Bug 1126037

Summary: Multiple SELinux problems in abrt-dump-journal-oops
Product: [Fedora] Fedora Reporter: Robbie Harwood <rharwood>
Component: selinux-policyAssignee: Miroslav Grepl <mgrepl>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 21CC: abrt-devel-list, b1r63r, chmelarz, dominick.grift, dvlasenk, dwalsh, eblake, iprikryl, jfilak, jrimpo, lonelywoolf, lvrabec, l.wandrebeck, mgrepl, mmilata, mtoman, peljasz, vedran, vondruch, vrutkovs
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: selinux-policy-3.13.1-78.fc21 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-09-10 02:45:46 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Robbie Harwood 2014-08-01 16:23:13 UTC 
Several denials were generated during what appeared to be normal information (though given what component this is, that doesn't mean much I suppose).  Running in permissive, I get:

[root@thriss rharwood]# grep abrt-dump-journ /var/log/audit/audit.log 
type=AVC msg=audit(1406908323.073:19): avc:  denied  { read } for  pid=714 comm="abrt-dump-journ" name="urandom" dev="devtmpfs" ino=1033 scontext=system_u:system_r:abrt_dump_oops_t:s0 tcontext=system_u:object_r:urandom_device_t:s0 tclass=chr_file permissive=1
type=AVC msg=audit(1406908323.073:19): avc:  denied  { open } for  pid=714 comm="abrt-dump-journ" path="/dev/urandom" dev="devtmpfs" ino=1033 scontext=system_u:system_r:abrt_dump_oops_t:s0 tcontext=system_u:object_r:urandom_device_t:s0 tclass=chr_file permissive=1
type=SYSCALL msg=audit(1406908323.073:19): arch=c000003e syscall=2 success=yes exit=3 a0=7f6232e3cee6 a1=80100 a2=0 a3=7f62347a7930 items=0 ppid=1 pid=714 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="abrt-dump-journ" exe="/usr/bin/abrt-dump-journal-oops" subj=system_u:system_r:abrt_dump_oops_t:s0 key=(null)
type=AVC msg=audit(1406908323.074:20): avc:  denied  { read } for  pid=714 comm="abrt-dump-journ" name="journal" dev="tmpfs" ino=13332 scontext=system_u:system_r:abrt_dump_oops_t:s0 tcontext=system_u:object_r:syslogd_var_run_t:s0 tclass=dir permissive=1
type=SYSCALL msg=audit(1406908323.074:20): arch=c000003e syscall=257 success=yes exit=3 a0=ffffffffffffff9c a1=7fff9a534e20 a2=90800 a3=0 items=0 ppid=1 pid=714 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="abrt-dump-journ" exe="/usr/bin/abrt-dump-journal-oops" subj=system_u:system_r:abrt_dump_oops_t:s0 key=(null)
type=AVC msg=audit(1406908323.074:21): avc:  denied  { read } for  pid=714 comm="abrt-dump-journ" name="system.journal" dev="tmpfs" ino=13334 scontext=system_u:system_r:abrt_dump_oops_t:s0 tcontext=system_u:object_r:syslogd_var_run_t:s0 tclass=file permissive=1
type=AVC msg=audit(1406908323.074:21): avc:  denied  { open } for  pid=714 comm="abrt-dump-journ" path="/run/log/journal/d5a9b950d7714baab14657ce2549a000/system.journal" dev="tmpfs" ino=13334 scontext=system_u:system_r:abrt_dump_oops_t:s0 tcontext=system_u:object_r:syslogd_var_run_t:s0 tclass=file permissive=1
type=SYSCALL msg=audit(1406908323.074:21): arch=c000003e syscall=2 success=yes exit=5 a0=7f623479e540 a1=80000 a2=0 a3=6c616e72756f6a2e items=0 ppid=1 pid=714 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="abrt-dump-journ" exe="/usr/bin/abrt-dump-journal-oops" subj=system_u:system_r:abrt_dump_oops_t:s0 key=(null)
type=AVC msg=audit(1406908323.074:22): avc:  denied  { getattr } for  pid=714 comm="abrt-dump-journ" path="/run/log/journal/d5a9b950d7714baab14657ce2549a000/system.journal" dev="tmpfs" ino=13334 scontext=system_u:system_r:abrt_dump_oops_t:s0 tcontext=system_u:object_r:syslogd_var_run_t:s0 tclass=file permissive=1
type=SYSCALL msg=audit(1406908323.074:22): arch=c000003e syscall=5 success=yes exit=0 a0=5 a1=7f623479e3f0 a2=7f623479e3f0 a3=6c616e72756f6a2e items=0 ppid=1 pid=714 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="abrt-dump-journ" exe="/usr/bin/abrt-dump-journal-oops" subj=system_u:system_r:abrt_dump_oops_t:s0 key=(null)
type=AVC msg=audit(1406908323.074:23): avc:  denied  { getattr } for  pid=714 comm="abrt-dump-journ" name="/" dev="tmpfs" ino=10176 scontext=system_u:system_r:abrt_dump_oops_t:s0 tcontext=system_u:object_r:tmpfs_t:s0 tclass=filesystem permissive=1
type=SYSCALL msg=audit(1406908323.074:23): arch=c000003e syscall=138 success=yes exit=0 a0=5 a1=7fff9a534ab0 a2=1 a3=7f623479e580 items=0 ppid=1 pid=714 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="abrt-dump-journ" exe="/usr/bin/abrt-dump-journal-oops" subj=system_u:system_r:abrt_dump_oops_t:s0 key=(null)
type=AVC msg=audit(1406908323.074:24): avc:  denied  { getattr } for  pid=714 comm="abrt-dump-journ" name="/" dev="dm-0" ino=2 scontext=system_u:system_r:abrt_dump_oops_t:s0 tcontext=system_u:object_r:fs_t:s0 tclass=filesystem permissive=1
type=SYSCALL msg=audit(1406908323.074:24): arch=c000003e syscall=138 success=yes exit=0 a0=6 a1=7fff9a534ab0 a2=2 a3=7f62347a68e0 items=0 ppid=1 pid=714 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="abrt-dump-journ" exe="/usr/bin/abrt-dump-journal-oops" subj=system_u:system_r:abrt_dump_oops_t:s0 key=(null)
type=AVC msg=audit(1406908323.074:25): avc:  denied  { getattr } for  pid=714 comm="abrt-dump-journ" path="/var/lib/abrt/abrt-dump-journal-oops.state" dev="dm-0" ino=1679585 scontext=system_u:system_r:abrt_dump_oops_t:s0 tcontext=system_u:object_r:var_lib_t:s0 tclass=file permissive=1
type=SYSCALL msg=audit(1406908323.074:25): arch=c000003e syscall=6 success=yes exit=0 a0=7f6232e690c8 a1=7fff9a534f60 a2=7fff9a534f60 a3=7f62347a6ee0 items=0 ppid=1 pid=714 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="abrt-dump-journ" exe="/usr/bin/abrt-dump-journal-oops" subj=system_u:system_r:abrt_dump_oops_t:s0 key=(null)
type=AVC msg=audit(1406908323.074:26): avc:  denied  { read } for  pid=714 comm="abrt-dump-journ" name="abrt-dump-journal-oops.state" dev="dm-0" ino=1679585 scontext=system_u:system_r:abrt_dump_oops_t:s0 tcontext=system_u:object_r:var_lib_t:s0 tclass=file permissive=1
type=AVC msg=audit(1406908323.074:26): avc:  denied  { open } for  pid=714 comm="abrt-dump-journ" path="/var/lib/abrt/abrt-dump-journal-oops.state" dev="dm-0" ino=1679585 scontext=system_u:system_r:abrt_dump_oops_t:s0 tcontext=system_u:object_r:var_lib_t:s0 tclass=file permissive=1
type=SYSCALL msg=audit(1406908323.074:26): arch=c000003e syscall=2 success=yes exit=3 a0=7f6232e690c8 a1=20000 a2=7fff9a534f60 a3=7f62347a6ee0 items=0 ppid=1 pid=714 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="abrt-dump-journ" exe="/usr/bin/abrt-dump-journal-oops" subj=system_u:system_r:abrt_dump_oops_t:s0 key=(null)
[root@thriss rharwood]#
Comment 1 Miroslav Grepl 2014-08-04 06:30:22 UTC 
*** Bug 1126173 has been marked as a duplicate of this bug. ***
Comment 2 Miroslav Grepl 2014-08-04 06:30:24 UTC 
*** Bug 1126172 has been marked as a duplicate of this bug. ***
Comment 3 Miroslav Grepl 2014-08-04 06:30:33 UTC 
*** Bug 1126174 has been marked as a duplicate of this bug. ***
Comment 4 Miroslav Grepl 2014-08-04 06:30:36 UTC 
*** Bug 1126175 has been marked as a duplicate of this bug. ***
Comment 5 Miroslav Grepl 2014-08-04 06:30:49 UTC 
*** Bug 1126176 has been marked as a duplicate of this bug. ***
Comment 6 Miroslav Grepl 2014-08-04 06:36:49 UTC 
commit c076ff6fdb8390d913f5f749b91b6001716f605f
Author: Miroslav Grepl <mgrepl>
Date:   Mon Aug 4 08:36:23 2014 +0200

    Add additional fixes for  abrt-dump-journal-oops which is now labeled as abrt_dump_oops_exec_t.
Comment 7 Miroslav Grepl 2014-08-04 06:41:48 UTC 
*** Bug 1126139 has been marked as a duplicate of this bug. ***
Comment 8 Miroslav Grepl 2014-08-04 06:44:34 UTC 
*** Bug 1126089 has been marked as a duplicate of this bug. ***
Comment 9 birger 2014-08-04 07:50:35 UTC 
I think my bunch of errors came on resume from suspend. I guess that only means that something else oopsed on resume and triggered this?
Comment 10 Miroslav Grepl 2014-08-04 08:13:09 UTC 
http://koji.fedoraproject.org/koji/buildinfo?buildID=550112

builds with fixes.
Comment 11 Jakub Filak 2014-08-04 08:30:48 UTC 
(In reply to birger from comment #9)
> I think my bunch of errors came on resume from suspend. I guess that only
> means that something else oopsed on resume and triggered this?

Yes, that is the most likely cause.

You can run abrt-dump-journal-oops manualy to create ABRT problems for all kernel oopses (it wasn't causing AVCs for me during testing phase):

# remove the state file if exists
$ sudo rm -f /var/lib/abrt/abrt-dump-journal-oops.state

# extract oopses from entire journal
$ sudo abrt-dump-journal-oops -Dx

# save cursor to the last kernel message
$ sudo journalctl -n 1 -o verbose SYSLOG_IDENTIFIER=kernel | sed -n 's/^.*\[\(.*\)\].*$/\1/p' | sudo tee /var/lib/abrt/abrt-dump-journal-oops.state
Comment 12 Fedora Update System 2014-08-28 14:10:47 UTC 
selinux-policy-3.13.1-77.fc21 has been submitted as an update for Fedora 21.
https://admin.fedoraproject.org/updates/selinux-policy-3.13.1-77.fc21
Comment 13 Fedora Update System 2014-08-28 16:42:30 UTC 
Package selinux-policy-3.13.1-77.fc21:
* should fix your issue,
* was pushed to the Fedora 21 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing selinux-policy-3.13.1-77.fc21'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2014-9873/selinux-policy-3.13.1-77.fc21
then log in and leave karma (feedback).
Comment 14 Fedora Update System 2014-09-02 19:29:31 UTC 
selinux-policy-3.13.1-78.fc21 has been submitted as an update for Fedora 21.
https://admin.fedoraproject.org/updates/selinux-policy-3.13.1-78.fc21
Comment 15 Laurent Wandrebeck 2014-09-06 15:23:23 UTC 
Description of problem:
Just started my system for a couple minutes after an update to F21 pre-alpha.

Version-Release number of selected component:
selinux-policy-3.13.1-78.fc21.noarch

Additional info:
reporter:       libreport-2.2.3
hashmarkername: setroubleshoot
kernel:         3.16.1-301.fc21.x86_64
type:           libreport
Comment 16 Fedora Update System 2014-09-10 02:45:46 UTC 
selinux-policy-3.13.1-78.fc21 has been pushed to the Fedora 21 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 17 Jeremy Rimpo 2014-09-28 05:10:29 UTC 
I got an alert just after reinstalling many packages on what should have been a current version of f21. The report was marked as a duplicate of this bug. It occurred just after the main install phase of the yum update.
Comment 18 Jeremy Rimpo 2014-09-28 05:12:18 UTC 
source: abrt-dump-journal-oops
attempted: getattr
on file: abrt-dump-journal-oops.state
Comment 19 lonelywoolf 2014-10-05 14:28:34 UTC 
Just the same problem as Jeremy's issue.
Comment 20 Vedran Miletić 2014-10-16 05:09:15 UTC 
Description of problem:
Installed updates

Version-Release number of selected component:
selinux-policy-3.13.1-86.fc21.noarch

Additional info:
reporter:       libreport-2.3.0
hashmarkername: setroubleshoot
kernel:         3.17.0-301.fc21.x86_64
type:           libreport
Comment 21 Vedran Miletić 2014-10-16 05:10:23 UTC 
Difference in my report is attempted: write instead of attempted: getattr.
Comment 22 Jakub Filak 2014-10-16 06:09:15 UTC 
I just want to mention that all the seemingly unrelated new comments are here because the reporters hit one of the duplicate bugs. libreport should add an explanation line with id of the duplicate to such new comments.