Bug 1300334
Summary: | SELinux is preventing abrt-hook-ccpp from 'getattr' accesses on the file file. | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | P. A. López-Valencia <palopezv> |
Component: | selinux-policy | Assignee: | Lukas Vrabec <lvrabec> |
Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | medium | Docs Contact: | |
Priority: | high | ||
Version: | 24 | CC: | decathorpe, dominick.grift, dwalsh, flast, jfrieben, jsmith.fedora, lvrabec, mgrepl, plautrba, pschindl, sgallagh, vondruch |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | x86_64 | ||
OS: | Other | ||
Whiteboard: | abrt_hash:ada9ddb78617a6e6e2e35b6a1db665420e51e6e3d871d2aa78e904e045601d33;VARIANT_ID=workstation; | ||
Fixed In Version: | selinux-policy-3.13.1-170.fc24 selinux-policy-3.13.1-179.fc24 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2016-03-23 16:57:09 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
P. A. López-Valencia
2016-01-20 13:41:46 UTC
It also happens in targeted mode, but at least I can report it now. Description of problem: Rebooted my machine, and saw the alert. Version-Release number of selected component: selinux-policy-3.13.1-167.fc24.noarch Additional info: reporter: libreport-2.6.3 hashmarkername: setroubleshoot kernel: 4.5.0-0.rc0.git1.1.fc24.x86_64 type: libreport We added NSFS support which causes this issue. Hi, Could you do following: 1. #semanage permissive -a abrt_dump_oops_t 2. reproduce issue 3. ausearch -m AVC -ts recent 4. attach AVC msgs 5. #semanage permissive -d abrt_dump_oops_t Thank you. I saw your message after upgrading to selinux-policy-3.13.1-168.fc24... The error has repeated itself once and it's as follows: ---- time->Thu Jan 21 13:08:28 2016 type=AVC msg=audit(1453399708.072:589): avc: denied { getattr } for pid=2244 comm="abrt-hook-ccpp" path="ipc:[4026531839]" dev="nsfs" ino=4026531839 scontext=system_u:system_r:abrt_dump_oops_t:s0 tcontext=system_u:object_r:nsfs_t:s0 tclass=file permissive=0 ---- Description of problem: Happened when installing the rpmfusion free repo rpm through firefox and packagekit. Version-Release number of selected component: selinux-policy-3.13.1-168.fc24.noarch Additional info: reporter: libreport-2.6.3 hashmarkername: setroubleshoot kernel: 4.5.0-0.rc0.git8.1.fc24.x86_64 type: libreport Description of problem: This happened right after I logged into the desktop with my user. Version-Release number of selected component: selinux-policy-3.13.1-168.fc24.noarch Additional info: reporter: libreport-2.6.3 hashmarkername: setroubleshoot kernel: 4.5.0-0.rc1.git0.1.fc24.x86_64 type: libreport commit 1ccf8374b4f6fc85445abb8a048f23d24664d467 Author: Lukas Vrabec <lvrabec> Date: Mon Feb 8 14:29:34 2016 +0100 Allow abrt_dump_oops_t to getattr filesystem nsfs files. rhbz#1300334 This bug appears to have been reported against 'rawhide' during the Fedora 24 development cycle. Changing version to '24'. More information and reason for this action is here: https://fedoraproject.org/wiki/Fedora_Program_Management/HouseKeeping/Fedora24#Rawhide_Rebase selinux-policy-3.13.1-178.fc24 has been submitted as an update to Fedora 24. https://bodhi.fedoraproject.org/updates/FEDORA-2016-1350c96015 selinux-policy-3.13.1-178.fc24 has been pushed to the Fedora 24 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-1350c96015 selinux-policy-3.13.1-179.fc24 has been submitted as an update to Fedora 24. https://bodhi.fedoraproject.org/updates/FEDORA-2016-8f142bb969 selinux-policy-3.13.1-179.fc24 has been pushed to the Fedora 24 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-8f142bb969 selinux-policy-3.13.1-179.fc24 has been pushed to the Fedora 24 stable repository. If problems still persist, please make note of it in this bug report. |