Bug 1246757
Summary: | SELinux is preventing abrt-hook-ccpp from using the 'sigchld' accesses on a process. | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Mirosław <miras199002> |
Component: | selinux-policy | Assignee: | Lukas Vrabec <lvrabec> |
Status: | CLOSED DUPLICATE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | high | Docs Contact: | |
Priority: | high | ||
Version: | 22 | CC: | antonio.montagnani, dominick.grift, dwalsh, fulminemizzega, HolyMaster, lvrabec, mgrepl, plautrba, silvio.a.palmieri, timur.kristof |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | x86_64 | ||
OS: | Unspecified | ||
Whiteboard: | abrt_hash:19a5950d73414bef821e0bfc5a56469bc6e331fad1a404dd1edbd9ac30876123 | ||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2015-10-05 06:45:15 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Mirosław
2015-07-25 12:34:30 UTC
Description of problem: no idea, just surfing the net. I don't know if it is conencdyed to flash plugin, but bever had this warning before Version-Release number of selected component: selinux-policy-3.13.1-128.10.fc22.noarch Additional info: reporter: libreport-2.6.2 hashmarkername: setroubleshoot kernel: 4.1.6-200.fc22.x86_64 type: libreport This is what I got on a fresh f22 install with all updates installed: SELinux is preventing abrt-hook-ccpp from using the 'sigchld' accesses on a process. ***** Plugin catchall (100. confidence) suggests ************************** If si crede che abrt-hook-ccpp dovrebbe avere possibilità di accesso sigchld ai processi etichettati kernel_t in modo predefinito. Then si dovrebbe riportare il problema come bug. E' possibile generare un modulo di politica locale per consentire questo accesso. Do consentire questo accesso per il momento eseguendo: # grep abrt-hook-ccpp /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context system_u:system_r:xdm_t:s0-s0:c0.c1023 Target Context system_u:system_r:kernel_t:s0 Target Objects Unknown [ process ] Source abrt-hook-ccpp Source Path abrt-hook-ccpp Port <Unknown> Host (removed) Source RPM Packages Target RPM Packages Policy RPM selinux-policy-3.13.1-128.12.fc22.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 4.1.6-200.fc22.x86_64 #1 SMP Mon Aug 17 19:54:31 UTC 2015 x86_64 x86_64 Alert Count 1 First Seen 2015-09-04 02:55:19 CEST Last Seen 2015-09-04 02:55:19 CEST Local ID 1873efa7-ef22-4590-bef5-a65df22bc35a Raw Audit Messages type=AVC msg=audit(1441328119.203:559): avc: denied { sigchld } for pid=3372 comm="abrt-hook-ccpp" scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=0 Hash: abrt-hook-ccpp,xdm_t,kernel_t,process,sigchld It's not related to firefox, I get it on this machine and in a test VM, where firefox is not running. I ran the command advised and left it there. Description of problem: just durfing Version-Release number of selected component: selinux-policy-3.13.1-128.13.fc22.noarch Additional info: reporter: libreport-2.6.2 hashmarkername: setroubleshoot kernel: 4.1.7-200.fc22.x86_64 type: libreport *** This bug has been marked as a duplicate of bug 1245477 *** |