Description of problem: When firefox crashed while using webcam on meeting, I got this selinux alert. I don't think the gdb can find anything useful on video0 device so it might make sense to dontaudit or change the tracer to ignore devices? SELinux is preventing gdb from 'read' accesses on the chr_file video0. ***** Plugin catchall (100. confidence) suggests ************************** If you believe that gdb should be allowed read access on the video0 chr_file by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # ausearch -c 'gdb' --raw | audit2allow -M my-gdb # semodule -X 300 -i my-gdb.pp Additional Information: Source Context system_u:system_r:abrt_t:s0-s0:c0.c1023 Target Context system_u:object_r:v4l_device_t:s0 Target Objects video0 [ chr_file ] Source gdb Source Path gdb Port <Unknown> Host (removed) Source RPM Packages Target RPM Packages SELinux Policy RPM selinux-policy-targeted-34.22-1.fc34.noarch Local Policy RPM selinux-policy-targeted-34.22-1.fc34.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 5.13.13-200.fc34.x86_64 #1 SMP Thu Aug 26 17:06:39 UTC 2021 x86_64 x86_64 Alert Count 4 First Seen 2021-11-18 13:05:12 CET Last Seen 2021-11-18 13:05:12 CET Local ID ef8be34a-6dab-4e4e-aab4-e78b81a61ce7 Raw Audit Messages type=AVC msg=audit(1637237112.987:23878): avc: denied { read } for pid=3547186 comm="gdb" name="video0" dev="devtmpfs" ino=616 scontext=system_u:system_r:abrt_t:s0-s0:c0.c1023 tcontext=system_u:object_r:v4l_device_t:s0 tclass=chr_file permissive=0 Hash: gdb,abrt_t,v4l_device_t,chr_file,read Version-Release number of selected component: selinux-policy-targeted-34.22-1.fc34.noarch Additional info: component: selinux-policy reporter: libreport-2.15.2 hashmarkername: setroubleshoot kernel: 5.13.13-200.fc34.x86_64 type: libreport
*** This bug has been marked as a duplicate of bug 1896648 ***