Login
[x]
Log in using an account from:
Fedora Account System
Red Hat Associate
Red Hat Customer
Or login using a Red Hat Bugzilla account
Forgot Password
Login:
Hide Forgot
Create an Account
Red Hat Bugzilla – Attachment 580248 Details for
Bug 816309
SELinux exceptions during cobbler import command
[?]
New
Simple Search
Advanced Search
My Links
Browse
Requests
Reports
Current State
Search
Tabular reports
Graphical reports
Duplicates
Other Reports
User Changes
Plotly Reports
Bug Status
Bug Severity
Non-Defaults
|
Product Dashboard
Help
Page Help!
Bug Writing Guidelines
What's new
Browser Support Policy
5.0.4.rh83 Release notes
FAQ
Guides index
User guide
Web Services
Contact
Legal
This site requires JavaScript to be enabled to function correctly, please enable it.
Combined output from setroubleshoot for all 7 incidents
abrt.log (text/plain), 23.08 KB, created by
Stuart Newman
on 2012-04-25 18:49:34 UTC
(
hide
)
Description:
Combined output from setroubleshoot for all 7 incidents
Filename:
MIME Type:
Creator:
Stuart Newman
Created:
2012-04-25 18:49:34 UTC
Size:
23.08 KB
patch
obsolete
>executable: /usr/bin/python >hashmarkername: setroubleshoot >kernel: 2.6.32-220.13.1.el6.x86_64 >reason: SELinux is preventing /usr/bin/python from 'write' accesses on the directory /var/www/cobbler/images/. >time: Wed 25 Apr 2012 02:28:09 PM EDT > >description: >:SELinux is preventing /usr/bin/python from 'write' accesses on the directory /var/www/cobbler/images/. >: >:***** Plugin catchall (100. confidence) suggests *************************** >: >:If you believe that python should be allowed write access on the directory by default. >:Then you should report this as a bug. >:You can generate a local policy module to allow this access. >:Do >:allow this access for now by executing: >:# grep cobblerd /var/log/audit/audit.log | audit2allow -M mypol >:# semodule -i mypol.pp >: >:Additional Information: >:Source Context unconfined_u:system_r:cobblerd_t:s0 >:Target Context unconfined_u:object_r:public_content_t:s0 >:Target Objects /var/www/cobbler/images/ [ dir ] >:Source cobblerd >:Source Path /usr/bin/python >:Port <Unknown> >:Host (removed) >:Source RPM Packages python-2.6.6-29.el6 >:Target RPM Packages >:Policy RPM selinux-policy-3.7.19-126.el6_2.10 >:Selinux Enabled True >:Policy Type targeted >:Enforcing Mode Permissive >:Host Name (removed) >:Platform Linux fiat 2.6.32-220.13.1.el6.x86_64 #1 SMP Thu >: Mar 29 11:46:40 EDT 2012 x86_64 x86_64 >:Alert Count 1 >:First Seen Wed 25 Apr 2012 12:29:04 PM EDT >:Last Seen Wed 25 Apr 2012 12:29:04 PM EDT >:Local ID 1694d3b4-c6da-4582-81e5-92a2cbaa5c9c >: >:Raw Audit Messages >:type=AVC msg=audit(1335371344.132:55546): avc: denied { write } for pid=5017 comm="cobblerd" name="images" dev=dm-3 ino=262430 scontext=unconfined_u:system_r:cobblerd_t:s0 tcontext=unconfined_u:object_r:public_content_t:s0 tclass=dir >: >: >:type=AVC msg=audit(1335371344.132:55546): avc: denied { add_name } for pid=5017 comm="cobblerd" name="rhel6u2-x86_64" scontext=unconfined_u:system_r:cobblerd_t:s0 tcontext=unconfined_u:object_r:public_content_t:s0 tclass=dir >: >: >:type=AVC msg=audit(1335371344.132:55546): avc: denied { create } for pid=5017 comm="cobblerd" name="rhel6u2-x86_64" scontext=unconfined_u:system_r:cobblerd_t:s0 tcontext=unconfined_u:object_r:public_content_t:s0 tclass=dir >: >: >:type=SYSCALL msg=audit(1335371344.132:55546): arch=x86_64 syscall=mkdir success=yes exit=0 a0=7f582000dbc0 a1=1ed a2=7f584195adc8 a3=7f582e378cc8 items=2 ppid=1 pid=5017 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm=cobblerd exe=/usr/bin/python subj=unconfined_u:system_r:cobblerd_t:s0 key=(null) >: >:type=CWD msg=audit(1335371344.132:55546): cwd=/ >: >:type=PATH msg=audit(1335371344.132:55546): item=0 name=/var/www/cobbler/images/ inode=262430 dev=fd:03 mode=040755 ouid=0 ogid=0 rdev=00:00 obj=unconfined_u:object_r:public_content_t:s0 >: >:type=PATH msg=audit(1335371344.132:55546): item=1 name=/var/www/cobbler/images/rhel6u2-x86_64 inode=525451 dev=fd:03 mode=040755 ouid=0 ogid=0 rdev=00:00 obj=unconfined_u:object_r:public_content_t:s0 >: >:Hash: cobblerd,cobblerd_t,public_content_t,dir,write >: >:audit2allow >: >:#============= cobblerd_t ============== >:#!!!! The source type 'cobblerd_t' can write to a 'dir' of the following types: >:# cobbler_var_lib_t, httpd_cobbler_rw_content_t, cobbler_tmp_t >: >:allow cobblerd_t public_content_t:dir { write create add_name }; >: >:audit2allow -R >: >:#============= cobblerd_t ============== >:#!!!! The source type 'cobblerd_t' can write to a 'dir' of the following types: >:# cobbler_var_lib_t, httpd_cobbler_rw_content_t, cobbler_tmp_t >: >:allow cobblerd_t public_content_t:dir { write create add_name }; >: > >END: > >executable: /usr/bin/python >hashmarkername: setroubleshoot >kernel: 2.6.32-220.13.1.el6.x86_64 >reason: SELinux is preventing /usr/bin/python from 'search' accesses on the directory /var/lib/rpm/pubkeys. >time: Wed 25 Apr 2012 02:28:30 PM EDT > >description: >:SELinux is preventing /usr/bin/python from 'search' accesses on the directory /var/lib/rpm/pubkeys. >: >:***** Plugin catchall (100. confidence) suggests *************************** >: >:If you believe that python should be allowed search access on the pubkeys directory by default. >:Then you should report this as a bug. >:You can generate a local policy module to allow this access. >:Do >:allow this access for now by executing: >:# grep genpkgmetadata. /var/log/audit/audit.log | audit2allow -M mypol >:# semodule -i mypol.pp >: >:Additional Information: >:Source Context unconfined_u:system_r:cobblerd_t:s0 >:Target Context system_u:object_r:rpm_var_lib_t:s0 >:Target Objects /var/lib/rpm/pubkeys [ dir ] >:Source genpkgmetadata. >:Source Path /usr/bin/python >:Port <Unknown> >:Host (removed) >:Source RPM Packages python-2.6.6-29.el6 >:Target RPM Packages >:Policy RPM selinux-policy-3.7.19-126.el6_2.10 >:Selinux Enabled True >:Policy Type targeted >:Enforcing Mode Permissive >:Host Name (removed) >:Platform Linux fiat 2.6.32-220.13.1.el6.x86_64 #1 SMP Thu >: Mar 29 11:46:40 EDT 2012 x86_64 x86_64 >:Alert Count 1 >:First Seen Wed 25 Apr 2012 12:29:09 PM EDT >:Last Seen Wed 25 Apr 2012 12:29:09 PM EDT >:Local ID 7325ecf3-1202-47ac-a7f7-20d35b65704f >: >:Raw Audit Messages >:type=AVC msg=audit(1335371349.249:55548): avc: denied { search } for pid=5045 comm="genpkgmetadata." name="rpm" dev=dm-3 ino=393218 scontext=unconfined_u:system_r:cobblerd_t:s0 tcontext=system_u:object_r:rpm_var_lib_t:s0 tclass=dir >: >: >:type=SYSCALL msg=audit(1335371349.249:55548): arch=x86_64 syscall=open success=no exit=ENOENT a0=7fff0e9a6320 a1=90800 a2=1a41475 a3=7fa030160fe0 items=2 ppid=5008 pid=5045 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm=genpkgmetadata. exe=/usr/bin/python subj=unconfined_u:system_r:cobblerd_t:s0 key=(null) >: >:type=CWD msg=audit(1335371349.249:55548): cwd=/ >: >:type=PATH msg=audit(1335371349.249:55548): item=0 name=/var/lib/rpm/pubkeys >: >:type=PATH msg=audit(1335371349.249:55548): item=1 name=/var/lib/rpm/pubkeys >: >:Hash: genpkgmetadata.,cobblerd_t,rpm_var_lib_t,dir,search >: >:audit2allow >: >:#============= cobblerd_t ============== >:allow cobblerd_t rpm_var_lib_t:dir search; >: >:audit2allow -R >: >:#============= cobblerd_t ============== >:allow cobblerd_t rpm_var_lib_t:dir search; >: > >END: > >executable: /usr/bin/python >hashmarkername: setroubleshoot >kernel: 2.6.32-220.13.1.el6.x86_64 >reason: SELinux is preventing /usr/bin/python from 'getattr' accesses on the directory /var/lib/rpm. >time: Wed 25 Apr 2012 02:31:23 PM EDT > >description: >:SELinux is preventing /usr/bin/python from 'getattr' accesses on the directory /var/lib/rpm. >: >:***** Plugin catchall (100. confidence) suggests *************************** >: >:If you believe that python should be allowed getattr access on the rpm directory by default. >:Then you should report this as a bug. >:You can generate a local policy module to allow this access. >:Do >:allow this access for now by executing: >:# grep genpkgmetadata. /var/log/audit/audit.log | audit2allow -M mypol >:# semodule -i mypol.pp >: >:Additional Information: >:Source Context unconfined_u:system_r:cobblerd_t:s0 >:Target Context system_u:object_r:rpm_var_lib_t:s0 >:Target Objects /var/lib/rpm [ dir ] >:Source genpkgmetadata. >:Source Path /usr/bin/python >:Port <Unknown> >:Host (removed) >:Source RPM Packages python-2.6.6-29.el6 >:Target RPM Packages rpm-4.8.0-19.el6_2.1 >:Policy RPM selinux-policy-3.7.19-126.el6_2.10 >:Selinux Enabled True >:Policy Type targeted >:Enforcing Mode Permissive >:Host Name (removed) >:Platform Linux (removed) 2.6.32-220.13.1.el6.x86_64 #1 SMP Thu >: Mar 29 11:46:40 EDT 2012 x86_64 x86_64 >:Alert Count 1 >:First Seen Wed 25 Apr 2012 12:29:09 PM EDT >:Last Seen Wed 25 Apr 2012 12:29:09 PM EDT >:Local ID d4524c17-e1b3-4308-93bb-8ab6f969ea5b >: >:Raw Audit Messages >:type=AVC msg=audit(1335371349.250:55549): avc: denied { getattr } for pid=5045 comm="genpkgmetadata." path="/var/lib/rpm" dev=dm-3 ino=393218 scontext=unconfined_u:system_r:cobblerd_t:s0 tcontext=system_u:object_r:rpm_var_lib_t:s0 tclass=dir >: >: >:type=SYSCALL msg=audit(1335371349.250:55549): arch=x86_64 syscall=stat success=yes exit=0 a0=1b08460 a1=7fff0e9a6470 a2=7fff0e9a6470 a3=d items=1 ppid=5008 pid=5045 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm=genpkgmetadata. exe=/usr/bin/python subj=unconfined_u:system_r:cobblerd_t:s0 key=(null) >: >:type=CWD msg=audit(1335371349.250:55549): cwd=/ >: >:type=PATH msg=audit(1335371349.250:55549): item=0 name=/var/lib/rpm inode=393218 dev=fd:03 mode=040755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:rpm_var_lib_t:s0 >: >:Hash: genpkgmetadata.,cobblerd_t,rpm_var_lib_t,dir,getattr >: >:audit2allow >: >:#============= cobblerd_t ============== >:allow cobblerd_t rpm_var_lib_t:dir getattr; >: >:audit2allow -R >: >:#============= cobblerd_t ============== >:allow cobblerd_t rpm_var_lib_t:dir getattr; >: > >END: > >executable: /usr/bin/python >hashmarkername: setroubleshoot >kernel: 2.6.32-220.13.1.el6.x86_64 >reason: SELinux is preventing /usr/bin/python from 'write' accesses on the directory /var/lib/rpm. >time: Wed 25 Apr 2012 02:31:42 PM EDT > >description: >:SELinux is preventing /usr/bin/python from 'write' accesses on the directory /var/lib/rpm. >: >:***** Plugin catchall (100. confidence) suggests *************************** >: >:If you believe that python should be allowed write access on the rpm directory by default. >:Then you should report this as a bug. >:You can generate a local policy module to allow this access. >:Do >:allow this access for now by executing: >:# grep genpkgmetadata. /var/log/audit/audit.log | audit2allow -M mypol >:# semodule -i mypol.pp >: >:Additional Information: >:Source Context unconfined_u:system_r:cobblerd_t:s0 >:Target Context system_u:object_r:rpm_var_lib_t:s0 >:Target Objects /var/lib/rpm [ dir ] >:Source genpkgmetadata. >:Source Path /usr/bin/python >:Port <Unknown> >:Host (removed) >:Source RPM Packages python-2.6.6-29.el6 >:Target RPM Packages rpm-4.8.0-19.el6_2.1 >:Policy RPM selinux-policy-3.7.19-126.el6_2.10 >:Selinux Enabled True >:Policy Type targeted >:Enforcing Mode Permissive >:Host Name (removed) >:Platform Linux (removed) 2.6.32-220.13.1.el6.x86_64 #1 SMP Thu >: Mar 29 11:46:40 EDT 2012 x86_64 x86_64 >:Alert Count 1 >:First Seen Wed 25 Apr 2012 12:29:09 PM EDT >:Last Seen Wed 25 Apr 2012 12:29:09 PM EDT >:Local ID 249c3b0d-23c1-4fe1-b6f5-814977fb9833 >: >:Raw Audit Messages >:type=AVC msg=audit(1335371349.250:55550): avc: denied { write } for pid=5045 comm="genpkgmetadata." name="rpm" dev=dm-3 ino=393218 scontext=unconfined_u:system_r:cobblerd_t:s0 tcontext=system_u:object_r:rpm_var_lib_t:s0 tclass=dir >: >: >:type=SYSCALL msg=audit(1335371349.250:55550): arch=x86_64 syscall=access success=yes exit=0 a0=1b78680 a1=2 a2=0 a3=9 items=1 ppid=5008 pid=5045 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm=genpkgmetadata. exe=/usr/bin/python subj=unconfined_u:system_r:cobblerd_t:s0 key=(null) >: >:type=CWD msg=audit(1335371349.250:55550): cwd=/ >: >:type=PATH msg=audit(1335371349.250:55550): item=0 name=/var/lib/rpm inode=393218 dev=fd:03 mode=040755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:rpm_var_lib_t:s0 >: >:Hash: genpkgmetadata.,cobblerd_t,rpm_var_lib_t,dir,write >: >:audit2allow >: >:#============= cobblerd_t ============== >:#!!!! The source type 'cobblerd_t' can write to a 'dir' of the following types: >:# named_zone_t, cobbler_var_log_t, cobbler_var_lib_t, tmp_t, etc_t, tftpdir_rw_t, httpd_cobbler_rw_content_t, rsync_etc_t, cobbler_tmp_t, var_lib_t, var_log_t, root_t >: >:allow cobblerd_t rpm_var_lib_t:dir write; >: >:audit2allow -R >: >:#============= cobblerd_t ============== >:#!!!! The source type 'cobblerd_t' can write to a 'dir' of the following types: >:# named_zone_t, cobbler_var_log_t, cobbler_var_lib_t, tmp_t, etc_t, tftpdir_rw_t, httpd_cobbler_rw_content_t, rsync_etc_t, cobbler_tmp_t, var_lib_t, var_log_t, root_t >: >:allow cobblerd_t rpm_var_lib_t:dir write; >: > >END: > >executable: /usr/bin/python >hashmarkername: setroubleshoot >kernel: 2.6.32-220.13.1.el6.x86_64 >reason: SELinux is preventing /usr/bin/python from 'open' accesses on the file /var/lib/rpm/__db.001. >time: Wed 25 Apr 2012 02:32:00 PM EDT > >description: >:SELinux is preventing /usr/bin/python from 'open' accesses on the file /var/lib/rpm/__db.001. >: >:***** Plugin catchall (100. confidence) suggests *************************** >: >:If you believe that python should be allowed open access on the __db.001 file by default. >:Then you should report this as a bug. >:You can generate a local policy module to allow this access. >:Do >:allow this access for now by executing: >:# grep genpkgmetadata. /var/log/audit/audit.log | audit2allow -M mypol >:# semodule -i mypol.pp >: >:Additional Information: >:Source Context unconfined_u:system_r:cobblerd_t:s0 >:Target Context unconfined_u:object_r:rpm_var_lib_t:s0 >:Target Objects /var/lib/rpm/__db.001 [ file ] >:Source genpkgmetadata. >:Source Path /usr/bin/python >:Port <Unknown> >:Host (removed) >:Source RPM Packages python-2.6.6-29.el6 >:Target RPM Packages rpm-4.8.0-19.el6_2.1 >:Policy RPM selinux-policy-3.7.19-126.el6_2.10 >:Selinux Enabled True >:Policy Type targeted >:Enforcing Mode Permissive >:Host Name (removed) >:Platform Linux (removed) 2.6.32-220.13.1.el6.x86_64 #1 SMP Thu >: Mar 29 11:46:40 EDT 2012 x86_64 x86_64 >:Alert Count 1 >:First Seen Wed 25 Apr 2012 12:29:09 PM EDT >:Last Seen Wed 25 Apr 2012 12:29:09 PM EDT >:Local ID abdcb74f-83a3-4bd4-96dd-450aac310db2 >: >:Raw Audit Messages >:type=AVC msg=audit(1335371349.250:55551): avc: denied { open } for pid=5045 comm="genpkgmetadata." name="__db.001" dev=dm-3 ino=393339 scontext=unconfined_u:system_r:cobblerd_t:s0 tcontext=unconfined_u:object_r:rpm_var_lib_t:s0 tclass=file >: >: >:type=SYSCALL msg=audit(1335371349.250:55551): arch=x86_64 syscall=open success=yes exit=ENOEXEC a0=1b78640 a1=2 a2=0 a3=16 items=3 ppid=5008 pid=5045 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm=genpkgmetadata. exe=/usr/bin/python subj=unconfined_u:system_r:cobblerd_t:s0 key=(null) >: >:type=CWD msg=audit(1335371349.250:55551): cwd=/ >: >:type=PATH msg=audit(1335371349.250:55551): item=0 name=/var/lib/rpm/__db.001 inode=393339 dev=fd:03 mode=0100640 ouid=0 ogid=0 rdev=00:00 obj=unconfined_u:object_r:rpm_var_lib_t:s0 >: >:type=PATH msg=audit(1335371349.250:55551): item=1 name=/var/lib/rpm/__db.001 inode=393339 dev=fd:03 mode=0100640 ouid=0 ogid=0 rdev=00:00 obj=unconfined_u:object_r:rpm_var_lib_t:s0 >: >:type=PATH msg=audit(1335371349.250:55551): item=2 name=/var/lib/rpm/__db.001 inode=393339 dev=fd:03 mode=0100640 ouid=0 ogid=0 rdev=00:00 obj=unconfined_u:object_r:rpm_var_lib_t:s0 >: >:Hash: genpkgmetadata.,cobblerd_t,rpm_var_lib_t,file,open >: >:audit2allow >: >:#============= cobblerd_t ============== >:allow cobblerd_t rpm_var_lib_t:file open; >: >:audit2allow -R >: >:#============= cobblerd_t ============== >:allow cobblerd_t rpm_var_lib_t:file open; >: > >END: > >executable: /usr/bin/python >hashmarkername: setroubleshoot >kernel: 2.6.32-220.13.1.el6.x86_64 >reason: SELinux is preventing /usr/bin/python from 'open' accesses on the file /var/lib/rpm/Packages. >time: Wed 25 Apr 2012 02:32:25 PM EDT > >description: >:SELinux is preventing /usr/bin/python from 'open' accesses on the file /var/lib/rpm/Packages. >: >:***** Plugin catchall (100. confidence) suggests *************************** >: >:If you believe that python should be allowed open access on the Packages file by default. >:Then you should report this as a bug. >:You can generate a local policy module to allow this access. >:Do >:allow this access for now by executing: >:# grep genpkgmetadata. /var/log/audit/audit.log | audit2allow -M mypol >:# semodule -i mypol.pp >: >:Additional Information: >:Source Context unconfined_u:system_r:cobblerd_t:s0 >:Target Context system_u:object_r:rpm_var_lib_t:s0 >:Target Objects /var/lib/rpm/Packages [ file ] >:Source genpkgmetadata. >:Source Path /usr/bin/python >:Port <Unknown> >:Host (removed) >:Source RPM Packages python-2.6.6-29.el6 >:Target RPM Packages rpm-4.8.0-19.el6_2.1 >:Policy RPM selinux-policy-3.7.19-126.el6_2.10 >:Selinux Enabled True >:Policy Type targeted >:Enforcing Mode Permissive >:Host Name (removed) >:Platform Linux (removed) 2.6.32-220.13.1.el6.x86_64 #1 SMP Thu >: Mar 29 11:46:40 EDT 2012 x86_64 x86_64 >:Alert Count 1 >:First Seen Wed 25 Apr 2012 12:29:09 PM EDT >:Last Seen Wed 25 Apr 2012 12:29:09 PM EDT >:Local ID b6f24bd9-9431-4344-a582-a0a93d306698 >: >:Raw Audit Messages >:type=AVC msg=audit(1335371349.255:55552): avc: denied { open } for pid=5045 comm="genpkgmetadata." name="Packages" dev=dm-3 ino=393223 scontext=unconfined_u:system_r:cobblerd_t:s0 tcontext=system_u:object_r:rpm_var_lib_t:s0 tclass=file >: >: >:type=SYSCALL msg=audit(1335371349.255:55552): arch=x86_64 syscall=open success=yes exit=ENOEXEC a0=1b792c0 a1=0 a2=0 a3=16 items=3 ppid=5008 pid=5045 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm=genpkgmetadata. exe=/usr/bin/python subj=unconfined_u:system_r:cobblerd_t:s0 key=(null) >: >:type=CWD msg=audit(1335371349.255:55552): cwd=/ >: >:type=PATH msg=audit(1335371349.255:55552): item=0 name=/var/lib/rpm/Packages inode=393223 dev=fd:03 mode=0100644 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:rpm_var_lib_t:s0 >: >:type=PATH msg=audit(1335371349.255:55552): item=1 name=/var/lib/rpm/Packages inode=393223 dev=fd:03 mode=0100644 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:rpm_var_lib_t:s0 >: >:type=PATH msg=audit(1335371349.255:55552): item=2 name=/var/lib/rpm/Packages inode=393223 dev=fd:03 mode=0100644 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:rpm_var_lib_t:s0 >: >:Hash: genpkgmetadata.,cobblerd_t,rpm_var_lib_t,file,open >: >:audit2allow >: >:#============= cobblerd_t ============== >:allow cobblerd_t rpm_var_lib_t:file open; >: >:audit2allow -R >: >:#============= cobblerd_t ============== >:allow cobblerd_t rpm_var_lib_t:file open; >: > >END: > >executable: /usr/bin/python >hashmarkername: setroubleshoot >kernel: 2.6.32-220.13.1.el6.x86_64 >reason: SELinux is preventing /usr/bin/python from 'write' accesses on the file /var/lib/tftpboot/s390x/profile_list. >time: Wed 25 Apr 2012 02:32:49 PM EDT > >description: >:SELinux is preventing /usr/bin/python from 'write' accesses on the file /var/lib/tftpboot/s390x/profile_list. >: >:***** Plugin catchall (100. confidence) suggests *************************** >: >:If you believe that python should be allowed write access on the profile_list file by default. >:Then you should report this as a bug. >:You can generate a local policy module to allow this access. >:Do >:allow this access for now by executing: >:# grep cobblerd /var/log/audit/audit.log | audit2allow -M mypol >:# semodule -i mypol.pp >: >:Additional Information: >:Source Context unconfined_u:system_r:cobblerd_t:s0 >:Target Context unconfined_u:object_r:public_content_t:s0 >:Target Objects /var/lib/tftpboot/s390x/profile_list [ file ] >:Source cobblerd >:Source Path /usr/bin/python >:Port <Unknown> >:Host (removed) >:Source RPM Packages python-2.6.6-29.el6 >:Target RPM Packages >:Policy RPM selinux-policy-3.7.19-126.el6_2.10 >:Selinux Enabled True >:Policy Type targeted >:Enforcing Mode Permissive >:Host Name (removed) >:Platform Linux (removed) 2.6.32-220.13.1.el6.x86_64 #1 SMP Thu >: Mar 29 11:46:40 EDT 2012 x86_64 x86_64 >:Alert Count 2 >:First Seen Wed 25 Apr 2012 12:29:04 PM EDT >:Last Seen Wed 25 Apr 2012 12:32:17 PM EDT >:Local ID 77b9abfc-c13e-4a06-a6df-548f431376d1 >: >:Raw Audit Messages >:type=AVC msg=audit(1335371537.145:55559): avc: denied { write } for pid=5017 comm="cobblerd" name="profile_list" dev=dm-3 ino=525445 scontext=unconfined_u:system_r:cobblerd_t:s0 tcontext=unconfined_u:object_r:public_content_t:s0 tclass=file >: >: >:type=SYSCALL msg=audit(1335371537.145:55559): arch=x86_64 syscall=open success=yes exit=EFBIG a0=7f5820073090 a1=242 a2=1b6 a3=0 items=3 ppid=1 pid=5017 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm=cobblerd exe=/usr/bin/python subj=unconfined_u:system_r:cobblerd_t:s0 key=(null) >: >:type=CWD msg=audit(1335371537.145:55559): cwd=/ >: >:type=PATH msg=audit(1335371537.145:55559): item=0 name=/var/lib/tftpboot/s390x/profile_list inode=525445 dev=fd:03 mode=0100644 ouid=0 ogid=0 rdev=00:00 obj=unconfined_u:object_r:public_content_t:s0 >: >:type=PATH msg=audit(1335371537.145:55559): item=1 name=/var/lib/tftpboot/s390x/profile_list inode=525445 dev=fd:03 mode=0100644 ouid=0 ogid=0 rdev=00:00 obj=unconfined_u:object_r:public_content_t:s0 >: >:type=PATH msg=audit(1335371537.145:55559): item=2 name=/var/lib/tftpboot/s390x/profile_list inode=525445 dev=fd:03 mode=0100644 ouid=0 ogid=0 rdev=00:00 obj=unconfined_u:object_r:public_content_t:s0 >: >:Hash: cobblerd,cobblerd_t,public_content_t,file,write >: >:audit2allow >: >:#============= cobblerd_t ============== >:allow cobblerd_t public_content_t:file write; >: >:audit2allow -R >: >:#============= cobblerd_t ============== >:allow cobblerd_t public_content_t:file write; >: > >END: >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Actions:
View
Attachments on
bug 816309
:
580246
|
580247
| 580248