Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-4215

flatpak causes AVC flooting logs

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Undefined Undefined
    • None
    • None
    • flatpak
    • None
    • None
    • rhel-sst-display-productivity
    • ssg_display
    • None
    • False
    • Hide

      None

      Show
      None
    • None
    • None
    • None
    • None
    • If docs needed, set a value
    • None

      Description of problem:

      While configuring flatpak with Fedoras OCI Reg und installing gnome-weather as normal user (flatpak --user) over hundreds of following AVC appears:

      time->Tue Dec 6 17:10:09 2022
      type=PROCTITLE msg=audit(1670346609.135:258): proctitle="/usr/libexec/flatpak-system-helper"
      type=SYSCALL msg=audit(1670346609.135:258): arch=c000003e syscall=254 success=no exit=-13 a0=7 a1=5618c8a5f2f0 a2=1002fce a3=7ffd1219a080 items=0 ppid=1 pid=1896 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="gmain" exe="/usr/libexec/flatpak-system-helper" subj=system_u:system_r:flatpak_helper_t:s0 key=(null)
      type=AVC msg=audit(1670346609.135:258): avc: denied

      { watch } for pid=1896 comm="gmain" path="/usr/libexec" dev="dm-1" ino=529602 scontext=system_u:system_r:flatpak_helper_t:s0 tcontext=system_u:object_r:bin_t:s0 tclass=dir permissive=0
      ----
      time->Tue Dec 6 17:10:13 2022
      type=PROCTITLE msg=audit(1670346613.135:259): proctitle="/usr/libexec/flatpak-system-helper"
      type=SYSCALL msg=audit(1670346613.135:259): arch=c000003e syscall=254 success=no exit=-13 a0=7 a1=5618c8a5f2f0 a2=1002fce a3=7ffd1219a080 items=0 ppid=1 pid=1896 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="gmain" exe="/usr/libexec/flatpak-system-helper" subj=system_u:system_r:flatpak_helper_t:s0 key=(null)
      type=AVC msg=audit(1670346613.135:259): avc: denied { watch }

      for pid=1896 comm="gmain" path="/usr/libexec" dev="dm-1" ino=529602 scontext=system_u:system_r:flatpak_helper_t:s0 tcontext=system_u:object_r:bin_t:s0 tclass=dir permissive=0

      time->Tue Dec 6 17:10:17 2022
      type=PROCTITLE msg=audit(1670346617.135:260): proctitle="/usr/libexec/flatpak-system-helper"
      type=SYSCALL msg=audit(1670346617.135:260): arch=c000003e syscall=254 success=no exit=-13 a0=7 a1=5618c8a5f2f0 a2=1002fce a3=7ffd1219a080 items=0 ppid=1 pid=1896 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="gmain" exe="/usr/libexec/flatpak-system-helper" subj=system_u:system_r:flatpak_helper_t:s0 key=(null)
      type=AVC msg=audit(1670346617.135:260): avc: denied

      { watch }

      for pid=1896 comm="gmain" path="/usr/libexec" dev="dm-1" ino=529602 scontext=system_u:system_r:flatpak_helper_t:s0 tcontext=system_u:object_r:bin_t:s0 tclass=dir permissive=0

      Version-Release number of selected component (if applicable):

      1. rpm -q flatpak gnome-shell centos-stream-release
        flatpak-1.12.7-2.el9.x86_64
        gnome-shell-40.10-3.el9.x86_64
        centos-stream-release-9.0-18.el9.noarch

      How reproducible:
      Steps to Reproduce:
      1. Fresh VM with CS9
      2. Gnome session / normal user
      3. flatpak --user remote-add --if-not-exists fedora oci+https://registry.fedoraproject.org
      4. flatpak --user install org.gnome.Weather

      Actual results:
      AVC in logs and installed application could only be run with
      flatpak --user run org.gnome.Weather

      Expected results:
      no AVC and app launch via GUI (icon)

              klember@redhat.com Kalev Lember
              leonfauster_googlemail Leon Fauster
              Kalev Lember Kalev Lember
              Desktop QE Desktop QE
              Votes:
              0 Vote for this issue
              Watchers:
              7 Start watching this issue

                Created:
                Updated: