SELinux is preventing gdb from read access on the chr_file renderD128.

• Nov 17, 2021 - 23:13
Reported version
3.6
Type
Graphical (UI)
Frequency
Once
Severity
S2 - Critical
Reproducibility
Always
Status
needs info
Regression
No
Workaround
No
Project

To reproduce, install MuseScore through Flathub on Fedora 35 Workstation with MATE desktop, then attempt to open it.

SELinux is preventing gdb from read access on the chr_file renderD128.

***** Plugin catchall (100. confidence) suggests **************************

If you believe that gdb should be allowed read access on the renderD128 chr_file by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:

ausearch -c 'gdb' --raw | audit2allow -M my-gdb

semodule -X 300 -i my-gdb.pp

Additional Information:
Source Context system_u:system_r:abrt_t:s0-s0:c0.c1023
Target Context system_u:object_r:dri_device_t:s0
Target Objects renderD128 [ chr_file ]
Source gdb
Source Path gdb
Port
Host tobfosl
Source RPM Packages
Target RPM Packages
SELinux Policy RPM selinux-policy-targeted-35.5-1.fc35.noarch
Local Policy RPM selinux-policy-targeted-35.5-1.fc35.noarch
Selinux Enabled True
Policy Type targeted
Enforcing Mode Enforcing
Host Name tobfosl
Platform Linux tobfosl 5.14.17-301.fc35.x86_64 #1 SMP Mon
Nov 8 13:57:43 UTC 2021 x86_64 x86_64
Alert Count 30
First Seen 2021-11-18 09:55:03 AEDT
Last Seen 2021-11-18 10:07:33 AEDT
Local ID 573ece71-f7e4-46e3-a6d9-3fd7c6da6d2b

Raw Audit Messages
type=AVC msg=audit(1637190453.280:357): avc: denied { read } for pid=3313 comm="gdb" name="renderD128" dev="devtmpfs" ino=447 scontext=system_u:system_r:abrt_t:s0-s0:c0.c1023 tcontext=system_u:object_r:dri_device_t:s0 tclass=chr_file permissive=0

Hash: gdb,abrt_t,dri_device_t,chr_file,read


Comments

Frequency Many Once
Status active needs info

The flathub version is not suppored here, only the AppImage is (and the Windows and Mac versions)
A file "chr_file renderD128" is not part of MuseScore.