[tor-bugs] #19349 [- Select a component]: SELinux Fedora 22 Crash

Tor Bug Tracker & Wiki blackhole at torproject.org
Wed Jun 8 15:17:57 UTC 2016


#19349: SELinux Fedora 22 Crash
--------------------------------------+-----------------
     Reporter:  dansemacar            |      Owner:
         Type:  defect                |     Status:  new
     Priority:  Medium                |  Milestone:
    Component:  - Select a component  |    Version:
     Severity:  Normal                |   Keywords:
Actual Points:                        |  Parent ID:
       Points:                        |   Reviewer:
      Sponsor:                        |
--------------------------------------+-----------------
 Hi

 I opened a new tab while browsing with Tor Browser 6.0.1, when an SELinux
 alert popped up, at which point Tor Browser crashed. I'm using 64 bit
 Fedora 22 with the Gnome shell.

 The "details" of the SELinux error are here:

 SELinux is preventing /usr/libexec/abrt-hook-ccpp from getattr access on
 the file file.

 *****  Plugin catchall (100. confidence) suggests
 **************************

 If you believe that abrt-hook-ccpp should be allowed getattr access on the
 file file by default.
 Then you should report this as a bug.
 You can generate a local policy module to allow this access.
 Do
 allow this access for now by executing:
 # grep abrt-hook-ccpp /var/log/audit/audit.log | audit2allow -M mypol
 # semodule -i mypol.pp

 Additional Information:
 Source Context                system_u:system_r:abrt_dump_oops_t:s0
 Target Context                system_u:object_r:nsfs_t:s0
 Target Objects                file [ file ]
 Source                        abrt-hook-ccpp
 Source Path                   /usr/libexec/abrt-hook-ccpp
 Port                          <Unknown>
 Host                          localhost.localdomain
 Source RPM Packages           abrt-addon-coredump-
 helper-2.6.1-10.fc22.x86_64
 Target RPM Packages
 Policy RPM                    selinux-policy-3.13.1-128.28.fc22.noarch
 Selinux Enabled               True
 Policy Type                   targeted
 Enforcing Mode                Enforcing
 Host Name                     localhost.localdomain
 Platform                      Linux localhost.localdomain
 4.4.11-200.fc22.x86_64
                               #1 SMP Tue May 24 00:20:46 UTC 2016 x86_64
 x86_64
 Alert Count                   3
 First Seen                    2016-05-28 11:33:42 CEST
 Last Seen                     2016-06-08 17:07:31 CEST
 Local ID                      46073432-d621-479e-b8ca-53db3389570a

 Raw Audit Messages
 type=AVC msg=audit(1465398451.178:624): avc:  denied  { getattr } for
 pid=4513 comm="abrt-hook-ccpp" path="ipc:[4026531839]" dev="nsfs"
 ino=4026531839 scontext=system_u:system_r:abrt_dump_oops_t:s0
 tcontext=system_u:object_r:nsfs_t:s0 tclass=file permissive=0


 type=SYSCALL msg=audit(1465398451.178:624): arch=x86_64 syscall=newfstatat
 success=no exit=EACCES a0=5 a1=7fb00f614c2a a2=7fff496a2ea0 a3=0 items=0
 ppid=2 pid=4513 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=abrt-hook-ccpp
 exe=/usr/libexec/abrt-hook-ccpp subj=system_u:system_r:abrt_dump_oops_t:s0
 key=(null)

 Hash: abrt-hook-ccpp,abrt_dump_oops_t,nsfs_t,file,getattr

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/19349>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list