Re: Weird selinux message

Wed, 07 Dec 2022 20:43:23 -0800 

On 12/7/22 13:04, Jeffrey Walton wrote:

On Wed, Dec 7, 2022 at 11:16 AM Robert McBroom via users
<users@lists.fedoraproject.org>  wrote:

SELinux is preventing gdb from read access on the chr_file pcmC0D0p.

What would call debug on boot sequence?

More information may be found in /var/log/audit/audit.log. `sealert -l
"*"` might also provide more information.

I think chr_file is part of a SELinux macro. I'm not used to seeing it
in an alert. Is that rule Ok?

Maybe relabel the filesystem with `fixfiles -B onboot`?

Jeff
There is nothing in audit.log referring to any of the files or processes in the alerts. 

I've run the relabel command several times and the alerts are still there.

~]# sealert -l "*"
SELinux is preventing gdb from read access on the chr_file pcmC0D0p.
*****  Plugin catchall (100. confidence) suggests   **************************
If you believe that gdb should be allowed read access on the pcmC0D0p chr_file by default. 
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# ausearch -c 'gdb' --raw | audit2allow -M my-gdb
# semodule -X 300 -i my-gdb.pp


Additional Information:
Source Context                system_u:system_r:abrt_t:s0-s0:c0.c1023
Target Context                system_u:object_r:sound_device_t:s0
Target Objects                pcmC0D0p [ chr_file ]
Source                        gdb
Source Path                   gdb
Port                          <Unknown>
Host                          RobertPC.attlocal.net
Source RPM Packages
Target RPM Packages
SELinux Policy RPM            selinux-policy-targeted-35.11-1.fc35.noarch
Local Policy RPM              selinux-policy-targeted-35.11-1.fc35.noarch
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Permissive
Host Name                     RobertPC.attlocal.net
Platform                      Linux RobertPC.attlocal.net
                             5.15.16-200.fc35.x86_64 #1 SMP Thu Jan 20 15:38:18 
                             UTC 2022 x86_64 x86_64
Alert Count                   2
First Seen                    2022-01-30 01:27:15 EST
Last Seen                     2022-01-30 01:31:02 EST
Local ID                      ecbe31dd-1a2a-4daf-bd46-8ef565e6b227

Raw Audit Messages
type=AVC msg=audit(1643524262.137:695): avc:  denied  { read } for  pid=74330 comm="gdb" name="pcmC0D0p" dev="devtmpfs" ino =532 scontext=system_u:system_r:abrt_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sound_device_t:s0 tclass=chr_file permissi 
ve=1


Hash: gdb,abrt_t,sound_device_t,chr_file,read
SELinux is preventing gdb from open access on the chr_file /dev/snd/pcmC0D0p.
*****  Plugin catchall (100. confidence) suggests   **************************
If you believe that gdb should be allowed open access on the pcmC0D0p chr_file by default. 
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# ausearch -c 'gdb' --raw | audit2allow -M my-gdb
# semodule -X 300 -i my-gdb.pp


Additional Information:
Source Context                system_u:system_r:abrt_t:s0-s0:c0.c1023
Target Context                system_u:object_r:sound_device_t:s0
Target Objects                /dev/snd/pcmC0D0p [ chr_file ]
Source                        gdb
Source Path                   gdb
Port                          <Unknown>
Host                          RobertPC.attlocal.net
Source RPM Packages
Target RPM Packages
SELinux Policy RPM            selinux-policy-targeted-35.11-1.fc35.noarch
Local Policy RPM              selinux-policy-targeted-35.11-1.fc35.noarch
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Permissive
Host Name                     RobertPC.attlocal.net
Platform                      Linux RobertPC.attlocal.net
                             5.15.16-200.fc35.x86_64 #1 SMP Thu Jan 20 15:38:18 
                             UTC 2022 x86_64 x86_64
Alert Count                   2
First Seen                    2022-01-30 01:27:15 EST
Last Seen                     2022-01-30 01:31:02 EST
Local ID                      fdbfada1-c6ac-42a3-990d-f574024ef660

Raw Audit Messages
type=AVC msg=audit(1643524262.137:696): avc:  denied  { open } for  pid=74330 comm="gdb" path="/dev/snd/pcmC0D0p" dev="devt mpfs" ino=532 scontext=system_u:system_r:abrt_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sound_device_t:s0 tclass=chr_file 
permissive=1


Hash: gdb,abrt_t,sound_device_t,chr_file,open


_______________________________________________
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Reply via email to