Bug 1047284
| Summary: | SELinux is preventing /usr/bin/perl from using the 'execstack' accesses on a process. | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Nicolas Mailhot <nicolas.mailhot> |
| Component: | selinux-policy | Assignee: | Miroslav Grepl <mgrepl> |
| Status: | CLOSED DUPLICATE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | rawhide | CC: | dominick.grift, dwalsh, lvrabec, mgrepl |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | x86_64 | ||
| OS: | Unspecified | ||
| Whiteboard: | abrt_hash:8801e8020508d0d9ccd34a87e73b4464e54d2923226f0360b47fe4f656a58083 | ||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2014-01-02 21:30:47 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
*** This bug has been marked as a duplicate of bug 1045699 *** |
Description of problem: SELinux is preventing /usr/bin/perl from using the 'execstack' accesses on a process. ***** Plugin catchall (100. confidence) suggests ************************** If vous pensez que perl devrait être autorisé à accéder execstack sur les processus étiquetés spamd_update_t par défaut. Then vous devriez rapporter ceci en tant qu'anomalie. Vous pouvez générer un module de stratégie local pour autoriser cet accès. Do autoriser cet accès pour le moment en exécutant : # grep sa-update /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context system_u:system_r:spamd_update_t:s0-s0:c0.c1023 Target Context system_u:system_r:spamd_update_t:s0-s0:c0.c1023 Target Objects [ process ] Source sa-update Source Path /usr/bin/perl Port <Unknown> Host (removed) Source RPM Packages perl-5.18.1-290.fc21.x86_64 Target RPM Packages Policy RPM selinux-policy-3.13.1-10.fc21.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 3.13.0-0.rc3.git5.1.fc21.x86_64 #1 SMP Sat Dec 14 15:06:01 UTC 2013 x86_64 x86_64 Alert Count 6 First Seen 2013-12-30 04:10:03 CET Last Seen 2013-12-30 05:11:17 CET Local ID 426b35d9-f832-4b78-958f-fcfebd656abc Raw Audit Messages type=AVC msg=audit(1388376677.787:80743): avc: denied { execstack } for pid=14255 comm="sa-update" scontext=system_u:system_r:spamd_update_t:s0-s0:c0.c1023 tcontext=system_u:system_r:spamd_update_t:s0-s0:c0.c1023 tclass=process type=SYSCALL msg=audit(1388376677.787:80743): arch=x86_64 syscall=mprotect success=no exit=EACCES a0=7fffef755000 a1=1000 a2=1000007 a3=0 items=0 ppid=11514 pid=14255 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 ses=1286 tty=(none) comm=sa-update exe=/usr/bin/perl subj=system_u:system_r:spamd_update_t:s0-s0:c0.c1023 key=(null) Hash: sa-update,spamd_update_t,spamd_update_t,process,execstack Additional info: reporter: libreport-2.1.10 hashmarkername: setroubleshoot kernel: 3.13.0-0.rc3.git5.1.fc21.x86_64 type: libreport