab3b5e324424f3d3ac.qmlc [ file ] Source gdb Source Path gdb Port <Unknown> Host fergie Source RPM Packages Target RPM Packages SELinux Policy RPM selinux-policy-targeted-3.14.6-30.fc33.noarch Local Policy RPM selinux-policy-targeted-3.14.6-30.fc33.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name fergie Platform Linux fergie 5.9.8-200.fc33.x86_64 #1 SMP Tue Nov 10 21:58:19 UTC 2020 x86_64 x86_64 Alert Count 98 First Seen 2020-11-16 21:11:05 MSK Last Seen 2020-11-16 21:11:05 MSK Local ID a2b5b658-ea67-458e-abf3-fec8ce898cda Raw Audit Messages type=AVC msg=audit(1605550265.340:735): avc: denied { read } for pid=1848 comm="gdb" name="01afb6838a82a1f8d70b16ab3b5e324424f3d3ac.qmlc" dev="sda2" ino=657093 scontext=system_u:system_r:abrt_t:s0-s0:c0.c1023 tcontext=system_u:object_r:xdm_var_lib_t:s0 tclass=file permissive=0 Hash: gdb,abrt_t,xdm_var_lib_t,file,read
*** Bug 1900052 has been marked as a duplicate of this bug. ***
Similar problem has been detected: I cannot report a crash that happened in Firefox Wayland when sharing a window, probably due to this SELinux config. hashmarkername: setroubleshoot kernel: 5.9.9-200.fc33.x86_64 reason: SELinux is preventing gdb from 'read' accesses on the chr_file renderD128. type: libreport
Similar problem has been detected: Happened while watching a MKV file hashmarkername: setroubleshoot kernel: 5.9.13-200.fc33.x86_64 package: selinux-policy-targeted-3.14.6-31.fc33.noarch reason: SELinux is preventing gdb from 'read' accesses on the chr_file card0. type: libreport
Similar problem has been detected: I was reading a web page and viewing a pdf file. When I scrolled downward, my session froze then the window manager restarted hashmarkername: setroubleshoot kernel: 5.9.13-200.fc33.x86_64 package: selinux-policy-targeted-3.14.6-31.fc33.noarch reason: SELinux is preventing gdb from 'read' accesses on the chr_file card0. type: libreport
Similar problem has been detected: Logged in to Plasma session (Non-Wayland) from cold boot. hashmarkername: setroubleshoot kernel: 5.9.13-200.fc33.x86_64 package: selinux-policy-targeted-3.14.6-31.fc33.noarch reason: SELinux is preventing gdb from 'read' accesses on the chr_file card0. type: libreport
Similar problem has been detected: Possibly when attempt to print test page on newly installed printer. hashmarkername: setroubleshoot kernel: 5.9.10-200.fc33.x86_64 package: selinux-policy-targeted-3.14.6-30.fc33.noarch reason: SELinux is preventing gdb from 'read' accesses on the chr_file renderD128. type: libreport
Similar problem has been detected: Attempting to print a test page. hashmarkername: setroubleshoot kernel: 5.9.10-200.fc33.x86_64 package: selinux-policy-targeted-3.14.6-30.fc33.noarch reason: SELinux is preventing gdb from 'read' accesses on the chr_file renderD128. type: libreport
Similar problem has been detected: As far as I can tell: Installing some new "Global Themes" in the KDE "System Settings" applet: A: requires elevated permissions and B: crashes the KDE "System Settings" applet Which invokes GDB to try and debug that crash. Which runs afoul of SELinux. Which creates this bug report. hashmarkername: setroubleshoot kernel: 5.9.15-200.fc33.x86_64 package: selinux-policy-targeted-3.14.6-33.fc33.noarch reason: SELinux is preventing gdb from 'read' accesses on the chr_file card0. type: libreport
Similar problem has been detected: Firefox froze momentarily, and then i was notified that GDB debug was denied for DRI. hashmarkername: setroubleshoot kernel: 5.9.16-200.fc33.x86_64 package: selinux-policy-targeted-3.14.6-33.fc33.noarch reason: SELinux is preventing gdb from 'read' accesses on the chr_file renderD128. type: libreport
Users seem to be reporting this AVC in relation to many different events. For me, I can reliably reproduce this AVC by causing an application to crash. (Turns out, a program i regularly use is broken in F33, so I can tell this AVC occurs every time I try to start it.) I think ABRT is trying to start gdb?
Similar problem has been detected: updated cinnamon DE and rebooted hashmarkername: setroubleshoot kernel: 5.9.16-200.fc33.x86_64 package: selinux-policy-targeted-3.14.6-33.fc33.noarch reason: SELinux is preventing gdb from 'read' accesses on the chr_file card0. type: libreport
Similar problem has been detected: Xorg with nouveau doesn't wake display or card from powered system suspend (sleep). When Xorg session is killed, SELinux consumes load on single thread of CPU on and floods system journal with gdb attempting to "read" "card0" hashmarkername: setroubleshoot kernel: 5.9.16-200.fc33.x86_64 package: selinux-policy-targeted-3.14.6-33.fc33.noarch reason: SELinux is preventing gdb from 'read' accesses on the chr_file card0. type: libreport
Similar problem has been detected: I thing that this happened when Nextcloud client crashed. hashmarkername: setroubleshoot kernel: 5.10.6-200.fc33.x86_64 reason: SELinux is preventing gdb from 'read' accesses on the chr_file card0. type: libreport
Similar problem has been detected: Trying to run the game marsshooter. hashmarkername: setroubleshoot kernel: 5.10.6-200.fc33.x86_64 package: selinux-policy-targeted-3.14.6-33.fc33.noarch reason: SELinux is preventing gdb from 'read' accesses on the chr_file renderD128. type: libreport
*** Bug 1917977 has been marked as a duplicate of this bug. ***
Similar problem has been detected: I logged out of electrum, after a few seconds some error occurred and started generating error reports. After this launch, this message appeared. hashmarkername: setroubleshoot kernel: 5.10.9-201.fc33.x86_64 package: selinux-policy-targeted-3.14.6-34.fc33.noarch reason: SELinux is preventing gdb from 'read' accesses on the chr_file renderD128. type: libreport
Similar problem has been detected: was playing game and screen turned black then it came back with all sorts of artefacts on screen. did ctrl+alt+f4 screen suddenly came back in normal environnement. tons of SElinux alerts. when i try recommended command it says: Nothing to do and libsemanage.map_file: Unable to open my-gdb.pp (No such file or directory). libsemanage.semanage_direct_install_file: Unable to read file my-gdb.pp (No such file or directory). semodule: Failed on my-gdb.pp! hashmarkername: setroubleshoot kernel: 5.10.9-301.preempt_fsync.fc33.x86_64 package: selinux-policy-targeted-3.14.6-34.fc33.noarch reason: SELinux is preventing gdb from 'read' accesses on the chr_file card0. type: libreport
*** Bug 1930719 has been marked as a duplicate of this bug. ***
*** Bug 1936220 has been marked as a duplicate of this bug. ***
*** Bug 1936890 has been marked as a duplicate of this bug. ***
Similar problem has been detected: Using Konsole hashmarkername: setroubleshoot kernel: 5.8.15-301.fc33.x86_64 package: selinux-policy-targeted-3.14.6-35.fc33.noarch reason: SELinux is preventing gdb from 'read' accesses on the chr_file card0. type: libreport
Martine, We have a bunch of bugs for abrt executing gdb which subsequently requires access to various devices, capabilities, and permissions. It was first reported in this bz 2020-11-11, so it probably is related to some change prior to this date in how abrt gets to executing gdb. Can you tell us the chain of commands which eventually ends with gdb? Internal note - there is abrt-handle-event which is quite powerful: # ll -Za /usr/libexec/abrt-handle-event -rwxr-xr-x. 1 root root system_u:object_r:abrt_handle_event_exec_t:s0 24568 25. led 19.26 /usr/libexec/abrt-handle-event # seinfo -xt abrt_handle_event_t Types: 1 type abrt_handle_event_t, abrt_domain, application_domain_type, can_read_shadow_passwords, can_write_shadow_passwords, can_relabelto_shadow_passwords, can_change_object_identity, can_load_kernmodule, can_load_policy, can_setbool, can_setenforce, can_setsecparam, corenet_unconfined_type, corenet_unlabeled_type, devices_unconfined_type, domain, files_unconfined_type, filesystem_unconfined_type, kern_unconfined, kernel_system_state_reader, named_filetrans_domain, process_uncond_exempt, selinux_unconfined_type, storage_unconfined_type, unconfined_domain_type, dbusd_unconfined, sepgsql_unconfined_type, can_relabelto_binary_policy, userdom_filetrans_type, x_domain, xserver_unconfined_type;
*** Bug 1896762 has been marked as a duplicate of this bug. ***
*** Bug 1897468 has been marked as a duplicate of this bug. ***
*** Bug 1897863 has been marked as a duplicate of this bug. ***
*** Bug 1899215 has been marked as a duplicate of this bug. ***
*** Bug 1901406 has been marked as a duplicate of this bug. ***
*** Bug 1902602 has been marked as a duplicate of this bug. ***
*** Bug 1903404 has been marked as a duplicate of this bug. ***
*** Bug 1912029 has been marked as a duplicate of this bug. ***
*** Bug 1915470 has been marked as a duplicate of this bug. ***
*** Bug 1917228 has been marked as a duplicate of this bug. ***
*** Bug 1929758 has been marked as a duplicate of this bug. ***
*** Bug 1929759 has been marked as a duplicate of this bug. ***
*** Bug 1936305 has been marked as a duplicate of this bug. ***
*** Bug 1937021 has been marked as a duplicate of this bug. ***
*** Bug 1938237 has been marked as a duplicate of this bug. ***
*** Bug 1943780 has been marked as a duplicate of this bug. ***
Similar problem has been detected: I was work on my laptop and the system STUCK and REBOOT. hashmarkername: setroubleshoot kernel: 5.11.11-200.fc33.x86_64 package: selinux-policy-targeted-3.14.6-36.fc33.noarch reason: SELinux is preventing gdb from 'open' accesses on the chr_file /dev/nvidia0. type: libreport
Similar problem has been detected: Wehen login after update to Fedora 34 hashmarkername: setroubleshoot kernel: 5.11.12-300.fc34.x86_64 package: selinux-policy-targeted-34.2-1.fc34.noarch reason: SELinux is preventing gdb from 'read' accesses on the chr_file nvidiactl. type: libreport
Similar problem has been detected: I ran gdb on a (coredump of a) process that was accessing second GPU. hashmarkername: setroubleshoot kernel: 5.11.14-300.fc34.x86_64 package: selinux-policy-targeted-34.3-1.fc34.noarch reason: SELinux is preventing gdb from 'read' accesses on the chr_file card1. type: libreport
Similar problem has been detected: DEFAULTH hashmarkername: setroubleshoot kernel: 5.11.16-300.fc34.x86_64 package: selinux-policy-targeted-34.3-1.fc34.noarch reason: SELinux is preventing gdb from 'read' accesses on the chr_file card0. type: libreport
Similar problem has been detected: I inserted my Logitech game controller in the usb and got this bug hashmarkername: setroubleshoot kernel: 5.11.17-300.fc34.x86_64 package: selinux-policy-targeted-34.4-1.fc34.noarch reason: SELinux is preventing gdb from 'read' accesses on the chr_file card0. type: libreport
Similar problem has been detected: Happens when flatpak apps crash with ABRT installed. hashmarkername: setroubleshoot kernel: 5.12.2-300.fc34.x86_64 package: selinux-policy-targeted-34.5-1.fc34.noarch reason: SELinux is preventing gdb from 'read' accesses on the chr_file renderD128. type: libreport
*** Bug 1959183 has been marked as a duplicate of this bug. ***
Similar problem has been detected: Disconnect USB-C dock. hashmarkername: setroubleshoot kernel: 5.11.19-200.fc33.x86_64 package: selinux-policy-targeted-3.14.6-37.fc33.noarch reason: SELinux is preventing gdb from 'read' accesses on the chr_file card0. type: libreport
Similar problem has been detected: Survient après la mise à jour hashmarkername: setroubleshoot kernel: 5.11.20-200.fc33.x86_64 package: selinux-policy-targeted-3.14.6-37.fc33.noarch reason: SELinux is preventing gdb from 'read' accesses on the fichier user. type: libreport
Similar problem has been detected: Got through: from numpy import pi, sin, cos, mgrid dphi, dtheta = pi/250.0, pi/250.0 [phi,theta] = mgrid[0:pi+dphi*1.5:dphi,0:2*pi+dtheta*1.5:dtheta] m0 = 4; m1 = 3; m2 = 2; m3 = 3; m4 = 6; m5 = 2; m6 = 6; m7 = 4; r = sin(m0*phi)**m1 + cos(m2*phi)**m3 + sin(m4*theta)**m5 + cos(m6*theta)**m7 x = r*sin(phi)*cos(theta) y = r*cos(phi) z = r*sin(phi)*sin(theta) in mayavi2 on typing: from mayavi import mlab it crashed hashmarkername: setroubleshoot kernel: 5.11.20-300.fc34.x86_64 package: selinux-policy-targeted-34.7-1.fc34.noarch reason: SELinux is preventing gdb from 'read' accesses on the chr_file card0. type: libreport
On a desktop with an AMD graphics card, happens sometimes when electron applications crash. SELinux is preventing gdb from read access on the chr_file renderD128. Plugin: catchall SELinux denied access requested by gdb. It is not expected that this access is required by gdb and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. If you believe that gdb should be allowed read access on the renderD128 chr_file by default. You should report this as a bug. You can generate a local policy module to allow this access. Allow this access for now by executing: # ausearch -c 'gdb' --raw | audit2allow -M my-gdb # semodule -X 300 -i my-gdb.pp
*** Bug 1965531 has been marked as a duplicate of this bug. ***
Similar problem has been detected: Upon returning from suspend-to-ram and login in to Xfce again. I loaded a new website in an already open Firefox tab, and the web render area began blinking randomly. Within 3-4 seconds, the X Server session died. I logged in again and immediatelly this SEL error kept continually coming up hashmarkername: setroubleshoot kernel: 5.12.6-200.fc33.x86_64 package: selinux-policy-targeted-3.14.6-37.fc33.noarch reason: SELinux is preventing gdb from 'read' accesses on the chr_file card0. type: libreport
Similar problem has been detected: Nach system re-start hashmarkername: setroubleshoot kernel: 5.12.8-200.fc33.x86_64 package: selinux-policy-targeted-3.14.6-37.fc33.noarch reason: SELinux is preventing gdb from 'read' accesses on the Datei user. type: libreport
Similar problem has been detected: This seems to happen every time when some GUI application crashes (most recently, the spotify flatpak, when closing the window), and gdb tries to generate a coredump for ABRT or something. I'm using the proprietary NVidia driver. hashmarkername: setroubleshoot kernel: 5.12.10-300.fc34.x86_64 package: selinux-policy-targeted-34.11-1.fc34.noarch reason: SELinux is preventing gdb from 'read' accesses on the chr_file nvidiactl. type: libreport
> > I'm using the proprietary NVidia driver. > I experience this issue as well, but I am not using any proprietary drivers.
Similar problem has been detected: Plasma System Settings crashed, which probably started DrKonqi in the background (I cannot see it yet). hashmarkername: setroubleshoot kernel: 5.12.11-300.fc34.x86_64 package: selinux-policy-targeted-34.11-1.fc34.noarch reason: SELinux is preventing gdb from 'read' accesses on the chr_file renderD128. type: libreport
Similar problem has been detected: I was tweaking some window buttons configuration, then i apply and plasma just crashes, it opens again and i get like 800 errors. hashmarkername: setroubleshoot kernel: 5.12.12-300.fc34.x86_64 package: selinux-policy-targeted-34.11-1.fc34.noarch reason: SELinux is preventing gdb from 'read' accesses on the chr_file renderD128. type: libreport
Similar problem has been detected: I was working on a presentation on libreoffice, when Xorg crashed. When I logged back in, I received a series of these denials. This is not the first time (the Xorg crash, and these SELinux denials after a crash). I think abrt tries to run something and fails. hashmarkername: setroubleshoot kernel: 5.12.12-200.fc33.x86_64 package: selinux-policy-targeted-3.14.6-38.fc33.noarch reason: SELinux is preventing gdb from 'read' accesses on the chr_file card0. type: libreport
Similar problem has been detected: I was using LibreOffice Calc. I clicked on a new cell to type a formula, and at that point the display first freezed, then flickered, I could briefly see the bootup/shutdown sequence of systemd units turning off, and then Xorg restarted and I was thrown back at the LightDM login screen. hashmarkername: setroubleshoot kernel: 5.12.13-200.fc33.x86_64 package: selinux-policy-targeted-3.14.6-38.fc33.noarch reason: SELinux is preventing gdb from 'read' accesses on the chr_file card0. type: libreport
seems to happen when flatpak apps crash I'm on amdgpu, fedora 34
Similar problem has been detected: right on desktop login hashmarkername: setroubleshoot kernel: 5.12.14-300.fc34.x86_64 package: selinux-policy-targeted-34.13-1.fc34.noarch reason: SELinux is preventing gdb from 'read' accesses on the chr_file card0. type: libreport
Similar problem has been detected: I closed KVM. hashmarkername: setroubleshoot kernel: 5.12.14-300.fc34.x86_64 package: selinux-policy-targeted-34.13-1.fc34.noarch reason: SELinux is preventing gdb from 'read' accesses on the chr_file renderD128. type: libreport
Similar problem has been detected: Right after starting Flameshot. Bug for Flameshot filed at https://bugzilla.redhat.com/show_bug.cgi?id=1984116 hashmarkername: setroubleshoot kernel: 5.12.15-200.fc33.x86_64 package: selinux-policy-targeted-3.14.6-39.fc33.noarch reason: SELinux is preventing gdb from 'read' accesses on the chr_file renderD128. type: libreport
Similar problem has been detected: Not sure how this happened. hashmarkername: setroubleshoot kernel: 5.12.15-300.fc34.x86_64 package: selinux-policy-targeted-34.14-1.fc34.noarch reason: SELinux is preventing gdb from 'read' accesses on the chr_file card0. type: libreport
(In reply to Davi Rafael Fiala from comment #44) > Similar problem has been detected: > > I was work on my laptop and the system STUCK and REBOOT. > > hashmarkername: setroubleshoot > kernel: 5.11.11-200.fc33.x86_64 > package: selinux-policy-targeted-3.14.6-36.fc33.noarch > reason: SELinux is preventing gdb from 'open' accesses on the > chr_file /dev/nvidia0. > type: libreport I have temporarily abandoned Fedora .... Too many heat problems with open graphics drivers and Gimp does not show up for those who love a little photo editing .... Photoshop is another thing .... also you always have to fight to show simple printers in wifi ... at this point then better a break from Fedora, moreover it installs too many components that to many seem only an obstacle for a common desktop use on a 15 laptop
Similar problem has been detected: Hello, I was installed Fedora 34 with Deepin Desktop from Server netinst image. When I turn on Window Effect from Settings app, It was failed and i got an SELinux error from notfications menu. Does I missing some depedencies, or this is a SELinux fault? hashmarkername: setroubleshoot kernel: 5.13.12-200.fc34.x86_64 package: selinux-policy-targeted-34.16-1.fc34.noarch reason: SELinux is preventing gdb from 'open' accesses on the chr_file /dev/dri/renderD128. type: libreport
I'm also getting this problem (Fedora 33, "AMD Ryzen 5 3500U with Radeon Vega Mobile Gfx"). As mentioned in comment #2 of bug 1937021#c2, when some other program crashes, abrt tries to run gdb, and gdb tries to access /dev/dri/card0, which is then blocked by SELinux. This then repeats once a second until either the system is shut down, or log out. Too bad if you had a lot invested in open windows and work.
Similar problem has been detected: These error messages appeared when the desktop was loade after the reboot consequent to KDE Plasma installation I am running Linux Fedora on a Parallels 17.0.0 (build 51461) hashmarkername: setroubleshoot kernel: 5.11.12-300.fc34.x86_64 package: selinux-policy-targeted-34.16-1.fc34.noarch reason: SELinux is preventing gdb from 'read' accesses on the chr_file card0. type: libreport
Similar problem has been detected: I'm not sure how it happened. I put to sleep my laptop to get back the touchpad and keyboard. After I turned on again and a black screen appeared and I couldn't login to I forcefully shut it down. Just after turn it on, I received a message that there was something wrong with this library. I don't even now if one thing is related to the other. hashmarkername: setroubleshoot kernel: 5.13.13-100.fc33.x86_64 package: selinux-policy-targeted-3.14.6-39.fc33.noarch reason: SELinux is preventing gdb from 'read' accesses on the file user. type: libreport
Similar problem has been detected: An unrelated program crashed (a game), I believe abrt ran because of that, which triggered this. hashmarkername: setroubleshoot kernel: 5.13.16-200.fc34.x86_64 package: selinux-policy-targeted-34.19-1.fc34.noarch reason: SELinux is preventing gdb from 'read' accesses on the chr_file renderD128. type: libreport
Similar problem has been detected: initial login to thedesk top hashmarkername: setroubleshoot kernel: 5.13.16-200.fc34.x86_64 package: selinux-policy-targeted-34.20-1.fc34.noarch reason: SELinux is preventing gdb from 'read' accesses on the chr_file card0. type: libreport
Similar problem has been detected: When i use Telegram application hashmarkername: setroubleshoot kernel: 5.13.19-200.fc34.x86_64 package: selinux-policy-targeted-34.21-1.fc34.noarch reason: SELinux is preventing gdb from 'read' accesses on the chr_file nvidiactl. type: libreport
Similar problem has been detected: Cinnamon periodically crashes right after opening a new window. After it restarts, I get a bunch of these alerts (when abrt tries to get backtraces?) It seems like either gdb should be able to read these processes for abrt, or abrt should skip dumping them. hashmarkername: setroubleshoot kernel: 5.13.16-200.fc34.x86_64 package: selinux-policy-targeted-34.20-1.fc34.noarch reason: SELinux is preventing gdb from 'read' accesses on the chr_file renderD128. type: libreport
Similar problem has been detected: Not sure how it happened. I stepped away from my computer and when I came back SElinux was grouching about it. hashmarkername: setroubleshoot kernel: 5.14.9-200.fc34.x86_64 package: selinux-policy-targeted-34.21-1.fc34.noarch reason: SELinux is preventing gdb from 'open' accesses on the chr_file /dev/dri/card0. type: libreport
Similar problem has been detected: [root@localhost ~]# ausearch -c "gdb" --raw | audit2allow -M my-gdb Nothing to do [root@localhost ~]# semodule -X 300 -i my-gdb.pp Failed to resolve permission watch hashmarkername: setroubleshoot kernel: 5.14.11-100.fc33.x86_64 package: selinux-policy-targeted-3.14.6-39.fc33.noarch reason: SELinux is preventing gdb from 'open' accesses on the chr_file /dev/dri/renderD128. type: libreport
Similar problem has been detected: Occured during idle time, perhaps a background process caused it hashmarkername: setroubleshoot kernel: 5.14.13-200.fc34.x86_64 package: selinux-policy-targeted-34.21-1.fc34.noarch reason: SELinux is preventing gdb from 'read' accesses on the chr_file renderD128. type: libreport
This message is a reminder that Fedora 33 is nearing its end of life. Fedora will stop maintaining and issuing updates for Fedora 33 on 2021-11-30. It is Fedora's policy to close all bug reports from releases that are no longer maintained. At that time this bug will be closed as EOL if it remains open with a Fedora 'version' of '33'. Package Maintainer: If you wish for this bug to remain open because you plan to fix it in a currently maintained version, simply change the 'version' to a later Fedora version. Thank you for reporting this issue and we are sorry that we were not able to fix it before Fedora 33 is end of life. If you would still like to see this bug fixed and are able to reproduce it against a later version of Fedora, you are encouraged change the 'version' to a later Fedora version prior this bug is closed as described in the policy above. Although we aim to fix as many bugs as possible during every release's lifetime, sometimes those efforts are overtaken by events. Often a more recent Fedora release includes newer upstream software that fixes bugs or makes them obsolete.
Still happens in Fedora 25 selinux-policy-targeted-35.5-1.fc35.noarch ----- SELinux is preventing gdb from read access on the chr_file card0. ***** Plugin catchall (100. confidence) suggests ************************** If you believe that gdb should be allowed read access on the card0 chr_file by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # ausearch -c 'gdb' --raw | audit2allow -M my-gdb # semodule -X 300 -i my-gdb.pp Additional Information: Source Context system_u:system_r:abrt_t:s0-s0:c0.c1023 Target Context system_u:object_r:dri_device_t:s0 Target Objects card0 [ chr_file ] Source gdb Source Path gdb Port <Unknown> Host fergie Source RPM Packages Target RPM Packages SELinux Policy RPM selinux-policy-targeted-35.5-1.fc35.noarch Local Policy RPM selinux-policy-targeted-35.5-1.fc35.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name fergie Platform Linux fergie 5.14.16-301.fc35.x86_64 #1 SMP Wed Nov 3 13:55:42 UTC 2021 x86_64 x86_64 Alert Count 3 First Seen 2021-11-05 09:59:24 MSK Last Seen 2021-11-05 09:59:24 MSK Local ID 99700417-c3be-4a67-916b-f8b4a14c5af2 Raw Audit Messages type=AVC msg=audit(1636095564.45:402): avc: denied { read } for pid=5837 comm="gdb" name="card0" dev="devtmpfs" ino=731 scontext=system_u:system_r:abrt_t:s0-s0:c0.c1023 tcontext=system_u:object_r:dri_device_t:s0 tclass=chr_file permissive=0 Hash: gdb,abrt_t,dri_device_t,chr_file,read
Similar problem has been detected: My Firefox 94.0 (64-bit) crashed and I got this error. hashmarkername: setroubleshoot kernel: 5.14.16-201.fc34.x86_64 package: selinux-policy-targeted-34.22-1.fc34.noarch reason: SELinux is preventing gdb from 'read' accesses on the chr_file renderD128. type: libreport
*** Bug 2009644 has been marked as a duplicate of this bug. ***
*** Bug 1998967 has been marked as a duplicate of this bug. ***
*** Bug 2016578 has been marked as a duplicate of this bug. ***
*** Bug 2017997 has been marked as a duplicate of this bug. ***
*** Bug 2017124 has been marked as a duplicate of this bug. ***
*** Bug 1962649 has been marked as a duplicate of this bug. ***
Hi, sorry for late reply to the needinfo request. I am not very familiar with the ABRT code itself, so I am only guessing: abrt-action-generate-backtrace is the place to look into. Try asking ABRT developers for more details.
Similar problem has been detected: GDM Login starting x11 session. hashmarkername: setroubleshoot kernel: 5.14.16-301.fc35.x86_64 package: selinux-policy-targeted-35.5-1.fc35.noarch reason: SELinux is preventing gdb from 'read' accesses on the chr_file nvidiactl. type: libreport
Similar problem has been detected: Closing a python-Qt5 application hashmarkername: setroubleshoot kernel: 5.14.18-300.fc35.x86_64 package: selinux-policy-targeted-35.5-1.fc35.noarch reason: SELinux is preventing gdb from 'read' accesses on the chr_file nvidiactl. type: libreport
Similar problem has been detected: Selinux popped this up. I amnot sure how it can be reproduced. hashmarkername: setroubleshoot kernel: 5.14.18-200.fc34.x86_64 package: selinux-policy-targeted-34.22-1.fc34.noarch reason: SELinux is preventing gdb from 'read' accesses on the chr_file nvidiactl. type: libreport
Similar problem has been detected: Watching a YouTube documentary using KDE Plasma 5 ( last version) with aMule e Dolphin. hashmarkername: setroubleshoot kernel: 5.15.6-200.fc35.x86_64 package: selinux-policy-targeted-35.5-1.fc35.noarch reason: SELinux is preventing gdb from 'read' accesses on the chr_file card0. type: libreport
Similar problem has been detected: Tried to share a screen from Chromium-freeworld hashmarkername: setroubleshoot kernel: 5.15.6-200.fc35.x86_64 package: selinux-policy-targeted-35.5-1.fc35.noarch reason: SELinux is preventing gdb from 'read' accesses on the chr_file nvidia0. type: libreport
Similar problem has been detected: As soon as I launched xfdashboard, it crashed and this SELinux error was thrown. hashmarkername: setroubleshoot kernel: 5.15.6-200.fc35.x86_64 package: selinux-policy-targeted-35.5-1.fc35.noarch reason: SELinux is preventing gdb from 'read' accesses on the chr_file nvidiactl. type: libreport
Similar problem has been detected: after run steam > counter strike hashmarkername: setroubleshoot kernel: 5.15.6-200.fc35.x86_64 package: selinux-policy-targeted-35.6-1.fc35.noarch reason: SELinux is preventing gdb from 'read' accesses on the chr_file nvidia0. type: libreport
*** Bug 2024590 has been marked as a duplicate of this bug. ***
*** Bug 2017981 has been marked as a duplicate of this bug. ***
*** Bug 2003268 has been marked as a duplicate of this bug. ***
*** Bug 1992635 has been marked as a duplicate of this bug. ***
*** Bug 1979448 has been marked as a duplicate of this bug. ***
*** Bug 1979136 has been marked as a duplicate of this bug. ***
*** Bug 1963305 has been marked as a duplicate of this bug. ***
*** Bug 1962653 has been marked as a duplicate of this bug. ***
*** Bug 1962648 has been marked as a duplicate of this bug. ***
*** Bug 1949948 has been marked as a duplicate of this bug. ***
*** Bug 1929814 has been marked as a duplicate of this bug. ***
*** Bug 1929812 has been marked as a duplicate of this bug. ***
I've submitted a Fedora PR so that gdb succeeds in accessing the special devices: https://github.com/fedora-selinux/selinux-policy/pull/970 However please note this would just help abrt to function properly, but if the original problem is crashing an nvidia driver, it needs to be reported to the driver vendor.
This is not caused by NVidia driver crashes, but seems to be a side effect of ABRT trying to gather data after any GUI application crashes.
What's weird to me is that apparently gdb is trying to read some files that are not executable / shared libraries. Why? One of the bug reports, if my memory serves, mentioned it trying to read Qt QML cache files, this just doesn't make sense. So maybe it would be meaningful to see why that is happening.
(In reply to Fabio Valentini from comment #113) > This is not caused by NVidia driver crashes, but seems to be a side effect > of ABRT trying to gather data after any GUI application crashes. In one of the bug reports it was mentioned that after downgrading nvidia driver it stopped crashing, so I infer at least it is one of the possible root causes. (In reply to Kostya Vasilyev from comment #114) > What's weird to me is that apparently gdb is trying to read some files that > are not executable / shared libraries. Why? > > One of the bug reports, if my memory serves, mentioned it trying to read Qt > QML cache files, this just doesn't make sense. So maybe it would be > meaningful to see why that is happening. Refer to abrt-action-generate-backtrace(1): This tool runs gdb(1) on a file named coredump in problem directory DIR. gdb(1) generates backtrace and other diagnostic information about the state of the application at the moment when coredump was generated. Then the tool saves it as new element backtrace in this problem directory. I suppose the behaviour is correct.
Similar problem has been detected: after gnome-shell crash. hashmarkername: setroubleshoot kernel: 5.15.6-200.fc35.x86_64 package: selinux-policy-targeted-35.6-1.fc35.noarch reason: SELinux is preventing gdb from 'read' accesses on the chr_file card0. type: libreport
Similar problem has been detected: Happened spontaneously after upgrade to Fedora 35 (from F29, via F31 and F33). hashmarkername: setroubleshoot kernel: 5.15.6-200.fc35.x86_64 package: selinux-policy-targeted-35.6-1.fc35.noarch reason: SELinux is preventing gdb from 'read' accesses on the file /var/cache/fwupd/metainfo.xmlb. type: libreport
Similar problem has been detected: After a plasmashell crash. I was using gdb earlier to debug a crash, but as far as I know it was not running when this crash happened. hashmarkername: setroubleshoot kernel: 5.15.6-200.fc35.x86_64 package: selinux-policy-targeted-35.6-1.fc35.noarch reason: SELinux is preventing gdb from 'read' accesses on the chr_file renderD128. type: libreport
FEDORA-2021-379f72b2bc has been submitted as an update to Fedora 35. https://bodhi.fedoraproject.org/updates/FEDORA-2021-379f72b2bc
FEDORA-2021-379f72b2bc has been pushed to the Fedora 35 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2021-379f72b2bc` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2021-379f72b2bc See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
FEDORA-2021-379f72b2bc did not fix this issue for me. Negative karma given. I get about 500 alerts every time I log in and Plasma crashes due to https://bugs.kde.org/show_bug.cgi?id=444742.
FEDORA-2021-379f72b2bc did not fix the issue for me either, though mine might be a different one: type=AVC msg=audit(1640020097.918:365): avc: denied { read } for pid=25710 comm="gdb" name="pcmC0D0p" dev="devtmpfs" ino=741 scontext=system_u:system_r:abrt_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sound_device_t:s0 tclass=chr_file permissive=0
Here is my AVC, with FEDORA-2021-379f72b2bc installed: type=AVC msg=audit(1640007681.500:39040): avc: denied { read } for pid=17795 comm="gdb" name="renderD128" dev="devtmpfs" ino=720 scontext=system_u:system_r:abrt_t:s0-s0:c0.c1023 tcontext=system_u:object_r:dri_device_t:s0 tclass=chr_file permissive=0
More details: Additional Information: Source Context system_u:system_r:abrt_t:s0-s0:c0.c1023 Target Context system_u:object_r:dri_device_t:s0 Target Objects renderD128 [ chr_file ] Source gdb Source Path gdb Port <Unknown> Host edison Source RPM Packages Target RPM Packages SELinux Policy RPM selinux-policy-targeted-35.7-1.fc35.noarch Local Policy RPM selinux-policy-targeted-35.7-1.fc35.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name edison Platform Linux edison 5.15.6-200.fc35.x86_64 #1 SMP Wed Dec 1 13:41:10 UTC 2021 x86_64 x86_64 Alert Count 4276 First Seen 2021-12-16 00:14:55 EST Last Seen 2021-12-20 08:41:21 EST Local ID 7f9d6c2b-5ff1-42dc-b714-dbed0bfed8c5 Raw Audit Messages type=AVC msg=audit(1640007681.500:39040): avc: denied { read } for pid=17795 comm="gdb" name="renderD128" dev="devtmpfs" ino=720 scontext=system_u:system_r:abrt_t:s0-s0:c0.c1023 tcontext=system_u:object_r:dri_device_t:s0 tclass=chr_file permissive=0 Hash: gdb,abrt_t,dri_device_t,chr_file,read
I've been getting hundreds of these errors for over a year, for nvidiactl and nvidia0 files. eg. SELinux is preventing gdb from read access on the chr_file nvidiactl. ***** Plugin catchall (100. confidence) suggests ************************** If you believe that gdb should be allowed read access on the nvidiactl chr_file by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # ausearch -c 'gdb' --raw | audit2allow -M my-gdb # semodule -X 300 -i my-gdb.pp Additional Information: Source Context system_u:system_r:abrt_t:s0-s0:c0.c1023 Target Context system_u:object_r:xserver_misc_device_t:s0 Target Objects nvidiactl [ chr_file ] Source gdb Source Path gdb Port <Unknown> Host <host> Source RPM Packages Target RPM Packages SELinux Policy RPM selinux-policy-targeted-35.6-1.fc35.noarch Local Policy RPM selinux-policy-targeted-35.6-1.fc35.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name <host> Platform Linux <host> 5.15.8-200.fc35.x86_64 #1 SMP Tue Dec 14 14:26:01 UTC 2021 x86_64 x86_64 Alert Count 860 First Seen 2020-11-13 02:41:43 EST Last Seen 2021-12-20 19:04:41 EST Local ID 80e5abb4-186e-4229-983c-fcb98301f87b Raw Audit Messages type=AVC msg=audit(1640045081.852:635): avc: denied { read } for pid=5092 comm="gdb" name="nvidiactl" dev="devtmpfs" ino=681 scontext=system_u:system_r:abrt_t:s0-s0:c0.c1023 tcontext=system_u:object_r:xserver_misc_device_t:s0 tclass=chr_file permissive=0 Hash: gdb,abrt_t,xserver_misc_device_t,chr_file,read
Similar problem has been detected: Restarting Telegramm Desktop hashmarkername: setroubleshoot kernel: 5.15.10-200.fc35.x86_64 package: selinux-policy-targeted-35.6-1.fc35.noarch reason: SELinux is preventing gdb from 'read' accesses on the chr_file renderD128. type: libreport
It is probably required to turn this boolean on to execute the gdb handler and be able to troubleshoot further: # setsebool -P abrt_handle_event on abrt_handle_event (off , off) Determine whether ABRT can run in the abrt_handle_event_t domain to handle ABRT event scripts.
FEDORA-2021-379f72b2bc has been pushed to the Fedora 35 stable repository. If problem still persists, please make note of it in this bug report.
(In reply to Zdenek Pytela from comment #127) > It is probably required to turn this boolean on to execute the gdb handler > and be able to troubleshoot further: > > # setsebool -P abrt_handle_event on > > abrt_handle_event (off , off) Determine whether ABRT can run in the > abrt_handle_event_t domain to handle ABRT event scripts. That boolean appears to fix the issue with every application crash (PipeWire, in my case) triggering an SELinux report. I think that boolean should be enabled by default or alternatively ABRT shouldn't try to automatically run gdb on application crashes. I don't think this issue is resolved until users stop getting this gdb-related SELinux error from ABRT one way or the other.
Similar problem has been detected: During customization and test of DashToDock Extension (installed from fedora official repo), this alarm has occurred. hashmarkername: setroubleshoot kernel: 5.15.11-200.fc35.x86_64 package: selinux-policy-targeted-35.7-1.fc35.noarch reason: SELinux is preventing gdb from 'read' accesses on the chr_file nvidiactl. type: libreport
Similar problem has been detected: This event has produced thousands of error entries in log for long time hashmarkername: setroubleshoot kernel: 5.15.11-200.fc35.x86_64 package: selinux-policy-targeted-35.7-1.fc35.noarch reason: SELinux is preventing gdb from 'open' accesses on the chr_file /dev/nvidia0. type: libreport
Still get regular emails about this issue but I am not bothered by it any-more for some time it seems. Recently did (almost) clean update to Linux fedora 5.15.11-200.fc35.x86_64 #1 SMP Wed Dec 22 15:41:11 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux. Could not resist to use recycle old firefox and thunderbird profiles but they do not seem to affect this issue. Is this related to some specific packages?
ps... used nomodeset as kernel arg to allow for installation. Maybe this is of importance here. I see several nvidia references in the recent comments. Off topic, Planning to get rid of the nvidia hardware myself. Have always been zealous nvidia follower but by now I'm thoroughly fed up with it and ordered AMD hardware to get rid of it for once and for all. Bye bye nvidia.
Similar problem has been detected: At the start, just after log in. hashmarkername: setroubleshoot kernel: 5.14.18-100.fc33.x86_64 package: selinux-policy-targeted-3.14.6-39.fc33.noarch reason: SELinux is preventing gdb from 'read' accesses on the file f608f40699df11a4f08066742c239d574011c351.qmlc. type: libreport
Similar problem has been detected: Stacer, unsuccesful feedback send, stacer get freez and crash. hashmarkername: setroubleshoot kernel: 5.15.14-200.fc35.x86_64 package: selinux-policy-targeted-35.8-1.fc35.noarch reason: SELinux is preventing gdb from 'read' accesses on the chr_file card0. type: libreport
Similar problem has been detected: Unfortunately I can't remember the specific task being performed when the issue occurred. I was watching a YouTube video via Firefox Nightly and watching a friend's stream via the official DiscordCanary client. hashmarkername: setroubleshoot kernel: 5.15.14-200.fc35.x86_64 package: selinux-policy-targeted-35.11-1.fc35.noarch reason: SELinux is preventing gdb from 'open' accesses on the chr_file /dev/dri/renderD128. type: libreport
Similar problem has been detected: Exited 0AD normally hashmarkername: setroubleshoot kernel: 5.15.16-100.fc34.x86_64 package: selinux-policy-targeted-34.23-1.fc34.noarch reason: SELinux is preventing gdb from 'read' accesses on the chr_file renderD128. type: libreport
Similar problem has been detected: System was idle with eclipse running and this popped up when I came to the laptop in the morning, after the laptop was left on overnight. hashmarkername: setroubleshoot kernel: 5.15.16-200.fc35.x86_64 package: selinux-policy-targeted-35.11-1.fc35.noarch reason: SELinux is preventing gdb from 'read' accesses on the file /var/cache/fwupd/metainfo.xmlb. type: libreport
*** Bug 2048123 has been marked as a duplicate of this bug. ***
Similar problem has been detected: Tried to start Dota over steam. Used to work fine. Switched to akmod-nvidia from nouveau and got an external screen. Now it crashes every time on startup and throws this error several times. hashmarkername: setroubleshoot kernel: 5.15.17-200.fc35.x86_64 package: selinux-policy-targeted-35.11-1.fc35.noarch reason: SELinux is preventing gdb from 'read' accesses on the chr_file nvidia0. type: libreport
Similar problem has been detected: After any crash of an app that uses drm (mostly OpenGL / GLE*) I get an selinux alert. In this case it was firefox. hashmarkername: setroubleshoot kernel: 5.15.16-100.fc34.x86_64 package: selinux-policy-targeted-34.23-1.fc34.noarch reason: SELinux is preventing gdb from 'open' accesses on the chr_file /dev/dri/renderD128. type: libreport
This is still a problem on fc34 and it doesn't look as though the fix was included in the most recent policy update. Worse, I'd already followed the instructions from "SELinux Troubleshooter" and created a local policy module, but that seems to have been removed by installing the policy update (or do those not persist over reboots?).
Similar problem has been detected: Starting VidCutter hashmarkername: setroubleshoot kernel: 5.15.18-200.fc35.x86_64 package: selinux-policy-targeted-35.11-1.fc35.noarch reason: SELinux is preventing gdb from 'read' accesses on the chr_file nvidiactl. type: libreport
A few notes: 1. It is required to turn this boolean on to execute the gdb handler and be able to troubleshoot further: # setsebool -P abrt_handle_event on abrt_handle_event (off , off) Determine whether ABRT can run in the abrt_handle_event_t domain to handle ABRT event scripts. 2. The underlying problem is a bug in a different component which needs to be troubleshooted and reported. 3. Local selinux policy module persists both boot and selinux-policy package update. 4. This fix has not been backported to F34.
*** Bug 2033458 has been marked as a duplicate of this bug. ***
note: I was "brought" here by setroubleshoot. ===== # getsebool abrt_handle_event abrt_handle_event --> on ===== SELinux impedisce a gdb un accesso open su chr_file /dev/dri/renderD128. ⏎ ⏎ ***** Plugin catchall(100. confidenza) suggerisce************************** Se ci credi gdb dovrebbe essere consentito open accesso al renderD128 chr_file per impostazione predefinita. Quindi si dovrebbe riportare il problema come bug. E' possibile generare un modulo di politica locale per consentire questo accesso. Fai consentire questo accesso per ora eseguendo: # ausearch -c 'gdb' --raw | audit2allow -M my-$MODULE_NOME # semodule -X 300 -i miei-gdb.pp Informazioni addizionali: Contesto della sorgente system_u:system_r:abrt_t:s0-s0:c0.c1023 Contesto target system_u:object_r:dri_device_t:s0 Oggetti target /dev/dri/renderD128 [ chr_file ] Sorgente gdb Percorso della sorgente gdb Porta <Sconosciuto> Host (removed) Sorgente Pacchetti RPM Pacchetti RPM target SELinux Policy RPM selinux-policy-targeted-35.13-1.fc35.noarch Local Policy RPM selinux-policy-targeted-35.13-1.fc35.noarch Selinux abilitato True Tipo di politica targeted Modalità Enforcing Permissive Host Name (removed) Piattaforma Linux dave.idp.it 5.16.7-200.fc35.x86_64 #1 SMP PREEMPT Sun Feb 6 19:53:54 UTC 2022 x86_64 x86_64 Conteggio avvisi 1 Primo visto 2022-02-10 19:53:03 CET Ultimo visto 2022-02-10 19:53:03 CET ID locale 29cc3140-4763-47af-8ba4-e1d1e9960551 Messaggi Raw Audit type=AVC msg=audit(1644519183.486:399): avc: denied { open } for pid=5069 comm="gdb" path="/dev/dri/renderD128" dev="devtmpfs" ino=570 scontext=system_u:system_r:abrt_t:s0-s0:c0.c1023 tcontext=system_u:object_r:dri_device_t:s0 tclass=chr_file permissive=1 Hash: gdb,abrt_t,dri_device_t,chr_file,open
Similar problem has been detected: I'm not sure how this happened, as I just started up my computer. I am using an Nvidia RTX 2070 graphics card. Any help is appreciated, thank you. hashmarkername: setroubleshoot kernel: 5.16.9-200.fc35.x86_64 package: selinux-policy-targeted-35.15-1.fc35.noarch reason: SELinux is preventing gdb from 'read' accesses on the chr_file nvidiactl. type: libreport
Similar problem has been detected: Install of Fedora 5 on old Dell Workstation hashmarkername: setroubleshoot kernel: 5.16.15-201.fc35.x86_64 package: selinux-policy-targeted-35.15-1.fc35.noarch reason: SELinux is preventing gdb from 'read' accesses on the chr_file card0. type: libreport
Similar problem has been detected: This happened after the gnome-maps didn't want to open from application menu and was opened through terminal. For now the only way to run gnome-maps is through terminal command but after closing program there is a crash report - "gjs-console" has crashed. hashmarkername: setroubleshoot kernel: 5.16.20-200.fc35.x86_64 package: selinux-policy-targeted-35.16-1.fc35.noarch reason: SELinux is preventing gdb from 'read' accesses on the chr_file renderD128. type: libreport
Similar problem has been detected: Eclipse IDE crashed hashmarkername: setroubleshoot kernel: 5.16.18-100.fc34.x86_64 package: selinux-policy-targeted-34.26-1.fc34.noarch reason: SELinux is preventing gdb from 'open' accesses on the chr_file /dev/nvidiactl. type: libreport
Similar problem has been detected: Clicked on a hyperlink in the Airshipper flatpak. Airshipper then crashed, and I received this SELinux error. hashmarkername: setroubleshoot kernel: 5.17.5-200.fc35.x86_64 package: selinux-policy-targeted-35.17-1.fc35.noarch reason: SELinux is preventing gdb from 'read' accesses on the chr_file nvidiactl. type: libreport
*** Bug 2083354 has been marked as a duplicate of this bug. ***
Comment 144 by Zdeneck Pytela (hi!) implies there's a fix for F35. Any chance of porting it to Fedora Linux 36? (I mean setting "abrt_handle_event on" by default?) Currently on an updated clean install of Fedora 36: [admin@fedora ~]$ getsebool abrt_handle_event abrt_handle_event --> off [admin@fedora ~]$ rpm -qa \*selin\* libselinux-3.3-4.fc36.x86_64 libselinux-utils-3.3-4.fc36.x86_64 python3-libselinux-3.3-4.fc36.x86_64 dnfdaemon-selinux-0.3.20-8.fc36.noarch rpm-plugin-selinux-4.17.0-10.fc36.x86_64 selinux-policy-36.8-1.fc36.noarch selinux-policy-targeted-36.8-1.fc36.noarch smartmontools-selinux-7.3-2.fc36.noarch flatpak-selinux-1.12.7-2.fc36.noarch
*** Bug 2084618 has been marked as a duplicate of this bug. ***
*** Bug 2089838 has been marked as a duplicate of this bug. ***
*** Bug 2089839 has been marked as a duplicate of this bug. ***
Similar problem has been detected: Wakeup from suspend hashmarkername: setroubleshoot kernel: 5.17.8-300.fc36.x86_64 package: selinux-policy-targeted-36.8-2.fc36.noarch reason: SELinux is preventing gdb from 'read' accesses on the chr_file nvidiactl. type: libreport
My recent case may be related to compiz as I was forced to restart compiz after wakeup from suspend and getting this error
*** Bug 2095473 has been marked as a duplicate of this bug. ***
*** Bug 2096286 has been marked as a duplicate of this bug. ***
*** Bug 2099368 has been marked as a duplicate of this bug. ***
*** Bug 2103838 has been marked as a duplicate of this bug. ***
*** Bug 2103410 has been marked as a duplicate of this bug. ***
Similar problem has been detected: 1. Install libreport-plugin-ureport-2.17.2-1 via updates-testing. 2. Crash a program. 3. This SELinux alert appears. hashmarkername: setroubleshoot kernel: 5.18.19-200.fc36.x86_64 package: selinux-policy-targeted-36.14-1.fc36.noarch reason: SELinux is preventing reporter-urepor from 'write' accesses on the file user. type: libreport
*** Bug 2116494 has been marked as a duplicate of this bug. ***
*** Bug 2133246 has been marked as a duplicate of this bug. ***
Similar problem has been detected: Restarted sound from gnome panel after crash. hashmarkername: setroubleshoot kernel: 5.19.16-200.fc36.x86_64 package: selinux-policy-targeted-36.16-1.fc36.noarch reason: SELinux is preventing gdb from 'open' accesses on the chr_file /dev/dri/renderD128. type: libreport
*** Bug 2143802 has been marked as a duplicate of this bug. ***
*** Bug 2144022 has been marked as a duplicate of this bug. ***
*** Bug 2144023 has been marked as a duplicate of this bug. ***
*** Bug 2148663 has been marked as a duplicate of this bug. ***
Similar problem has been detected: Looks like an abrt issue from the AVC contexts. hashmarkername: setroubleshoot kernel: 6.0.9-300.fc37.x86_64 package: selinux-policy-targeted-37.15-1.fc37.noarch reason: SELinux is preventing gdb from 'read' accesses on the chr_file nvidia0. type: libreport
This is still happening in F37.
*** Bug 2150662 has been marked as a duplicate of this bug. ***
There are multiple different issues reported in this bz now, please report each new issue in separate bzs if it is reasonable. Common problems are: - abrt_handle_event boolean needs to be turned on to allow abrt execute its gdb handler - the underlying problem is an application/driver crashing which needs to be reported on the right component - in case of 3rd party nvidia drivers, this needs to be resolved with their vendor We are going to change the boolean default in Rawhide and possibly in F37 later too.
*** Bug 2152411 has been marked as a duplicate of this bug. ***
Similar problem has been detected: Attempted to measure a distance in the Draw window of Avogadro2 for X11. Hung briefly then crashed hashmarkername: setroubleshoot kernel: 6.0.12-300.fc37.x86_64 package: selinux-policy-targeted-37.15-1.fc37.noarch reason: SELinux is preventing gdb from 'open' accesses on the chr_file /dev/dri/card0. type: libreport
Similar problem has been detected: Probably related to Steam / Proton, but not sure hashmarkername: setroubleshoot kernel: 6.0.15-300.fc37.x86_64 package: selinux-policy-targeted-37.17-1.fc37.noarch reason: SELinux is preventing gdb from 'read' accesses on the chr_file renderD128. type: libreport
Similar problem has been detected: Browsing on Mozilla Firefox hashmarkername: setroubleshoot kernel: 6.0.15-300.fc37.x86_64 package: selinux-policy-targeted-37.17-1.fc37.noarch reason: SELinux is preventing gdb from 'read' accesses on the chr_file renderD128. type: libreport
*** Bug 2157201 has been marked as a duplicate of this bug. ***
Similar problem has been detected: Message à l'ouverture de session hashmarkername: setroubleshoot kernel: 6.0.18-300.fc37.x86_64 package: selinux-policy-targeted-37.17-1.fc37.noarch reason: SELinux is preventing gdb from 'read' accesses on the chr_file renderD128. type: libreport
Similar problem has been detected: Extending monitor view to right. I use a docking station and DisplayPort. hashmarkername: setroubleshoot kernel: 6.1.6-200.fc37.x86_64 package: selinux-policy-targeted-37.18-1.fc37.noarch reason: SELinux is preventing gdb from 'read' accesses on the chr_file renderD128. type: libreport
*** Bug 2163590 has been marked as a duplicate of this bug. ***
Similar problem has been detected: Got this denial right after logging in hashmarkername: setroubleshoot kernel: 6.1.6-200.fc37.x86_64 package: selinux-policy-targeted-37.18-1.fc37.noarch reason: SELinux is preventing gdb from 'read' accesses on the chr_file nvidiactl. type: libreport
*** Bug 2163693 has been marked as a duplicate of this bug. ***
Similar problem has been detected: Reported in Cinnamon spin on both fedora 36 Workstation and fedora 37 Workstation. This specific denial was reported after exiting the OpenSCAD application installed from flatpak using File|New then File|Quit. I have also seen it with incompatible Cinnamon Extension versions following the fedora 36 to 37 upgrade. hashmarkername: setroubleshoot kernel: 6.1.7-200.fc37.x86_64 package: selinux-policy-targeted-37.18-1.fc37.noarch reason: SELinux is preventing gdb from 'open' accesses on the chr_file /dev/dri/card0. type: libreport
Similar problem has been detected: The problem appears everytime when booting up or rebooting the computer. SDDM as display manager I boot up the machine and get a black screen with a mouse cursor (sddm does not work) I switch to tty3 login via tty3 run systemctl restart sddm.service get SELinux warning about the issue. When starting KDE Plasma directly via startx from tty3 (since sddm does not work), I do not get any SELinux warning. hashmarkername: setroubleshoot kernel: 6.1.13-200.fc37.x86_64 package: selinux-policy-targeted-37.19-1.fc37.noarch reason: SELinux is preventing gdb from 'read' accesses on the chr_file nvidiactl. type: libreport
Similar problem has been detected: no idea what this is and if it should be allowed or not hashmarkername: setroubleshoot kernel: 6.1.9-200.fc37.x86_64 package: selinux-policy-targeted-37.19-1.fc37.noarch reason: SELinux is preventing gdb from 'read' accesses on the chr_file renderD128. type: libreport
Similar problem has been detected: It hapened after I have left my computer suspended for a few hours. After one of the recent updates I am unable to login after waking-up (it freezes after entering a password). Usually I just hard reset PC but today I wanted to check what is going on. After jumping over a couple of TTYs, and logging again from a tty1, it finally showed me a GNOME desktop and notified me about this problem. However, I am unsure if this is somehow related. hashmarkername: setroubleshoot kernel: 6.1.14-200.fc37.x86_64 package: selinux-policy-targeted-37.19-1.fc37.noarch reason: SELinux is preventing gdb from 'read' accesses on the chr_file nvidia0. type: libreport
Similar problem has been detected: Most likely using Qt Creator to compile / edit code, did not really debug anything locally lately. hashmarkername: setroubleshoot kernel: 6.1.18-200.fc37.x86_64 package: selinux-policy-targeted-37.19-1.fc37.noarch reason: SELinux is preventing gdb from 'open' accesses on the chr_file /dev/dri/renderD128. type: libreport
Similar problem has been detected: this let nautilus crash during file operations hashmarkername: setroubleshoot kernel: 6.1.18-200.fc37.x86_64 package: selinux-policy-targeted-37.19-1.fc37.noarch reason: SELinux is preventing gdb from 'read' accesses on the chr_file renderD128. type: libreport
Similar problem has been detected: Firefox crashed. hashmarkername: setroubleshoot kernel: 6.2.9-200.fc37.x86_64 package: selinux-policy-targeted-37.19-1.fc37.noarch reason: SELinux is preventing gdb from 'read' accesses on the chr_file renderD128. type: libreport
Similar problem has been detected: this is the update i used. after it i rebooted and system froze sudo dnf history info 11 Transaction ID : 11 Begin time : Thu 13 Apr 2023 19:06:36 BST Begin rpmdb : c711e18833c5d9936825dfe55a450da4e9a0d74bb9d382f9752eacc9f13a512f End time : Thu 13 Apr 2023 19:06:44 BST (8 seconds) End rpmdb : 2ab20a39dc83f9d2fc05ff104cb7200f0a8d93402089efba51a12eb79554f4ff User : desktop <desktop> Return-Code : Success Releasever : 37 Command Line : update Comment : Packages Altered: Upgrade dracut-059-1.fc37.x86_64 @updates Upgraded dracut-057-5.fc37.x86_64 @@System Upgrade dracut-config-rescue-059-1.fc37.x86_64 @updates Upgraded dracut-config-rescue-057-5.fc37.x86_64 @@System Upgrade dracut-network-059-1.fc37.x86_64 @updates Upgraded dracut-network-057-5.fc37.x86_64 @@System Upgrade dracut-squash-059-1.fc37.x86_64 @updates Upgraded dracut-squash-057-5.fc37.x86_64 @@System Upgrade firefox-112.0-3.fc37.x86_64 @updates Upgraded firefox-111.0.1-1.fc37.x86_64 @@System Upgrade firefox-langpacks-112.0-3.fc37.x86_64 @updates Upgraded firefox-langpacks-111.0.1-1.fc37.x86_64 @@System Upgrade ghostscript-9.56.1-7.fc37.x86_64 @updates Upgraded ghostscript-9.56.1-6.fc37.x86_64 @@System Upgrade ghostscript-tools-fonts-9.56.1-7.fc37.x86_64 @updates Upgraded ghostscript-tools-fonts-9.56.1-6.fc37.x86_64 @@System Upgrade ghostscript-tools-printing-9.56.1-7.fc37.x86_64 @updates Upgraded ghostscript-tools-printing-9.56.1-6.fc37.x86_64 @@System Upgrade grub2-common-1:2.06-94.fc37.noarch @updates Upgraded grub2-common-1:2.06-89.fc37.noarch @@System Upgrade grub2-efi-x64-1:2.06-94.fc37.x86_64 @updates Upgraded grub2-efi-x64-1:2.06-89.fc37.x86_64 @@System Upgrade grub2-tools-1:2.06-94.fc37.x86_64 @updates Upgraded grub2-tools-1:2.06-89.fc37.x86_64 @@System Upgrade grub2-tools-minimal-1:2.06-94.fc37.x86_64 @updates Upgraded grub2-tools-minimal-1:2.06-89.fc37.x86_64 @@System Upgrade inxi-3.3.26-1.fc37.noarch @updates Upgraded inxi-3.3.25-1.fc37.noarch @@System Upgrade libgs-9.56.1-7.fc37.x86_64 @updates Upgraded libgs-9.56.1-6.fc37.x86_64 @@System Upgrade pipewire-0.3.68-2.fc37.i686 @updates Upgraded pipewire-0.3.68-1.fc37.i686 @@System Upgrade pipewire-0.3.68-2.fc37.x86_64 @updates Upgraded pipewire-0.3.68-1.fc37.x86_64 @@System Upgrade pipewire-alsa-0.3.68-2.fc37.i686 @updates Upgraded pipewire-alsa-0.3.68-1.fc37.i686 @@System Upgrade pipewire-alsa-0.3.68-2.fc37.x86_64 @updates Upgraded pipewire-alsa-0.3.68-1.fc37.x86_64 @@System Upgrade pipewire-gstreamer-0.3.68-2.fc37.x86_64 @updates Upgraded pipewire-gstreamer-0.3.68-1.fc37.x86_64 @@System Upgrade pipewire-jack-audio-connection-kit-0.3.68-2.fc37.x86_64 @updates Upgraded pipewire-jack-audio-connection-kit-0.3.68-1.fc37.x86_64 @@System Upgrade pipewire-libs-0.3.68-2.fc37.i686 @updates Upgraded pipewire-libs-0.3.68-1.fc37.i686 @@System Upgrade pipewire-libs-0.3.68-2.fc37.x86_64 @updates Upgraded pipewire-libs-0.3.68-1.fc37.x86_64 @@System Upgrade pipewire-pulseaudio-0.3.68-2.fc37.x86_64 @updates Upgraded pipewire-pulseaudio-0.3.68-1.fc37.x86_64 @@System Upgrade pipewire-utils-0.3.68-2.fc37.x86_64 @updates Upgraded pipewire-utils-0.3.68-1.fc37.x86_64 @@System Upgrade polkit-121-4.fc37.2.x86_64 @updates Upgraded polkit-121-4.fc37.x86_64 @@System Upgrade polkit-libs-121-4.fc37.2.x86_64 @updates Upgraded polkit-libs-121-4.fc37.x86_64 @@System Upgrade thunderbird-102.10.0-1.fc37.x86_64 @updates Upgraded thunderbird-102.9.1-1.fc37.x86_64 @@System Upgrade thunderbird-librnp-rnp-102.10.0-1.fc37.x86_64 @updates Upgraded thunderbird-librnp-rnp-102.9.1-1.fc37.x86_64 @@System hashmarkername: setroubleshoot kernel: 6.2.9-200.fc37.x86_64 package: selinux-policy-targeted-37.19-1.fc37.noarch reason: SELinux is preventing gdb from 'read' accesses on the chr_file card0. type: libreport
Similar problem has been detected: Error occurred when waking the system from suspend; no specific user actions associated with the report. hashmarkername: setroubleshoot kernel: 6.2.9-200.fc37.x86_64 package: selinux-policy-targeted-37.19-1.fc37.noarch reason: SELinux is preventing gdb from 'read' accesses on the chr_file card0. type: libreport
Similar problem has been detected: Applied system updates. Rebooted. Graphical interfaces wouldn't load until SeLinux was disabled. hashmarkername: setroubleshoot kernel: 6.2.10-200.fc37.x86_64 package: selinux-policy-targeted-37.19-1.fc37.noarch reason: SELinux is preventing gdb from 'read' accesses on the chr_file renderD128. type: libreport
My morning starts with with a fresh cup of GDB denials. I go to RHBZ, and behold an adorable string of NOTABUGs... Pytela, instead of cooking your favorite copypasta for breakfast, lunch, and dinner, you might want to explain what happened to your promise: https://bugzilla.redhat.com/show_bug.cgi?id=1896648#c175 > We are going to change the boolean default in Rawhide and possibly in F37 later too. It's F38, and this is still a problem — has been for years. Why is the boolean change being delayed? Why is GDB not allowed read access? What's the threat model anyway? I must say, SELinux has been a neverending source of frustration throughout my Linux journey... The only thing it appears to be doing well is preventing one from using their PC.
Similar problem has been detected: Happened as a result of ABRT trying to collect crash data after VLC crashed hashmarkername: setroubleshoot kernel: 6.4.12-100.fc37.x86_64 package: selinux-policy-targeted-37.22-1.fc37.noarch reason: SELinux is preventing gdb from 'read' accesses on the chr_file card0. type: libreport