Description of problem:
SELinux is preventing abrt-hook-ccpp from 'read' accesses on the directory /root.
***** Plugin catchall (100. confidence) suggests **************************
If you believe that abrt-hook-ccpp should be allowed read access on the root directory by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# grep abrt-hook-ccpp /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp
Additional Information:
Source Context system_u:system_r:abrt_dump_oops_t:s0
Target Context system_u:object_r:admin_home_t:s0
Target Objects /root [ dir ]
Source abrt-hook-ccpp
Source Path abrt-hook-ccpp
Port <Unknown>
Host (removed)
Source RPM Packages
Target RPM Packages filesystem-3.2-32.fc22.x86_64
Policy RPM selinux-policy-3.13.1-128.18.fc22.noarch
Selinux Enabled True
Policy Type targeted
Enforcing Mode Permissive
Host Name (removed)
Platform Linux (removed) 4.2.5-201.fc22.x86_64 #1 SMP Wed
Oct 28 20:00:23 UTC 2015 x86_64 x86_64
Alert Count 1
First Seen 2015-11-23 22:35:53 IST
Last Seen 2015-11-23 22:35:53 IST
Local ID c8df83b4-399a-472b-b77a-ee323a7ff0ac
Raw Audit Messages
type=AVC msg=audit(1448298353.773:305): avc: denied { read } for pid=10098 comm="abrt-hook-ccpp" name="root" dev="dm-1" ino=1441793 scontext=system_u:system_r:abrt_dump_oops_t:s0 tcontext=system_u:object_r:admin_home_t:s0 tclass=dir permissive=1
Hash: abrt-hook-ccpp,abrt_dump_oops_t,admin_home_t,dir,read
Version-Release number of selected component:
selinux-policy-3.13.1-128.18.fc22.noarch
Additional info:
reporter: libreport-2.6.3
hashmarkername: setroubleshoot
kernel: 4.2.5-201.fc22.x86_64
type: libreport