Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 1516019 - SELinux is preventing gnome-session-b from 'read' accesses on the lnk_file
Summary: SELinux is preventing gnome-session-b from 'read' accesses on the lnk_file li...
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy
Version: 27
Hardware: x86_64
OS: Unspecified
Target Milestone: ---
Assignee: Lukas Vrabec
QA Contact: Fedora Extras Quality Assurance
Whiteboard: abrt_hash:d4c8213c27112d64900e150d9b2...
Depends On:
TreeView+ depends on / blocked
Reported: 2017-11-21 19:36 UTC by Gael
Modified: 2017-12-11 11:45 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Last Closed: 2017-12-11 11:45:09 UTC

Attachments (Terms of Use)

Description Gael 2017-11-21 19:36:51 UTC
Description of problem:
SELinux is preventing gnome-session-b from 'read' accesses on the lnk_file

*****  Plugin catchall (100. confidence) suggests   **************************

If vous pensez que gnome-session-b devrait être autorisé à accéder read sur lnk_file par défaut.
Then vous devriez rapporter ceci en tant qu'anomalie.
Vous pouvez générer un module de stratégie local pour autoriser cet accès.
allow this access for now by executing:
# ausearch -c 'gnome-session-b' --raw | audit2allow -M my-gnomesessionb
# semodule -X 300 -i my-gnomesessionb.pp

Additional Information:
Source Context                system_u:system_r:xdm_t:s0-s0:c0.c1023
Target Context                system_u:object_r:var_lib_t:s0
Target Objects       [ lnk_file ]
Source                        gnome-session-b
Source Path                   gnome-session-b
Port                          <Inconnu>
Host                          (removed)
Source RPM Packages           
Target RPM Packages           
Policy RPM                    selinux-policy-3.13.1-260.1.fc26.noarch
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Enforcing
Host Name                     (removed)
Platform                      Linux (removed) 4.11.9-300.fc26.x86_64 #1 SMP Wed
                              Jul 5 16:21:56 UTC 2017 x86_64 x86_64
Alert Count                   23
First Seen                    2017-07-17 11:52:16 CEST
Last Seen                     2017-07-17 11:52:20 CEST
Local ID                      49166234-093c-447e-a1a1-bd4180679256

Raw Audit Messages
type=AVC msg=audit(1500285140.365:241): avc:  denied  { read } for  pid=1366 comm="gsd-color" name="" dev="dm-0" ino=1450906 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_lib_t:s0 tclass=lnk_file permissive=0

Hash: gnome-session-b,xdm_t,var_lib_t,lnk_file,read

Version-Release number of selected component:

Additional info:
component:      selinux-policy
reporter:       libreport-2.9.3
hashmarkername: setroubleshoot
kernel:         4.13.12-300.fc27.x86_64
type:           libreport

Comment 1 Lukas Vrabec 2017-12-11 11:45:09 UTC

Could you please run: 

# restorecon -Rv /usr/ 

To fix contexts on your systems? Your system looks mislabeled. 

If you still facing this issue after restorecon, feel free to re-open this issue.


Note You need to log in before you can comment on or make changes to this bug.