Closed Tiagoquix closed 3 weeks ago
Problems with abrt have been resolved, for sd-coredump we are awaiting further information: https://bugzilla.redhat.com/show_bug.cgi?id=2278902
For sd-coredump, it also happens when normal applications crash (such as GIMP).
I cannot see any AVC denial on my systems after killing running services, that's why additional inputs are needed.
For me there's a new bug in GIMP, and maybe you can test it too.
It always crashes if I crop an image, export it and then discard the changes to the original image. Then SELinux complains and denies the access for sd-coredump.
@zpytela Hi there. Another systemd-coredum
-> sys_admin
happened to me today:
SELinux is preventing systemd-coredum from using the sys_admin capability.
***** Plugin catchall (100. confidence) suggests **************************
If you believe that systemd-coredum should have the sys_admin capability by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# ausearch -c 'systemd-coredum' --raw | audit2allow -M my-systemdcoredum
# semodule -X 300 -i my-systemdcoredum.pp
Additional Information:
Source Context system_u:system_r:systemd_coredump_t:s0
Target Context system_u:system_r:systemd_coredump_t:s0
Target Objects Unknown [ capability ]
Source systemd-coredum
Source Path systemd-coredum
Port <Unknown>
Host fedora
Source RPM Packages
Target RPM Packages
SELinux Policy RPM selinux-policy-targeted-40.20-1.fc40.noarch
Local Policy RPM selinux-policy-targeted-40.20-1.fc40.noarch
Selinux Enabled True
Policy Type targeted
Enforcing Mode Enforcing
Host Name fedora
Platform Linux fedora 6.8.11-300.fc40.x86_64 #1 SMP
PREEMPT_DYNAMIC Mon May 27 14:53:33 UTC 2024
x86_64
Alert Count 6
First Seen 2024-04-30 02:16:14 -03
Last Seen 2024-06-08 11:53:48 -03
Local ID 8f63820a-c1b4-4f8d-a134-a3139631dbb8
Raw Audit Messages
type=AVC msg=audit(1717858428.104:449): avc: denied { sys_admin } for pid=31054 comm="systemd-coredum" capability=21 scontext=system_u:system_r:systemd_coredump_t:s0 tcontext=system_u:system_r:systemd_coredump_t:s0 tclass=capability permissive=0
Hash: systemd-coredum,systemd_coredump_t,systemd_coredump_t,capability,sys_admin
The root cause has been found and issue fixed. https://github.com/fedora-selinux/selinux-policy/pull/2151
Context: video games crashing (for both alerts).