| Summary: | SELinux is preventing /usr/bin/python2.7 from 'create' accesses on the file pexpect.pyc. | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | nino.corsi |
| Component: | selinux-policy | Assignee: | Miroslav Grepl <mgrepl> |
| Status: | CLOSED WONTFIX | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 19 | CC: | dominick.grift, dwalsh, lvrabec, mgrepl |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | i686 | ||
| OS: | Unspecified | ||
| Whiteboard: | abrt_hash:ea6bb5191dc6dee025aa12bf2d7094b303cb8135add7fa138dd659641f6b327d | ||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2013-09-28 10:44:06 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
Where did this file come from? pexpect.pyc is just an optimized python compiled code. It should have been shipped with this file. If you just run python on the file it will compile it and the problem should go away. |
Description of problem: SELinux is preventing /usr/bin/python2.7 from 'create' accesses on the file pexpect.pyc. ***** Plugin catchall_labels (83.8 confidence) suggests ******************** If you want to allow python2.7 to have create access on the pexpect.pyc file Then e' necessario modificare l'etichetta su pexpect.pyc Do # semanage fcontext -a -t TIPO_FILE 'pexpect.pyc' dove TIPO_FILE è uno dei seguenti: cupsd_interface_t, cupsd_lock_t, cupsd_log_t, cupsd_rw_etc_t, cupsd_tmp_t, cupsd_var_lib_t, cupsd_var_run_t, krb5_host_rcache_t, print_spool_t. Quindi eseguire: restorecon -v 'pexpect.pyc' ***** Plugin catchall (17.1 confidence) suggests *************************** If si crede che python2.7 dovrebbe avere possibilità di accesso create sui pexpect.pyc file in modo predefinito. Then si dovrebbe riportare il problema come bug. E' possibile generare un modulo di politica locale per consentire questo accesso. Do consentire questo accesso per il momento eseguendo: # grep hp-config_usb_p /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context system_u:system_r:cupsd_t:s0-s0:c0.c1023 Target Context system_u:object_r:usr_t:s0 Target Objects pexpect.pyc [ file ] Source hp-config_usb_p Source Path /usr/bin/python2.7 Port <Sconosciuto> Host (removed) Source RPM Packages python-2.7.5-4.fc19.i686 Target RPM Packages Policy RPM selinux-policy-3.12.1-74.4.fc19.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 3.9.5-301.fc19.i686 #1 SMP Tue Jun 11 20:01:50 UTC 2013 i686 i686 Alert Count 35 First Seen 2013-09-27 20:51:33 CEST Last Seen 2013-09-27 20:51:35 CEST Local ID f23233d7-240a-4d8b-abed-05594f6ce98d Raw Audit Messages type=AVC msg=audit(1380307895.8:1894): avc: denied { create } for pid=32625 comm="python" name="pexpect.pyc" scontext=system_u:system_r:cupsd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:usr_t:s0 tclass=file type=SYSCALL msg=audit(1380307895.8:1894): arch=i386 syscall=open success=no exit=EACCES a0=96d6a38 a1=82c1 a2=81a4 a3=96d6a38 items=0 ppid=32621 pid=32625 auid=4294967295 uid=0 gid=7 euid=0 suid=0 fsuid=0 egid=7 sgid=7 fsgid=7 ses=4294967295 tty=(none) comm=python exe=/usr/bin/python2.7 subj=system_u:system_r:cupsd_t:s0-s0:c0.c1023 key=(null) Hash: hp-config_usb_p,cupsd_t,usr_t,file,create Additional info: reporter: libreport-2.1.7 hashmarkername: setroubleshoot kernel: 3.9.5-301.fc19.i686 type: libreport