Bug 1539813

Summary: the output of sealert -a ... is localized partially
Product: Red Hat Enterprise Linux 7 Reporter: Dalibor Pospíšil <dapospis>
Component: setroubleshootAssignee: Vit Mojzis <vmojzis>
Status: CLOSED WONTFIX QA Contact: Milos Malik <mmalik>
Severity: low Docs Contact:
Priority: low    
Version: 7.5CC: dapospis, lvrabec, mgrepl, mmalik, plautrba, vmojzis, zpytela
Target Milestone: rc   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2019-02-27 14:08:31 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Dalibor Pospíšil 2018-01-29 16:33:37 UTC 
For languages, like DE, there are some string translated and some not. We are not supposed to have 100% translation for these languages but currently the mixture makes it very weird.

It would be good to have it either fully translated or fully not translated. The current state where every other sentence is translated feels inappropriate or even dilettante. Also there are missing spaces after 'dann'

# rpm -q setroubleshoot
setroubleshoot-3.2.29-3.el7.x86_64
# LANG=de_DE.utf8 LC_ALL=de_DE.utf8 sealert -a tmp                                                                                                                                                                 
100% done
found 1 alerts in tmp
--------------------------------------------------------------------------------

SELinux hindert httpd daran, mit getattr-Zugriff auf Datei /var/www/html/test zuzugreifen.

*****  Plugin restorecon (99.5 Wahrscheinlichkeit) schlägt vor    ************

If you want to fix the label. 
/var/www/html/test default label should be httpd_sys_content_t.
Dannyou can run restorecon. The access attempt may have been stopped due to insufficient permissions to access a parent directory in which case try to change the following command accordingly.
Ausführen
# /sbin/restorecon -v /var/www/html/test

*****  Plugin catchall (1.49 Wahrscheinlichkeit) schlägt vor    **************

If you believe that httpd should be allowed getattr access on the test file by default.
Dannsie sollten dies als Fehler melden.
Um diesen Zugriff zu erlauben, können Sie ein lokales Richtlinien-Modul erstellen.
Ausführen
allow this access for now by executing:
# ausearch -c 'httpd' --raw | audit2allow -M my-httpd
# semodule -i my-httpd.pp


zusätzliche Information:
Quellkontext                  system_u:system_r:httpd_t:s0
Zielkontext                   unconfined_u:object_r:admin_home_t:s0
Zielobjekte                   /var/www/html/test [ file ]
Quelle                        httpd
Quellpfad                     httpd
Port                          <Unknown>
Host                          <Unknown>
RPM-Pakete der Quelle         
RPM-Pakete des Ziels          
Richtlinien-RPM               selinux-policy-3.13.1-186.el7.noarch
SELinux aktiviert             True
Richtlinientyp                targeted
Enforcing-Modus               Enforcing
Rechnername                   sopos-rhel7-brq.usersys.redhat.com
Plattform                     Linux sopos-rhel7-brq.usersys.redhat.com
                              3.10.0-693.el7.x86_64 #1 SMP Thu Jul 6 19:56:57
                              EDT 2017 x86_64 x86_64
Anzahl der Alarme             1
Zuerst gesehen                2014-11-21 08:23:09 CET
Zuletzt gesehen               2014-11-21 08:23:09 CET
Lokale ID                     07634a10-11ab-4f6a-851c-b509854a6ead

Raw-Audit-Meldungen
type=AVC msg=audit(1416554589.695:13787): avc:  denied  { getattr } for  pid=26259 comm="httpd" path="/var/www/html/test" dev="dm-0" ino=1160138 scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:object_r:admin_home_t:s0 tclass=
file


Hash: httpd,httpd_t,admin_home_t,file,getattr
Comment 3 Zdenek Pytela 2019-02-27 14:08:31 UTC 
This issue was not selected to be included in Red Hat Enterprise Linux 7.7 because it is seen either as low or moderate impact to a small number of use-cases. The next release will be in Maintenance Support 1 Phase, which means that qualified Critical and Important Security errata advisories (RHSAs) and Urgent Priority Bug Fix errata advisories (RHBAs) may be released as they become available.

We will now close this issue, but if you believe that it qualifies for the Maintenance Support 1 Phase, please re-open; otherwise, we recommend moving the request to Red Hat Enterprise Linux 8 if applicable.