First Last Prev Next    This bug is not in your last search results.
Bug 985768 - SELinux is preventing /usr/libexec/kde4/lnusertemp from 'create' accesses on the directory .kde.
SELinux is preventing /usr/libexec/kde4/lnusertemp from 'create' accesses on ...
Status: ASSIGNED
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: selinux-policy (Show other bugs)
7.2
x86_64 Unspecified
unspecified Severity unspecified
: rc
: ---
Assigned To: Lukas Vrabec
BaseOS QE Security Team
abrt_hash:43e36891067671c50a7ae8aaa89...
: Reopened
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2013-07-18 04:22 EDT by Martin Bříza
Modified: 2018-07-01 18:23 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2013-07-22 03:12:57 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

  None (edit)
Description Martin Bříza 2013-07-18 04:22:07 EDT 
Description of problem:
Started in FIPS mode.
SELinux is preventing /usr/libexec/kde4/lnusertemp from 'create' accesses on the directory .kde.

*****  Plugin catchall_boolean (89.3 confidence) suggests  *******************

If you want to allow polyinstantiation to enabled
Then you must tell SELinux about this by enabling the 'polyinstantiation_enabled' boolean.
You can read 'None' man page for more details.
Do
setsebool -P polyinstantiation_enabled 1

*****  Plugin catchall (11.6 confidence) suggests  ***************************

If you believe that lnusertemp should be allowed create access on the .kde directory by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# grep lnusertemp /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp

Additional Information:
Source Context                system_u:system_r:xdm_t:s0-s0:c0.c1023
Target Context                system_u:object_r:admin_home_t:s0
Target Objects                .kde [ dir ]
Source                        lnusertemp
Source Path                   /usr/libexec/kde4/lnusertemp
Port                          <Unknown>
Host                          (removed)
Source RPM Packages           kdelibs-4.10.5-1.el7.x86_64
Target RPM Packages           
Policy RPM                    selinux-policy-3.12.1-63.el7.noarch
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Enforcing
Host Name                     (removed)
Platform                      Linux (removed) 3.10.0-1.el7.x86_64 #1 SMP Tue Jul
                              9 12:25:09 EDT 2013 x86_64 x86_64
Alert Count                   6
First Seen                    2013-07-17 14:32:24 CEST
Last Seen                     2013-07-17 15:12:59 CEST
Local ID                      087558f6-4121-47f5-b7cb-a138c44fa230

Raw Audit Messages
type=AVC msg=audit(1374066779.503:395): avc:  denied  { create } for  pid=1341 comm="lnusertemp" name=".kde" scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:admin_home_t:s0 tclass=dir


type=SYSCALL msg=audit(1374066779.503:395): arch=x86_64 syscall=mkdir success=no exit=EACCES a0=7fff320ddf60 a1=1c0 a2=ffffffffffffff80 a3=7fff320ddc80 items=0 ppid=1339 pid=1341 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 ses=4294967295 tty=(none) comm=lnusertemp exe=/usr/libexec/kde4/lnusertemp subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 key=(null)

Hash: lnusertemp,xdm_t,admin_home_t,dir,create

Additional info:
reporter:       libreport-2.1.5
hashmarkername: setroubleshoot
kernel:         3.10.0-1.el7.x86_64
type:           libreport
Comment 2 Miroslav Grepl 2013-07-22 03:12:57 EDT 
Did you log in as root? This is not supported by SELinux.
Comment 3 Martin Bříza 2013-07-22 05:35:44 EDT 
I did not, my regular administrator account
Comment 4 Orion Poplawski 2016-03-10 17:06:43 EST 
Same here with regular login.
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.