Bug 1225984

Summary: [SELinux] GDM avcs for wtmp.db-journal
Product: [openSUSE] openSUSE Tumbleweed Reporter: Filippo Bonazzi <filippo.bonazzi>
Component: SecurityAssignee: Cathy Hu <cathy.hu>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P5 - None CC: cathy.hu
Version: Current   
Target Milestone: ---   
Hardware: Other   
OS: openSUSE Tumbleweed   
Whiteboard:
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Filippo Bonazzi 2024-06-05 08:25:37 UTC 
Operating System: Tumbleweed
SELinux status, mode and policy name: permissive, targeted
SELinux policy version and repository: 20240411-231.2 from Security:SELinux
The software (incl. version) that is affected by the SELinux issue and the error message: gdm-session-worker
SELinux Audit log:

time->Wed Jun  5 10:05:30 2024
type=AVC msg=audit(1717574730.824:139): avc:  denied  { add_name } for  pid=1704 comm="gdm-session-wor" name="wtmp.db-journal" scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:wtmp_t:s0 tclass=dir permissive=1
----
time->Wed Jun  5 10:05:30 2024
type=AVC msg=audit(1717574730.824:140): avc:  denied  { create } for  pid=1704 comm="gdm-session-wor" name="wtmp.db-journal" scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:wtmp_t:s0 tclass=file permissive=1
----
time->Wed Jun  5 10:05:30 2024
type=AVC msg=audit(1717574730.824:141): avc:  denied  { setattr } for  pid=1704 comm="gdm-session-wor" name="wtmp.db-journal" dev="vda2" ino=158633 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:wtmp_t:s0 tclass=file permissive=1
----
time->Wed Jun  5 10:05:30 2024
type=AVC msg=audit(1717574730.961:142): avc:  denied  { remove_name } for  pid=1704 comm="gdm-session-wor" name="wtmp.db-journal" dev="vda2" ino=158633 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:wtmp_t:s0 tclass=dir permissive=1
----
time->Wed Jun  5 10:05:30 2024
type=AVC msg=audit(1717574730.961:143): avc:  denied  { unlink } for  pid=1704 comm="gdm-session-wor" name="wtmp.db-journal" dev="vda2" ino=158633 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:wtmp_t:s0 tclass=file permissive=1
Comment 1 Cathy Hu 2024-07-01 14:00:49 UTC 
done, closing
Comment 2 OBSbugzilla Bot 2024-07-02 11:55:05 UTC 
This is an autogenerated message for OBS integration:
This bug (1225984) was mentioned in
https://build.opensuse.org/request/show/1184840 Factory / selinux-policy