tigervnc - behavior weird

General support questions
Gabsy
Posts: 3
Joined: 2018/02/15 16:02:49

Re: tigervnc - behavior weird

Post by Gabsy » 2018/02/16 11:39:17

@TrevorH

The error is : "SELinux is preventing systemd from using the transition access on a process."

Here's the complete sealert message .

Thanks for looking into it.


SELinux is preventing /usr/lib/systemd/systemd from using the transition access on a process.

***** Plugin catchall (100. confidence) suggests **************************

If you believe that systemd should be allowed transition access on processes labeled unconfined_t by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# ausearch -c '(ncserver)' --raw | audit2allow -M my-ncserver
# semodule -i my-ncserver.pp


Additional Information:
Source Context system_u:system_r:init_t:s0
Target Context unconfined_u:unconfined_r:unconfined_t:s0
Target Objects /usr/bin/vncserver [ process ]
Source (ncserver)
Source Path /usr/lib/systemd/systemd
Port <Unknown>
Host xxxxxxx.yyyyyyy.zzzzzzz.com
Source RPM Packages
Target RPM Packages tigervnc-server-1.8.0-2.el7_4.x86_64
Policy RPM selinux-policy-3.13.1-166.el7_4.7.noarch
Selinux Enabled True
Policy Type targeted
Enforcing Mode Enforcing
Host Name xxxxxxx.yyyyyyy.zzzzzzz.com
Platform Linux xxxxxxx.yyyyyyy.zzzzzzz.com
3.10.0-693.17.1.el7.x86_64 #1 SMP Thu Jan 25
20:13:58 UTC 2018 x86_64 x86_64
Alert Count 3
First Seen 2018-02-16 06:12:38 EST
Last Seen 2018-02-16 06:12:39 EST
Local ID 25fda139-1aed-46df-92eb-d2d0b39d5542

Raw Audit Messages
type=AVC msg=audit(1518779559.172:1647): avc: denied { transition } for pid=15719 comm="(ncserver)" path="/usr/bin/vncserver" dev="dm-0" ino=170302 scontext=system_u:system_r:init_t:s0 tcontext=unconfined_u:unconfined_r:unconfined_t:s0 tclass=process


Hash: (ncserver),init_t,unconfined_t,process,transition

User avatar
TrevorH
Forum Moderator
Posts: 24078
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: tigervnc - behavior weird

Post by TrevorH » 2018/02/16 13:23:14

Post the output from ls -laZ /usr/bin/vncserver
CentOS 5 died in March 2017 - migrate NOW!
Full time Geek, part time moderator. Use the FAQ Luke

Gabsy
Posts: 3
Joined: 2018/02/15 16:02:49

Re: tigervnc - behavior weird

Post by Gabsy » 2018/02/16 15:18:31

Trevor,

The directory list is:

[root@xxxxxxxxx it]# ls -laZ /usr/bin/vncserver
-rwxr-xr-x. root root system_u:object_r:bin_t:s0 /usr/bin/vncserver
[root@xxxxxxxxx it]#

Regards

Post Reply