Description of problem: Opened libreoffice writer. It appears to try and read all pid. I also recieved denials for gpm.pid mcelog.pid syslogd.pid ksmtune.pid restorecond.pid setroubleshootd.pid crond.pid auditd.pid but am only filing this one report. This did not result in a crash of libreoffice. Libreoffice still worked fine. SELinux is preventing /usr/lib64/libreoffice/program/soffice.bin from 'read' accesses on the file firewalld.pid. ***** Plugin catchall (100. confidence) suggests *************************** If you believe that soffice.bin should be allowed read access on the firewalld.pid file by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # grep pool /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context staff_u:staff_r:staff_t:s0-s0:c0.c1023 Target Context system_u:object_r:firewalld_var_run_t:s0 Target Objects firewalld.pid [ file ] Source pool Source Path /usr/lib64/libreoffice/program/soffice.bin Port <Unknown> Host (removed) Source RPM Packages libreoffice-core-3.6.6.2-5.fc18.x86_64 Target RPM Packages Policy RPM selinux-policy-3.11.1-92.fc18.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 3.8.11-200.fc18.x86_64 #1 SMP Wed May 1 19:44:27 UTC 2013 x86_64 x86_64 Alert Count 1 First Seen 2013-05-13 09:52:45 CDT Last Seen 2013-05-13 09:52:45 CDT Local ID e2f7cff4-ec45-4935-9164-f734fb6ec0a1 Raw Audit Messages type=AVC msg=audit(1368456765.382:238958): avc: denied { read } for pid=31231 comm="pool" name="firewalld.pid" dev="tmpfs" ino=19287 scontext=staff_u:staff_r:staff_t:s0-s0:c0.c1023 tcontext=system_u:object_r:firewalld_var_run_t:s0 tclass=file type=SYSCALL msg=audit(1368456765.382:238958): arch=x86_64 syscall=open success=no exit=EACCES a0=7faa6c011fb0 a1=40000 a2=0 a3=746163696c707061 items=0 ppid=30842 pid=31231 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 ses=209 tty=(none) comm=pool exe=/usr/lib64/libreoffice/program/soffice.bin subj=staff_u:staff_r:staff_t:s0-s0:c0.c1023 key=(null) Hash: pool,staff_t,firewalld_var_run_t,file,read audit2allow #============= staff_t ============== allow staff_t firewalld_var_run_t:file read; audit2allow -R require { type staff_t; type firewalld_var_run_t; class file read; } #============= staff_t ============== allow staff_t firewalld_var_run_t:file read; Additional info: hashmarkername: setroubleshoot kernel: 3.8.11-200.fc18.x86_64 type: libreport
Did you do an open on /run directory?
I apologize for taking so long to respond. My attempt earlier this week evidently go through. No I did not open a file from /run. I opened libreoffice-writer from the menu of Cinnamon. It opened an empty, new document. I don't believe I had ever used libreoffice on this install. This is a approximately 3 month old install of Fedora 18. I am happy to provide any other details you need. I will try and find time this weekend to reproduce and if I can I will try to get a trace. I consider myself healthily skeptical of anything Java and my first instinct was that bad things were happening. Other than the pid reads I have not noticed any unusual behavior of the machine.
Well it is strange, the only way I would see this happening would be if you opened a file browser to the /run directory. Seems like something staff_t should not need. Glad to see you using confined users. Lets just close this for now, and reopen if it happens again.