Description of problem: Every first time I log in to my account after a reboot or hibernate. SELinux is preventing gdb from 'write' accesses on the file /home/.ecryptfs/seb/.Private/ECRYPTFS_FNEK_ENCRYPTED.FWa2-ucRce.24USM4iAWYbf.k9qjEzcLhl0-SXV.u3VcniX8UjTJ5ULgZE--/ECRYPTFS_FNEK_ENCRYPTED.FWa2-ucRce.24USM4iAWYbf.k9qjEzcLhl0-FdWcdxaG3VIoTygdW.kK3---/ECRYPTFS_FNEK_ENCRYPTED.FWa2-ucRce.24USM4iAWYbf.k9qjEzcLhl0-7aft496d9OC13Ybaj4ZiQE--. ***** Plugin catchall (100. confidence) suggests ************************** If you believe that gdb should be allowed write access on the ECRYPTFS_FNEK_ENCRYPTED.FWa2-ucRce.24USM4iAWYbf.k9qjEzcLhl0-7aft496d9OC13Ybaj4ZiQE-- file by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # ausearch -c 'gdb' --raw | audit2allow -M my-gdb # semodule -X 300 -i my-gdb.pp Additional Information: Source Context system_u:system_r:abrt_t:s0-s0:c0.c1023 Target Context unconfined_u:object_r:ecryptfs_t:s0 Target Objects /home/.ecryptfs/seb/.Private/ECRYPTFS_FNEK_ENCRYPT ED.FWa2-ucRce.24USM4iAWYbf.k9qjEzcLhl0- SXV.u3VcniX8UjTJ5ULgZE-- /ECRYPTFS_FNEK_ENCRYPTED.FWa2- ucRce.24USM4iAWYbf.k9qjEzcLhl0- FdWcdxaG3VIoTygdW.kK3--- /ECRYPTFS_FNEK_ENCRYPTED.FWa2- ucRce.24USM4iAWYbf.k9qjEzcLhl0- 7aft496d9OC13Ybaj4ZiQE-- [ file ] Source gdb Source Path gdb Port <Unknown> Host (removed) Source RPM Packages Target RPM Packages SELinux Policy RPM selinux-policy-targeted-36.16-1.fc36.noarch Local Policy RPM selinux-policy-targeted-36.16-1.fc36.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 5.19.15-201.fc36.x86_64 #1 SMP PREEMPT_DYNAMIC Thu Oct 13 18:58:38 UTC 2022 x86_64 x86_64 Alert Count 8 First Seen 2023-01-21 13:26:17 EST Last Seen 2023-01-21 13:26:17 EST Local ID bcd2f61c-a715-4b04-b531-1b6bc206f739 Raw Audit Messages type=AVC msg=audit(1674325577.770:56367): avc: denied { write } for pid=3637665 comm="gdb" path="/home/.ecryptfs/seb/.Private/ECRYPTFS_FNEK_ENCRYPTED.FWa2-ucRce.24USM4iAWYbf.k9qjEzcLhl0-SXV.u3VcniX8UjTJ5ULgZE--/ECRYPTFS_FNEK_ENCRYPTED.FWa2-ucRce.24USM4iAWYbf.k9qjEzcLhl0-FdWcdxaG3VIoTygdW.kK3---/ECRYPTFS_FNEK_ENCRYPTED.FWa2-ucRce.24USM4iAWYbf.k9qjEzcLhl0-7aft496d9OC13Ybaj4ZiQE--" dev="dm-3" ino=402663098 scontext=system_u:system_r:abrt_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:ecryptfs_t:s0 tclass=file permissive=0 Hash: gdb,abrt_t,ecryptfs_t,file,write Version-Release number of selected component: selinux-policy-targeted-36.16-1.fc36.noarch Additional info: component: selinux-policy reporter: libreport-2.17.4 hashmarkername: setroubleshoot kernel: 5.19.15-201.fc36.x86_64 type: libreport
It is required to turn this boolean on to allow abrt execute its gdb handler and be able to troubleshoot further: # setsebool -P abrt_handle_event on and subsequently report another bug for the affected component. Refer to abrt_handle_event_selinux(8) for more information. Closing as dup of bz#1896648. *** This bug has been marked as a duplicate of bug 1896648 ***