Attachment 580248 Details for Bug 816309 – Combined output from setroubleshoot for all 7 incidents

Combined output from setroubleshoot for all 7 incidents

abrt.log (text/plain), 23.08 KB, created by Stuart Newman on 2012-04-25 18:49:34 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Stuart Newman

Created: 2012-04-25 18:49:34 UTC

Size: 23.08 KB

patch

obsolete

>executable:     /usr/bin/python
>hashmarkername: setroubleshoot
>kernel:         2.6.32-220.13.1.el6.x86_64
>reason:         SELinux is preventing /usr/bin/python from 'write' accesses on the directory /var/www/cobbler/images/.
>time:           Wed 25 Apr 2012 02:28:09 PM EDT
>
>description:
>:SELinux is preventing /usr/bin/python from 'write' accesses on the directory /var/www/cobbler/images/.
>:
>:*****  Plugin catchall (100. confidence) suggests  ***************************
>:
>:If you believe that python should be allowed write access on the  directory by default.
>:Then you should report this as a bug.
>:You can generate a local policy module to allow this access.
>:Do
>:allow this access for now by executing:
>:# grep cobblerd /var/log/audit/audit.log | audit2allow -M mypol
>:# semodule -i mypol.pp
>:
>:Additional Information:
>:Source Context                unconfined_u:system_r:cobblerd_t:s0
>:Target Context                unconfined_u:object_r:public_content_t:s0
>:Target Objects                /var/www/cobbler/images/ [ dir ]
>:Source                        cobblerd
>:Source Path                   /usr/bin/python
>:Port                          <Unknown>
>:Host                          (removed)
>:Source RPM Packages           python-2.6.6-29.el6
>:Target RPM Packages           
>:Policy RPM                    selinux-policy-3.7.19-126.el6_2.10
>:Selinux Enabled               True
>:Policy Type                   targeted
>:Enforcing Mode                Permissive
>:Host Name                     (removed)
>:Platform                      Linux fiat 2.6.32-220.13.1.el6.x86_64 #1 SMP Thu
>:                              Mar 29 11:46:40 EDT 2012 x86_64 x86_64
>:Alert Count                   1
>:First Seen                    Wed 25 Apr 2012 12:29:04 PM EDT
>:Last Seen                     Wed 25 Apr 2012 12:29:04 PM EDT
>:Local ID                      1694d3b4-c6da-4582-81e5-92a2cbaa5c9c
>:
>:Raw Audit Messages
>:type=AVC msg=audit(1335371344.132:55546): avc:  denied  { write } for  pid=5017 comm="cobblerd" name="images" dev=dm-3 ino=262430 scontext=unconfined_u:system_r:cobblerd_t:s0 tcontext=unconfined_u:object_r:public_content_t:s0 tclass=dir
>:
>:
>:type=AVC msg=audit(1335371344.132:55546): avc:  denied  { add_name } for  pid=5017 comm="cobblerd" name="rhel6u2-x86_64" scontext=unconfined_u:system_r:cobblerd_t:s0 tcontext=unconfined_u:object_r:public_content_t:s0 tclass=dir
>:
>:
>:type=AVC msg=audit(1335371344.132:55546): avc:  denied  { create } for  pid=5017 comm="cobblerd" name="rhel6u2-x86_64" scontext=unconfined_u:system_r:cobblerd_t:s0 tcontext=unconfined_u:object_r:public_content_t:s0 tclass=dir
>:
>:
>:type=SYSCALL msg=audit(1335371344.132:55546): arch=x86_64 syscall=mkdir success=yes exit=0 a0=7f582000dbc0 a1=1ed a2=7f584195adc8 a3=7f582e378cc8 items=2 ppid=1 pid=5017 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm=cobblerd exe=/usr/bin/python subj=unconfined_u:system_r:cobblerd_t:s0 key=(null)
>:
>:type=CWD msg=audit(1335371344.132:55546): cwd=/
>:
>:type=PATH msg=audit(1335371344.132:55546): item=0 name=/var/www/cobbler/images/ inode=262430 dev=fd:03 mode=040755 ouid=0 ogid=0 rdev=00:00 obj=unconfined_u:object_r:public_content_t:s0
>:
>:type=PATH msg=audit(1335371344.132:55546): item=1 name=/var/www/cobbler/images/rhel6u2-x86_64 inode=525451 dev=fd:03 mode=040755 ouid=0 ogid=0 rdev=00:00 obj=unconfined_u:object_r:public_content_t:s0
>:
>:Hash: cobblerd,cobblerd_t,public_content_t,dir,write
>:
>:audit2allow
>:
>:#============= cobblerd_t ==============
>:#!!!! The source type 'cobblerd_t' can write to a 'dir' of the following types:
>:# cobbler_var_lib_t, httpd_cobbler_rw_content_t, cobbler_tmp_t
>:
>:allow cobblerd_t public_content_t:dir { write create add_name };
>:
>:audit2allow -R
>:
>:#============= cobblerd_t ==============
>:#!!!! The source type 'cobblerd_t' can write to a 'dir' of the following types:
>:# cobbler_var_lib_t, httpd_cobbler_rw_content_t, cobbler_tmp_t
>:
>:allow cobblerd_t public_content_t:dir { write create add_name };
>:
>
>END:
>
>executable:     /usr/bin/python
>hashmarkername: setroubleshoot
>kernel:         2.6.32-220.13.1.el6.x86_64
>reason:         SELinux is preventing /usr/bin/python from 'search' accesses on the directory /var/lib/rpm/pubkeys.
>time:           Wed 25 Apr 2012 02:28:30 PM EDT
>
>description:
>:SELinux is preventing /usr/bin/python from 'search' accesses on the directory /var/lib/rpm/pubkeys.
>:
>:*****  Plugin catchall (100. confidence) suggests  ***************************
>:
>:If you believe that python should be allowed search access on the pubkeys directory by default.
>:Then you should report this as a bug.
>:You can generate a local policy module to allow this access.
>:Do
>:allow this access for now by executing:
>:# grep genpkgmetadata. /var/log/audit/audit.log | audit2allow -M mypol
>:# semodule -i mypol.pp
>:
>:Additional Information:
>:Source Context                unconfined_u:system_r:cobblerd_t:s0
>:Target Context                system_u:object_r:rpm_var_lib_t:s0
>:Target Objects                /var/lib/rpm/pubkeys [ dir ]
>:Source                        genpkgmetadata.
>:Source Path                   /usr/bin/python
>:Port                          <Unknown>
>:Host                          (removed)
>:Source RPM Packages           python-2.6.6-29.el6
>:Target RPM Packages           
>:Policy RPM                    selinux-policy-3.7.19-126.el6_2.10
>:Selinux Enabled               True
>:Policy Type                   targeted
>:Enforcing Mode                Permissive
>:Host Name                     (removed)
>:Platform                      Linux fiat 2.6.32-220.13.1.el6.x86_64 #1 SMP Thu
>:                              Mar 29 11:46:40 EDT 2012 x86_64 x86_64
>:Alert Count                   1
>:First Seen                    Wed 25 Apr 2012 12:29:09 PM EDT
>:Last Seen                     Wed 25 Apr 2012 12:29:09 PM EDT
>:Local ID                      7325ecf3-1202-47ac-a7f7-20d35b65704f
>:
>:Raw Audit Messages
>:type=AVC msg=audit(1335371349.249:55548): avc:  denied  { search } for  pid=5045 comm="genpkgmetadata." name="rpm" dev=dm-3 ino=393218 scontext=unconfined_u:system_r:cobblerd_t:s0 tcontext=system_u:object_r:rpm_var_lib_t:s0 tclass=dir
>:
>:
>:type=SYSCALL msg=audit(1335371349.249:55548): arch=x86_64 syscall=open success=no exit=ENOENT a0=7fff0e9a6320 a1=90800 a2=1a41475 a3=7fa030160fe0 items=2 ppid=5008 pid=5045 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm=genpkgmetadata. exe=/usr/bin/python subj=unconfined_u:system_r:cobblerd_t:s0 key=(null)
>:
>:type=CWD msg=audit(1335371349.249:55548): cwd=/
>:
>:type=PATH msg=audit(1335371349.249:55548): item=0 name=/var/lib/rpm/pubkeys
>:
>:type=PATH msg=audit(1335371349.249:55548): item=1 name=/var/lib/rpm/pubkeys
>:
>:Hash: genpkgmetadata.,cobblerd_t,rpm_var_lib_t,dir,search
>:
>:audit2allow
>:
>:#============= cobblerd_t ==============
>:allow cobblerd_t rpm_var_lib_t:dir search;
>:
>:audit2allow -R
>:
>:#============= cobblerd_t ==============
>:allow cobblerd_t rpm_var_lib_t:dir search;
>:
>
>END:
>
>executable:     /usr/bin/python
>hashmarkername: setroubleshoot
>kernel:         2.6.32-220.13.1.el6.x86_64
>reason:         SELinux is preventing /usr/bin/python from 'getattr' accesses on the directory /var/lib/rpm.
>time:           Wed 25 Apr 2012 02:31:23 PM EDT
>
>description:
>:SELinux is preventing /usr/bin/python from 'getattr' accesses on the directory /var/lib/rpm.
>:
>:*****  Plugin catchall (100. confidence) suggests  ***************************
>:
>:If you believe that python should be allowed getattr access on the rpm directory by default.
>:Then you should report this as a bug.
>:You can generate a local policy module to allow this access.
>:Do
>:allow this access for now by executing:
>:# grep genpkgmetadata. /var/log/audit/audit.log | audit2allow -M mypol
>:# semodule -i mypol.pp
>:
>:Additional Information:
>:Source Context                unconfined_u:system_r:cobblerd_t:s0
>:Target Context                system_u:object_r:rpm_var_lib_t:s0
>:Target Objects                /var/lib/rpm [ dir ]
>:Source                        genpkgmetadata.
>:Source Path                   /usr/bin/python
>:Port                          <Unknown>
>:Host                          (removed)
>:Source RPM Packages           python-2.6.6-29.el6
>:Target RPM Packages           rpm-4.8.0-19.el6_2.1
>:Policy RPM                    selinux-policy-3.7.19-126.el6_2.10
>:Selinux Enabled               True
>:Policy Type                   targeted
>:Enforcing Mode                Permissive
>:Host Name                     (removed)
>:Platform                      Linux (removed) 2.6.32-220.13.1.el6.x86_64 #1 SMP Thu
>:                              Mar 29 11:46:40 EDT 2012 x86_64 x86_64
>:Alert Count                   1
>:First Seen                    Wed 25 Apr 2012 12:29:09 PM EDT
>:Last Seen                     Wed 25 Apr 2012 12:29:09 PM EDT
>:Local ID                      d4524c17-e1b3-4308-93bb-8ab6f969ea5b
>:
>:Raw Audit Messages
>:type=AVC msg=audit(1335371349.250:55549): avc:  denied  { getattr } for  pid=5045 comm="genpkgmetadata." path="/var/lib/rpm" dev=dm-3 ino=393218 scontext=unconfined_u:system_r:cobblerd_t:s0 tcontext=system_u:object_r:rpm_var_lib_t:s0 tclass=dir
>:
>:
>:type=SYSCALL msg=audit(1335371349.250:55549): arch=x86_64 syscall=stat success=yes exit=0 a0=1b08460 a1=7fff0e9a6470 a2=7fff0e9a6470 a3=d items=1 ppid=5008 pid=5045 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm=genpkgmetadata. exe=/usr/bin/python subj=unconfined_u:system_r:cobblerd_t:s0 key=(null)
>:
>:type=CWD msg=audit(1335371349.250:55549): cwd=/
>:
>:type=PATH msg=audit(1335371349.250:55549): item=0 name=/var/lib/rpm inode=393218 dev=fd:03 mode=040755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:rpm_var_lib_t:s0
>:
>:Hash: genpkgmetadata.,cobblerd_t,rpm_var_lib_t,dir,getattr
>:
>:audit2allow
>:
>:#============= cobblerd_t ==============
>:allow cobblerd_t rpm_var_lib_t:dir getattr;
>:
>:audit2allow -R
>:
>:#============= cobblerd_t ==============
>:allow cobblerd_t rpm_var_lib_t:dir getattr;
>:
>
>END:
>
>executable:     /usr/bin/python
>hashmarkername: setroubleshoot
>kernel:         2.6.32-220.13.1.el6.x86_64
>reason:         SELinux is preventing /usr/bin/python from 'write' accesses on the directory /var/lib/rpm.
>time:           Wed 25 Apr 2012 02:31:42 PM EDT
>
>description:
>:SELinux is preventing /usr/bin/python from 'write' accesses on the directory /var/lib/rpm.
>:
>:*****  Plugin catchall (100. confidence) suggests  ***************************
>:
>:If you believe that python should be allowed write access on the rpm directory by default.
>:Then you should report this as a bug.
>:You can generate a local policy module to allow this access.
>:Do
>:allow this access for now by executing:
>:# grep genpkgmetadata. /var/log/audit/audit.log | audit2allow -M mypol
>:# semodule -i mypol.pp
>:
>:Additional Information:
>:Source Context                unconfined_u:system_r:cobblerd_t:s0
>:Target Context                system_u:object_r:rpm_var_lib_t:s0
>:Target Objects                /var/lib/rpm [ dir ]
>:Source                        genpkgmetadata.
>:Source Path                   /usr/bin/python
>:Port                          <Unknown>
>:Host                          (removed)
>:Source RPM Packages           python-2.6.6-29.el6
>:Target RPM Packages           rpm-4.8.0-19.el6_2.1
>:Policy RPM                    selinux-policy-3.7.19-126.el6_2.10
>:Selinux Enabled               True
>:Policy Type                   targeted
>:Enforcing Mode                Permissive
>:Host Name                     (removed)
>:Platform                      Linux (removed) 2.6.32-220.13.1.el6.x86_64 #1 SMP Thu
>:                              Mar 29 11:46:40 EDT 2012 x86_64 x86_64
>:Alert Count                   1
>:First Seen                    Wed 25 Apr 2012 12:29:09 PM EDT
>:Last Seen                     Wed 25 Apr 2012 12:29:09 PM EDT
>:Local ID                      249c3b0d-23c1-4fe1-b6f5-814977fb9833
>:
>:Raw Audit Messages
>:type=AVC msg=audit(1335371349.250:55550): avc:  denied  { write } for  pid=5045 comm="genpkgmetadata." name="rpm" dev=dm-3 ino=393218 scontext=unconfined_u:system_r:cobblerd_t:s0 tcontext=system_u:object_r:rpm_var_lib_t:s0 tclass=dir
>:
>:
>:type=SYSCALL msg=audit(1335371349.250:55550): arch=x86_64 syscall=access success=yes exit=0 a0=1b78680 a1=2 a2=0 a3=9 items=1 ppid=5008 pid=5045 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm=genpkgmetadata. exe=/usr/bin/python subj=unconfined_u:system_r:cobblerd_t:s0 key=(null)
>:
>:type=CWD msg=audit(1335371349.250:55550): cwd=/
>:
>:type=PATH msg=audit(1335371349.250:55550): item=0 name=/var/lib/rpm inode=393218 dev=fd:03 mode=040755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:rpm_var_lib_t:s0
>:
>:Hash: genpkgmetadata.,cobblerd_t,rpm_var_lib_t,dir,write
>:
>:audit2allow
>:
>:#============= cobblerd_t ==============
>:#!!!! The source type 'cobblerd_t' can write to a 'dir' of the following types:
>:# named_zone_t, cobbler_var_log_t, cobbler_var_lib_t, tmp_t, etc_t, tftpdir_rw_t, httpd_cobbler_rw_content_t, rsync_etc_t, cobbler_tmp_t, var_lib_t, var_log_t, root_t
>:
>:allow cobblerd_t rpm_var_lib_t:dir write;
>:
>:audit2allow -R
>:
>:#============= cobblerd_t ==============
>:#!!!! The source type 'cobblerd_t' can write to a 'dir' of the following types:
>:# named_zone_t, cobbler_var_log_t, cobbler_var_lib_t, tmp_t, etc_t, tftpdir_rw_t, httpd_cobbler_rw_content_t, rsync_etc_t, cobbler_tmp_t, var_lib_t, var_log_t, root_t
>:
>:allow cobblerd_t rpm_var_lib_t:dir write;
>:
>
>END:
>
>executable:     /usr/bin/python
>hashmarkername: setroubleshoot
>kernel:         2.6.32-220.13.1.el6.x86_64
>reason:         SELinux is preventing /usr/bin/python from 'open' accesses on the file /var/lib/rpm/__db.001.
>time:           Wed 25 Apr 2012 02:32:00 PM EDT
>
>description:
>:SELinux is preventing /usr/bin/python from 'open' accesses on the file /var/lib/rpm/__db.001.
>:
>:*****  Plugin catchall (100. confidence) suggests  ***************************
>:
>:If you believe that python should be allowed open access on the __db.001 file by default.
>:Then you should report this as a bug.
>:You can generate a local policy module to allow this access.
>:Do
>:allow this access for now by executing:
>:# grep genpkgmetadata. /var/log/audit/audit.log | audit2allow -M mypol
>:# semodule -i mypol.pp
>:
>:Additional Information:
>:Source Context                unconfined_u:system_r:cobblerd_t:s0
>:Target Context                unconfined_u:object_r:rpm_var_lib_t:s0
>:Target Objects                /var/lib/rpm/__db.001 [ file ]
>:Source                        genpkgmetadata.
>:Source Path                   /usr/bin/python
>:Port                          <Unknown>
>:Host                          (removed)
>:Source RPM Packages           python-2.6.6-29.el6
>:Target RPM Packages           rpm-4.8.0-19.el6_2.1
>:Policy RPM                    selinux-policy-3.7.19-126.el6_2.10
>:Selinux Enabled               True
>:Policy Type                   targeted
>:Enforcing Mode                Permissive
>:Host Name                     (removed)
>:Platform                      Linux (removed) 2.6.32-220.13.1.el6.x86_64 #1 SMP Thu
>:                              Mar 29 11:46:40 EDT 2012 x86_64 x86_64
>:Alert Count                   1
>:First Seen                    Wed 25 Apr 2012 12:29:09 PM EDT
>:Last Seen                     Wed 25 Apr 2012 12:29:09 PM EDT
>:Local ID                      abdcb74f-83a3-4bd4-96dd-450aac310db2
>:
>:Raw Audit Messages
>:type=AVC msg=audit(1335371349.250:55551): avc:  denied  { open } for  pid=5045 comm="genpkgmetadata." name="__db.001" dev=dm-3 ino=393339 scontext=unconfined_u:system_r:cobblerd_t:s0 tcontext=unconfined_u:object_r:rpm_var_lib_t:s0 tclass=file
>:
>:
>:type=SYSCALL msg=audit(1335371349.250:55551): arch=x86_64 syscall=open success=yes exit=ENOEXEC a0=1b78640 a1=2 a2=0 a3=16 items=3 ppid=5008 pid=5045 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm=genpkgmetadata. exe=/usr/bin/python subj=unconfined_u:system_r:cobblerd_t:s0 key=(null)
>:
>:type=CWD msg=audit(1335371349.250:55551): cwd=/
>:
>:type=PATH msg=audit(1335371349.250:55551): item=0 name=/var/lib/rpm/__db.001 inode=393339 dev=fd:03 mode=0100640 ouid=0 ogid=0 rdev=00:00 obj=unconfined_u:object_r:rpm_var_lib_t:s0
>:
>:type=PATH msg=audit(1335371349.250:55551): item=1 name=/var/lib/rpm/__db.001 inode=393339 dev=fd:03 mode=0100640 ouid=0 ogid=0 rdev=00:00 obj=unconfined_u:object_r:rpm_var_lib_t:s0
>:
>:type=PATH msg=audit(1335371349.250:55551): item=2 name=/var/lib/rpm/__db.001 inode=393339 dev=fd:03 mode=0100640 ouid=0 ogid=0 rdev=00:00 obj=unconfined_u:object_r:rpm_var_lib_t:s0
>:
>:Hash: genpkgmetadata.,cobblerd_t,rpm_var_lib_t,file,open
>:
>:audit2allow
>:
>:#============= cobblerd_t ==============
>:allow cobblerd_t rpm_var_lib_t:file open;
>:
>:audit2allow -R
>:
>:#============= cobblerd_t ==============
>:allow cobblerd_t rpm_var_lib_t:file open;
>:
>
>END:
>
>executable:     /usr/bin/python
>hashmarkername: setroubleshoot
>kernel:         2.6.32-220.13.1.el6.x86_64
>reason:         SELinux is preventing /usr/bin/python from 'open' accesses on the file /var/lib/rpm/Packages.
>time:           Wed 25 Apr 2012 02:32:25 PM EDT
>
>description:
>:SELinux is preventing /usr/bin/python from 'open' accesses on the file /var/lib/rpm/Packages.
>:
>:*****  Plugin catchall (100. confidence) suggests  ***************************
>:
>:If you believe that python should be allowed open access on the Packages file by default.
>:Then you should report this as a bug.
>:You can generate a local policy module to allow this access.
>:Do
>:allow this access for now by executing:
>:# grep genpkgmetadata. /var/log/audit/audit.log | audit2allow -M mypol
>:# semodule -i mypol.pp
>:
>:Additional Information:
>:Source Context                unconfined_u:system_r:cobblerd_t:s0
>:Target Context                system_u:object_r:rpm_var_lib_t:s0
>:Target Objects                /var/lib/rpm/Packages [ file ]
>:Source                        genpkgmetadata.
>:Source Path                   /usr/bin/python
>:Port                          <Unknown>
>:Host                          (removed)
>:Source RPM Packages           python-2.6.6-29.el6
>:Target RPM Packages           rpm-4.8.0-19.el6_2.1
>:Policy RPM                    selinux-policy-3.7.19-126.el6_2.10
>:Selinux Enabled               True
>:Policy Type                   targeted
>:Enforcing Mode                Permissive
>:Host Name                     (removed)
>:Platform                      Linux (removed) 2.6.32-220.13.1.el6.x86_64 #1 SMP Thu
>:                              Mar 29 11:46:40 EDT 2012 x86_64 x86_64
>:Alert Count                   1
>:First Seen                    Wed 25 Apr 2012 12:29:09 PM EDT
>:Last Seen                     Wed 25 Apr 2012 12:29:09 PM EDT
>:Local ID                      b6f24bd9-9431-4344-a582-a0a93d306698
>:
>:Raw Audit Messages
>:type=AVC msg=audit(1335371349.255:55552): avc:  denied  { open } for  pid=5045 comm="genpkgmetadata." name="Packages" dev=dm-3 ino=393223 scontext=unconfined_u:system_r:cobblerd_t:s0 tcontext=system_u:object_r:rpm_var_lib_t:s0 tclass=file
>:
>:
>:type=SYSCALL msg=audit(1335371349.255:55552): arch=x86_64 syscall=open success=yes exit=ENOEXEC a0=1b792c0 a1=0 a2=0 a3=16 items=3 ppid=5008 pid=5045 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm=genpkgmetadata. exe=/usr/bin/python subj=unconfined_u:system_r:cobblerd_t:s0 key=(null)
>:
>:type=CWD msg=audit(1335371349.255:55552): cwd=/
>:
>:type=PATH msg=audit(1335371349.255:55552): item=0 name=/var/lib/rpm/Packages inode=393223 dev=fd:03 mode=0100644 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:rpm_var_lib_t:s0
>:
>:type=PATH msg=audit(1335371349.255:55552): item=1 name=/var/lib/rpm/Packages inode=393223 dev=fd:03 mode=0100644 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:rpm_var_lib_t:s0
>:
>:type=PATH msg=audit(1335371349.255:55552): item=2 name=/var/lib/rpm/Packages inode=393223 dev=fd:03 mode=0100644 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:rpm_var_lib_t:s0
>:
>:Hash: genpkgmetadata.,cobblerd_t,rpm_var_lib_t,file,open
>:
>:audit2allow
>:
>:#============= cobblerd_t ==============
>:allow cobblerd_t rpm_var_lib_t:file open;
>:
>:audit2allow -R
>:
>:#============= cobblerd_t ==============
>:allow cobblerd_t rpm_var_lib_t:file open;
>:
>
>END:
>
>executable:     /usr/bin/python
>hashmarkername: setroubleshoot
>kernel:         2.6.32-220.13.1.el6.x86_64
>reason:         SELinux is preventing /usr/bin/python from 'write' accesses on the file /var/lib/tftpboot/s390x/profile_list.
>time:           Wed 25 Apr 2012 02:32:49 PM EDT
>
>description:
>:SELinux is preventing /usr/bin/python from 'write' accesses on the file /var/lib/tftpboot/s390x/profile_list.
>:
>:*****  Plugin catchall (100. confidence) suggests  ***************************
>:
>:If you believe that python should be allowed write access on the profile_list file by default.
>:Then you should report this as a bug.
>:You can generate a local policy module to allow this access.
>:Do
>:allow this access for now by executing:
>:# grep cobblerd /var/log/audit/audit.log | audit2allow -M mypol
>:# semodule -i mypol.pp
>:
>:Additional Information:
>:Source Context                unconfined_u:system_r:cobblerd_t:s0
>:Target Context                unconfined_u:object_r:public_content_t:s0
>:Target Objects                /var/lib/tftpboot/s390x/profile_list [ file ]
>:Source                        cobblerd
>:Source Path                   /usr/bin/python
>:Port                          <Unknown>
>:Host                          (removed)
>:Source RPM Packages           python-2.6.6-29.el6
>:Target RPM Packages           
>:Policy RPM                    selinux-policy-3.7.19-126.el6_2.10
>:Selinux Enabled               True
>:Policy Type                   targeted
>:Enforcing Mode                Permissive
>:Host Name                     (removed)
>:Platform                      Linux (removed) 2.6.32-220.13.1.el6.x86_64 #1 SMP Thu
>:                              Mar 29 11:46:40 EDT 2012 x86_64 x86_64
>:Alert Count                   2
>:First Seen                    Wed 25 Apr 2012 12:29:04 PM EDT
>:Last Seen                     Wed 25 Apr 2012 12:32:17 PM EDT
>:Local ID                      77b9abfc-c13e-4a06-a6df-548f431376d1
>:
>:Raw Audit Messages
>:type=AVC msg=audit(1335371537.145:55559): avc:  denied  { write } for  pid=5017 comm="cobblerd" name="profile_list" dev=dm-3 ino=525445 scontext=unconfined_u:system_r:cobblerd_t:s0 tcontext=unconfined_u:object_r:public_content_t:s0 tclass=file
>:
>:
>:type=SYSCALL msg=audit(1335371537.145:55559): arch=x86_64 syscall=open success=yes exit=EFBIG a0=7f5820073090 a1=242 a2=1b6 a3=0 items=3 ppid=1 pid=5017 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm=cobblerd exe=/usr/bin/python subj=unconfined_u:system_r:cobblerd_t:s0 key=(null)
>:
>:type=CWD msg=audit(1335371537.145:55559): cwd=/
>:
>:type=PATH msg=audit(1335371537.145:55559): item=0 name=/var/lib/tftpboot/s390x/profile_list inode=525445 dev=fd:03 mode=0100644 ouid=0 ogid=0 rdev=00:00 obj=unconfined_u:object_r:public_content_t:s0
>:
>:type=PATH msg=audit(1335371537.145:55559): item=1 name=/var/lib/tftpboot/s390x/profile_list inode=525445 dev=fd:03 mode=0100644 ouid=0 ogid=0 rdev=00:00 obj=unconfined_u:object_r:public_content_t:s0
>:
>:type=PATH msg=audit(1335371537.145:55559): item=2 name=/var/lib/tftpboot/s390x/profile_list inode=525445 dev=fd:03 mode=0100644 ouid=0 ogid=0 rdev=00:00 obj=unconfined_u:object_r:public_content_t:s0
>:
>:Hash: cobblerd,cobblerd_t,public_content_t,file,write
>:
>:audit2allow
>:
>:#============= cobblerd_t ==============
>:allow cobblerd_t public_content_t:file write;
>:
>:audit2allow -R
>:
>:#============= cobblerd_t ==============
>:allow cobblerd_t public_content_t:file write;
>:
>
>END:
>

Actions: View

Attachments on bug 816309: 580246 | 580247 | 580248