Bug 1246757
| Summary: | SELinux is preventing abrt-hook-ccpp from using the 'sigchld' accesses on a process. | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Mirosław <miras199002> |
| Component: | selinux-policy | Assignee: | Lukas Vrabec <lvrabec> |
| Status: | CLOSED DUPLICATE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | high | Docs Contact: | |
| Priority: | high | ||
| Version: | 22 | CC: | antonio.montagnani, dominick.grift, dwalsh, fulminemizzega, HolyMaster, lvrabec, mgrepl, plautrba, silvio.a.palmieri, timur.kristof |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | x86_64 | ||
| OS: | Unspecified | ||
| Whiteboard: | abrt_hash:19a5950d73414bef821e0bfc5a56469bc6e331fad1a404dd1edbd9ac30876123 | ||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2015-10-05 06:45:15 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
Description of problem: no idea, just surfing the net. I don't know if it is conencdyed to flash plugin, but bever had this warning before Version-Release number of selected component: selinux-policy-3.13.1-128.10.fc22.noarch Additional info: reporter: libreport-2.6.2 hashmarkername: setroubleshoot kernel: 4.1.6-200.fc22.x86_64 type: libreport This is what I got on a fresh f22 install with all updates installed:
SELinux is preventing abrt-hook-ccpp from using the 'sigchld' accesses on a process.
***** Plugin catchall (100. confidence) suggests **************************
If si crede che abrt-hook-ccpp dovrebbe avere possibilità di accesso sigchld ai processi etichettati kernel_t in modo predefinito.
Then si dovrebbe riportare il problema come bug.
E' possibile generare un modulo di politica locale per consentire questo accesso.
Do
consentire questo accesso per il momento eseguendo:
# grep abrt-hook-ccpp /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp
Additional Information:
Source Context system_u:system_r:xdm_t:s0-s0:c0.c1023
Target Context system_u:system_r:kernel_t:s0
Target Objects Unknown [ process ]
Source abrt-hook-ccpp
Source Path abrt-hook-ccpp
Port <Unknown>
Host (removed)
Source RPM Packages
Target RPM Packages
Policy RPM selinux-policy-3.13.1-128.12.fc22.noarch
Selinux Enabled True
Policy Type targeted
Enforcing Mode Enforcing
Host Name (removed)
Platform Linux (removed) 4.1.6-200.fc22.x86_64 #1 SMP Mon
Aug 17 19:54:31 UTC 2015 x86_64 x86_64
Alert Count 1
First Seen 2015-09-04 02:55:19 CEST
Last Seen 2015-09-04 02:55:19 CEST
Local ID 1873efa7-ef22-4590-bef5-a65df22bc35a
Raw Audit Messages
type=AVC msg=audit(1441328119.203:559): avc: denied { sigchld } for pid=3372 comm="abrt-hook-ccpp" scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=0
Hash: abrt-hook-ccpp,xdm_t,kernel_t,process,sigchld
It's not related to firefox, I get it on this machine and in a test VM, where firefox is not running. I ran the command advised and left it there.
Description of problem: just durfing Version-Release number of selected component: selinux-policy-3.13.1-128.13.fc22.noarch Additional info: reporter: libreport-2.6.2 hashmarkername: setroubleshoot kernel: 4.1.7-200.fc22.x86_64 type: libreport *** This bug has been marked as a duplicate of bug 1245477 *** |
Description of problem: SELinux is preventing abrt-hook-ccpp from using the 'sigchld' accesses on a process. ***** Plugin mozplugger (99.1 confidence) suggests ************************ If you want to use the plugin package Then należy wyłączyć kontrolę SELinuksa nad wtyczkami Firefoksa. Do # setsebool -P unconfined_mozilla_plugin_transition 0 ***** Plugin catchall (1.81 confidence) suggests ************************** If jeśli abrt-hook-ccpp powinno mieć domyślnie sigchld dostęp do procesów z etykietami kernel_t. Then proszę to zgłosić jako błąd. Można utworzyć lokalny moduł polityki, aby umożliwić ten dostęp. Do można tymczasowo zezwolić na ten dostęp wykonując polecenia: # grep abrt-hook-ccpp /var/log/audit/audit.log | audit2allow -M mojapolityka # semodule -i mojapolityka.pp Additional Information: Source Context unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c 0.c1023 Target Context system_u:system_r:kernel_t:s0 Target Objects Unknown [ process ] Source abrt-hook-ccpp Source Path abrt-hook-ccpp Port <Unknown> Host (removed) Source RPM Packages Target RPM Packages Policy RPM selinux-policy-3.13.1-128.6.fc22.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 4.0.8-300.fc22.x86_64 #1 SMP Fri Jul 10 21:04:56 UTC 2015 x86_64 x86_64 Alert Count 1 First Seen 2015-07-25 14:28:01 CEST Last Seen 2015-07-25 14:28:01 CEST Local ID 5a72e5ed-1a44-4570-8c39-ed259ea8a3f5 Raw Audit Messages type=AVC msg=audit(1437827281.983:1018): avc: denied { sigchld } for pid=18362 comm="abrt-hook-ccpp" scontext=unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c0.c1023 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=0 Hash: abrt-hook-ccpp,mozilla_plugin_t,kernel_t,process,sigchld Version-Release number of selected component: selinux-policy-3.13.1-128.6.fc22.noarch Additional info: reporter: libreport-2.6.1 hashmarkername: setroubleshoot kernel: 4.0.8-300.fc22.x86_64 type: libreport