I’m integrating API integration with my web development using ngrok. I already establish a connection with ngrok and had no problem on my development. Yet, Should I be concerned about this issue on SE linux? where it flag’s an access issue on ngrok. Should I follow this command from SE linux, to allow ngrok?
allow this access for now by executing:
# ausearch -c '(ngrok)' --raw | audit2allow -M my-ngrok
# semodule -X 300 -i my-ngrok.pp
Here’s the full details:
SELinux is preventing (ngrok) from execute access on the file /var/lib/snapd/snap/ngrok/148/ngrok.
***** Plugin catchall (100. confidence) suggests **************************
If you believe that (ngrok) should be allowed execute access on the ngrok file by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# ausearch -c '(ngrok)' --raw | audit2allow -M my-ngrok
# semodule -X 300 -i my-ngrok.pp
Additional Information:
Source Context system_u:system_r:init_t:s0
Target Context system_u:object_r:snappy_snap_t:s0
Target Objects /var/lib/snapd/snap/ngrok/148/ngrok [ file ]
Source (ngrok)
Source Path (ngrok)
Port <Unknown>
Host fedora
Source RPM Packages
Target RPM Packages
SELinux Policy RPM selinux-policy-targeted-39.5-1.fc39.noarch
Local Policy RPM selinux-policy-targeted-39.5-1.fc39.noarch
Selinux Enabled True
Policy Type targeted
Enforcing Mode Enforcing
Host Name fedora
Platform Linux fedora 6.8.4-200.fc39.x86_64 #1 SMP
PREEMPT_DYNAMIC Thu Apr 4 20:45:21 UTC 2024
x86_64
Alert Count 12389
First Seen 2024-04-26 18:36:17 PST
Last Seen 2024-05-01 07:11:15 PST
Local ID 860b5ea9-1ab7-4fe9-91a1-75414b83c69b
Raw Audit Messages
type=AVC msg=audit(1714518675.101:262): avc: denied { execute } for pid=2733 comm="(ngrok)" name="ngrok" dev="loop3" ino=3 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:snappy_snap_t:s0 tclass=file permissive=0
Hash: (ngrok),init_t,snappy_snap_t,file,execute