search

joshuadavidthomas / custom-ublue-os

Apache License 2.0
0 stars 0 forks source link

selinux error with vivaldi on first launch #17

Open joshuadavidthomas opened 3 months ago

joshuadavidthomas commented 3 months ago 
Jul 04 01:24:15 jthomast14g2 setroubleshoot[8204]: SELinux is preventing vivaldi-bin from using the execheap access on a process. For complete SELinux messages run: sealert -l c8623f9d-cf7>
Jul 04 01:24:15 jthomast14g2 setroubleshoot[8204]: SELinux is preventing vivaldi-bin from using the execheap access on a process.

                                                   *****  Plugin allow_execheap (53.1 confidence) suggests   ********************

                                                   If you do not think vivaldi-bin should need to map heap memory that is both writable and executable.
                                                   Then you need to report a bug. This is a potentially dangerous access.
                                                   Do
                                                   contact your security administrator and report this issue.

                                                   *****  Plugin catchall_boolean (42.6 confidence) suggests   ******************

                                                   If you want to allow selinuxuser to execheap
                                                   Then you must tell SELinux about this by enabling the 'selinuxuser_execheap' boolean.

                                                   Do
                                                   setsebool -P selinuxuser_execheap 1

                                                   *****  Plugin catchall (5.76 confidence) suggests   **************************

                                                   If you believe that vivaldi-bin should be allowed execheap access on processes labeled unconfined_t by default.
                                                   Then you should report this as a bug.
                                                   You can generate a local policy module to allow this access.
                                                   Do
                                                   allow this access for now by executing:
                                                   # ausearch -c 'vivaldi-bin' --raw | audit2allow -M my-vivaldibin
                                                   # semodule -X 300 -i my-vivaldibin.pp
joshuadavidthomas commented 3 months ago 
Jul 04 01:24:13 jthomast14g2 drkonqi-coredump-launcher[8201]: Unable to find file for pid 7919 expected at "kcrash-metadata/vivaldi-bin.1508a8afedd344f7841153a80fade80f.7919.ini"
Jul 04 01:24:13 jthomast14g2 systemd[1]: Started setroubleshootd.service - SETroubleshoot daemon for processing new SELinux denial logs.
Jul 04 01:24:13 jthomast14g2 audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=setroubleshootd comm="systemd" exe="/usr/lib/syst>
Jul 04 01:24:13 jthomast14g2 setroubleshoot[8204]: cannot create file /var/lib/setroubleshoot/setroubleshoot_database.xml [No such file or directory]
Jul 04 01:24:13 jthomast14g2 setroubleshoot[8204]: cannot chmod /var/lib/setroubleshoot/setroubleshoot_database.xml to 600 [No such file or directory]
Jul 04 01:24:13 jthomast14g2 setroubleshoot[8204]: cannot chown /var/lib/setroubleshoot/setroubleshoot_database.xml to setroubleshoot:setroubleshoot [No such file or directory]
Jul 04 01:24:13 jthomast14g2 setroubleshoot[8204]: cannot create file /var/lib/setroubleshoot/email_alert_recipients [No such file or directory]
Jul 04 01:24:13 jthomast14g2 setroubleshoot[8204]: cannot chmod /var/lib/setroubleshoot/email_alert_recipients to 600 [No such file or directory]
Jul 04 01:24:13 jthomast14g2 setroubleshoot[8204]: cannot chown /var/lib/setroubleshoot/email_alert_recipients to setroubleshoot:setroubleshoot [No such file or directory]
Jul 04 01:24:14 jthomast14g2 audit[8210]: AVC avc:  denied  { execute } for  pid=8210 comm="rpm" name="rpm-ostree" dev="nvme0n1p3" ino=48694 scontext=system_u:system_r:setroubleshootd_t:s0>
Jul 04 01:24:14 jthomast14g2 audit[8210]: AVC avc:  denied  { execute } for  pid=8210 comm="rpm" name="rpm-ostree" dev="nvme0n1p3" ino=48694 scontext=system_u:system_r:setroubleshootd_t:s0>
Jul 04 01:24:14 jthomast14g2 audit[8210]: AVC avc:  denied  { execute } for  pid=8210 comm="rpm" name="rpm-ostree" dev="nvme0n1p3" ino=48694 scontext=system_u:system_r:setroubleshootd_t:s0>
Jul 04 01:24:14 jthomast14g2 setroubleshoot[8204]: failed to retrieve rpm info for path '/etc/selinux/targeted': /usr/bin/rpm: line 6: /usr/bin/rpm-ostree: Permission denied
                                                   /usr/bin/rpm: line 6: exec: /usr/bin/rpm-ostree: cannot execute: Permission denied