2187865 – SELinux is preventing false from 'read' accesses on the fifo_file fifo_file.

Bug 2187865 - SELinux is preventing false from 'read' accesses on the fifo_file fifo_file.

Summary: SELinux is preventing false from 'read' accesses on the fifo_file fifo_file.

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	selinux-policy
Sub Component:
Version:	38
Hardware:	x86_64
OS:	Unspecified
Priority:	high
Severity:	unspecified
Target Milestone:	---
Assignee:	Zdenek Pytela
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:	abrt_hash:9781a66f377bb4549f9ce51ac37...
Duplicates (1):	2187866 (view as bug list)
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2023-04-19 01:04 UTC by criollo
Modified:	2023-04-28 02:36 UTC (History)
CC List:	8 users (show)
Fixed In Version:	selinux-policy-38.12-1.fc38
Clone Of:
Environment:
Last Closed:	2023-04-28 02:36:38 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)
File: description (1.94 KB, text/plain) 2023-04-19 01:04 UTC, criollo	no flags	Details
File: os_info (682 bytes, text/plain) 2023-04-19 01:04 UTC, criollo	no flags	Details
View All

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Github	fedora-selinux selinux-policy pull 1648/files	0	None	None	None	2023-04-19 05:29:31 UTC

Description criollo 2023-04-19 01:04:42 UTC

Description of problem:
SELinux is preventing false from 'read' accesses on the fifo_file fifo_file.

*****  Plugin catchall (100. confidence) suggests   **************************

Si cree que de manera predeterminada se debería permitir a false el acceso read sobre  fifo_file fifo_file.     
Then debería reportar esto como un error.
Puede generar un módulo de política local para permitir este acceso.
Do
permita el acceso temporalmente ejecutando:
# ausearch -c 'false' --raw | audit2allow -M mi-false
# semodule -X 300 -i mi-false.pp

Additional Information:
Source Context                system_u:system_r:kernel_generic_helper_t:s0
Target Context                system_u:system_r:kernel_t:s0
Target Objects                fifo_file [ fifo_file ]
Source                        false
Source Path                   false
Port                          <Desconocido>
Host                          (removed)
Source RPM Packages           
Target RPM Packages           
SELinux Policy RPM            selinux-policy-targeted-38.10-1.fc38.noarch
Local Policy RPM              selinux-policy-targeted-38.10-1.fc38.noarch
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Enforcing
Host Name                     (removed)
Platform                      Linux (removed) 6.2.11-300.fc38.x86_64 #1 SMP
                              PREEMPT_DYNAMIC Thu Apr 13 20:27:09 UTC 2023
                              x86_64
Alert Count                   4
First Seen                    2023-04-18 17:12:10 EDT
Last Seen                     2023-04-18 17:29:04 EDT
Local ID                      27c30894-d053-4995-a7aa-d3e7726071f7

Raw Audit Messages
type=AVC msg=audit(1681853344.145:494): avc:  denied  { read } for  pid=17972 comm="false" path="pipe:[84630]" dev="pipefs" ino=84630 scontext=system_u:system_r:kernel_generic_helper_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=fifo_file permissive=0


Hash: false,kernel_generic_helper_t,kernel_t,fifo_file,read

Version-Release number of selected component:
selinux-policy-targeted-38.10-1.fc38.noarch

Additional info:
reporter:       libreport-2.17.9
reason:         SELinux is preventing false from 'read' accesses on the fifo_file fifo_file.
package:        selinux-policy-targeted-38.10-1.fc38.noarch
component:      selinux-policy
hashmarkername: setroubleshoot
type:           libreport
kernel:         6.2.11-300.fc38.x86_64
component:      selinux-policy

Comment 1 criollo 2023-04-19 01:04:44 UTC

Created attachment 1958137 [details]
File: description

Comment 2 criollo 2023-04-19 01:04:46 UTC

Created attachment 1958138 [details]
File: os_info

Comment 3 Zdenek Pytela 2023-04-19 05:35:28 UTC

*** Bug 2187866 has been marked as a duplicate of this bug. ***

Comment 4 Fedora Update System 2023-04-26 12:57:29 UTC

FEDORA-2023-21649bd3fe has been submitted as an update to Fedora 38. https://bodhi.fedoraproject.org/updates/FEDORA-2023-21649bd3fe

Comment 5 Fedora Update System 2023-04-27 02:29:47 UTC

FEDORA-2023-21649bd3fe has been pushed to the Fedora 38 testing repository.
Soon you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2023-21649bd3fe`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2023-21649bd3fe

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.

Comment 6 Fedora Update System 2023-04-28 02:36:38 UTC

FEDORA-2023-21649bd3fe has been pushed to the Fedora 38 stable repository.
If problem still persists, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.