Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.
Bug 1979136
| Summary: | SELinux is preventing gdb from 'read' accesses on the file b3043b29744cf0a429678d296f5e4026-le64.cache-7. | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | srgtns <srgtns> |
| Component: | selinux-policy | Assignee: | Zdenek Pytela <zpytela> |
| Status: | CLOSED DUPLICATE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 34 | CC: | dwalsh, grepl.miroslav, loximann, lvrabec, mmalik, omosnace, rafal.boruc, vmojzis, zpytela |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | x86_64 | ||
| OS: | Unspecified | ||
| Whiteboard: | abrt_hash:ec3a98c0764bb068d221f45c3b9b619239f5fd4f91fc968fb7fc224ca75dab07;VARIANT_ID=xfce; | ||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2021-12-09 15:27:01 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
Similar problem has been detected: I started getting a ton of SELinux alerts out of the blue. hashmarkername: setroubleshoot kernel: 5.13.12-200.fc34.x86_64 package: selinux-policy-targeted-34.16-1.fc34.noarch reason: SELinux is preventing gdb from 'read' accesses on the file /var/snap/signal-desktop/common/fontconfig/5042f36b6c21265d2b662feda0e2d4ad-le64.cache-7. type: libreport *** This bug has been marked as a duplicate of bug 1896648 *** |
Description of problem: SELinux is preventing gdb from 'read' accesses on the file b3043b29744cf0a429678d296f5e4026-le64.cache-7. ***** Plugin catchall (100. confidence) suggests ************************** If you believe that gdb should be allowed read access on the b3043b29744cf0a429678d296f5e4026-le64.cache-7 file by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # ausearch -c 'gdb' --raw | audit2allow -M my-gdb # semodule -X 300 -i my-gdb.pp Additional Information: Source Context system_u:system_r:abrt_t:s0-s0:c0.c1023 Target Context system_u:object_r:snappy_var_t:s0 Target Objects b3043b29744cf0a429678d296f5e4026-le64.cache-7 [ file ] Source gdb Source Path gdb Port <Unknown> Host (removed) Source RPM Packages Target RPM Packages SELinux Policy RPM selinux-policy-targeted-34.12-1.fc34.noarch Local Policy RPM selinux-policy-targeted-34.12-1.fc34.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 5.12.13-300.fc34.x86_64 #1 SMP Wed Jun 23 16:18:11 UTC 2021 x86_64 x86_64 Alert Count 40 First Seen 2021-07-05 09:45:13 WIB Last Seen 2021-07-05 09:45:13 WIB Local ID 8fcdfbe5-28b6-48fa-bfa9-4ca875fba632 Raw Audit Messages type=AVC msg=audit(1625453113.943:756): avc: denied { read } for pid=13504 comm="gdb" name="b3043b29744cf0a429678d296f5e4026-le64.cache-7" dev="sda3" ino=1080189 scontext=system_u:system_r:abrt_t:s0-s0:c0.c1023 tcontext=system_u:object_r:snappy_var_t:s0 tclass=file permissive=0 Hash: gdb,abrt_t,snappy_var_t,file,read Version-Release number of selected component: selinux-policy-targeted-34.12-1.fc34.noarch Additional info: component: selinux-policy reporter: libreport-2.15.2 hashmarkername: setroubleshoot kernel: 5.12.13-300.fc34.x86_64 type: libreport Potential duplicate: bug 1912029