Opened 3 years ago

Last modified 3 years ago

#19349 needs_information defect

SELinux Fedora 22 Crash

Reported by: dansemacar Owned by: tbb-team
Priority: Medium Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords:
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:



I opened a new tab while browsing with Tor Browser 6.0.1, when an SELinux alert popped up, at which point Tor Browser crashed. I'm using 64 bit Fedora 22 with the Gnome shell.

The "details" of the SELinux error are here:

SELinux is preventing /usr/libexec/abrt-hook-ccpp from getattr access on the file file.

* Plugin catchall (100. confidence) suggests

If you believe that abrt-hook-ccpp should be allowed getattr access on the file file by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
allow this access for now by executing:
# grep abrt-hook-ccpp /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp

Additional Information:
Source Context system_u:system_r:abrt_dump_oops_t:s0
Target Context system_u:object_r:nsfs_t:s0
Target Objects file [ file ]
Source abrt-hook-ccpp
Source Path /usr/libexec/abrt-hook-ccpp
Port <Unknown>
Host localhost.localdomain
Source RPM Packages abrt-addon-coredump-helper-2.6.1-10.fc22.x86_64
Target RPM Packages
Policy RPM selinux-policy-3.13.1-128.28.fc22.noarch
Selinux Enabled True
Policy Type targeted
Enforcing Mode Enforcing
Host Name localhost.localdomain
Platform Linux localhost.localdomain 4.4.11-200.fc22.x86_64

#1 SMP Tue May 24 00:20:46 UTC 2016 x86_64 x86_64

Alert Count 3
First Seen 2016-05-28 11:33:42 CEST
Last Seen 2016-06-08 17:07:31 CEST
Local ID 46073432-d621-479e-b8ca-53db3389570a

Raw Audit Messages
type=AVC msg=audit(1465398451.178:624): avc: denied { getattr } for pid=4513 comm="abrt-hook-ccpp" path="ipc:[4026531839]" dev="nsfs" ino=4026531839 scontext=system_u:system_r:abrt_dump_oops_t:s0 tcontext=system_u:object_r:nsfs_t:s0 tclass=file permissive=0

type=SYSCALL msg=audit(1465398451.178:624): arch=x86_64 syscall=newfstatat success=no exit=EACCES a0=5 a1=7fb00f614c2a a2=7fff496a2ea0 a3=0 items=0 ppid=2 pid=4513 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=abrt-hook-ccpp exe=/usr/libexec/abrt-hook-ccpp subj=system_u:system_r:abrt_dump_oops_t:s0 key=(null)

Hash: abrt-hook-ccpp,abrt_dump_oops_t,nsfs_t,file,getattr

Child Tickets

Change History (3)

comment:1 Changed 3 years ago by cypherpunks

Component: - Select a componentApplications/Tor Browser
Owner: set to tbb-team

comment:2 Changed 3 years ago by mcs

Status: newneeds_information

It looks like the SELinux alert occurred because a process that helps capture core dumps when another process crashes was blocked due to the SELinux rules on your system (I do not know why that would be the case by default).

From a Tor Browser perspective, the most interesting question is: Can you reproduce this crash? If you can provide steps to reproduce, we can investigate. You might also adjust your SELinux rules so that core files can be captured (in case the crash occurs again).

comment:3 Changed 3 years ago by gk

Another thing interesting to know would be whether that is a genuine 6.x problem. In other words: Did you hit this with Tor Browser 5.5.5 as well (see: for older versions)?

Note: See TracTickets for help on using tickets.