[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-bugs] #19349 [- Select a component]: SELinux Fedora 22 Crash

Subject: [tor-bugs] #19349 [- Select a component]: SELinux Fedora 22 Crash
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Wed, 08 Jun 2016 15:17:57 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Wed, 08 Jun 2016 11:18:08 -0400
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#19349: SELinux Fedora 22 Crash
--------------------------------------+-----------------
     Reporter:  dansemacar            |      Owner:
         Type:  defect                |     Status:  new
     Priority:  Medium                |  Milestone:
    Component:  - Select a component  |    Version:
     Severity:  Normal                |   Keywords:
Actual Points:                        |  Parent ID:
       Points:                        |   Reviewer:
      Sponsor:                        |
--------------------------------------+-----------------
 Hi

 I opened a new tab while browsing with Tor Browser 6.0.1, when an SELinux
 alert popped up, at which point Tor Browser crashed. I'm using 64 bit
 Fedora 22 with the Gnome shell.

 The "details" of the SELinux error are here:

 SELinux is preventing /usr/libexec/abrt-hook-ccpp from getattr access on
 the file file.

 *****  Plugin catchall (100. confidence) suggests
 **************************

 If you believe that abrt-hook-ccpp should be allowed getattr access on the
 file file by default.
 Then you should report this as a bug.
 You can generate a local policy module to allow this access.
 Do
 allow this access for now by executing:
 # grep abrt-hook-ccpp /var/log/audit/audit.log | audit2allow -M mypol
 # semodule -i mypol.pp

 Additional Information:
 Source Context                system_u:system_r:abrt_dump_oops_t:s0
 Target Context                system_u:object_r:nsfs_t:s0
 Target Objects                file [ file ]
 Source                        abrt-hook-ccpp
 Source Path                   /usr/libexec/abrt-hook-ccpp
 Port                          <Unknown>
 Host                          localhost.localdomain
 Source RPM Packages           abrt-addon-coredump-
 helper-2.6.1-10.fc22.x86_64
 Target RPM Packages
 Policy RPM                    selinux-policy-3.13.1-128.28.fc22.noarch
 Selinux Enabled               True
 Policy Type                   targeted
 Enforcing Mode                Enforcing
 Host Name                     localhost.localdomain
 Platform                      Linux localhost.localdomain
 4.4.11-200.fc22.x86_64
                               #1 SMP Tue May 24 00:20:46 UTC 2016 x86_64
 x86_64
 Alert Count                   3
 First Seen                    2016-05-28 11:33:42 CEST
 Last Seen                     2016-06-08 17:07:31 CEST
 Local ID                      46073432-d621-479e-b8ca-53db3389570a

 Raw Audit Messages
 type=AVC msg=audit(1465398451.178:624): avc:  denied  { getattr } for
 pid=4513 comm="abrt-hook-ccpp" path="ipc:[4026531839]" dev="nsfs"
 ino=4026531839 scontext=system_u:system_r:abrt_dump_oops_t:s0
 tcontext=system_u:object_r:nsfs_t:s0 tclass=file permissive=0


 type=SYSCALL msg=audit(1465398451.178:624): arch=x86_64 syscall=newfstatat
 success=no exit=EACCES a0=5 a1=7fb00f614c2a a2=7fff496a2ea0 a3=0 items=0
 ppid=2 pid=4513 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=abrt-hook-ccpp
 exe=/usr/libexec/abrt-hook-ccpp subj=system_u:system_r:abrt_dump_oops_t:s0
 key=(null)

 Hash: abrt-hook-ccpp,abrt_dump_oops_t,nsfs_t,file,getattr

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/19349>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Follow-Ups:
- Re: [tor-bugs] #19349 [Applications/Tor Browser]: SELinux Fedora 22 Crash
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #19349 [Applications/Tor Browser]: SELinux Fedora 22 Crash
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #19349 [Applications/Tor Browser]: SELinux Fedora 22 Crash
  - From: Tor Bug Tracker & Wiki

Prev by Author: Re: [tor-bugs] #19276 [Applications/Tor Browser]: Scrolling is slow and CPU intensive
Next by Author: [tor-bugs] #19350 [User Experience/Website]: Volunteer page has old links for Globe
Previous by thread: [tor-bugs] [Tor Bug Tracker & Wiki] Batch modify: #17282, #17287, #17291
Next by thread: Re: [tor-bugs] #19349 [Applications/Tor Browser]: SELinux Fedora 22 Crash
Index(es):
- Author
- Thread