DescriptionGene Czarcinski
2009-10-21 16:54:29 UTC
Summary:
SELinux is preventing /usr/sbin/abrtd "chown" access.
Detailed Description:
[abrtd has a permissive type (abrt_t). This access was not denied.]
SELinux denied access requested by abrtd. It is not expected that this access is
required by abrtd and this access may signal an intrusion attempt. It is also
possible that the specific version or configuration of the application is
causing it to require additional access.
Allowing Access:
You can generate a local policy module to allow this access - see FAQ
(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Please file a bug
report.
Additional Information:
Source Context system_u:system_r:abrt_t:s0
Target Context system_u:system_r:abrt_t:s0
Target Objects None [ capability ]
Source abrtd
Source Path /usr/sbin/abrtd
Port <Unknown>
Host (removed)
Source RPM Packages abrt-0.0.10-1.fc12
Target RPM Packages
Policy RPM selinux-policy-3.6.32-27.fc12
Selinux Enabled True
Policy Type targeted
MLS Enabled True
Enforcing Mode Enforcing
Plugin Name catchall
Host Name (removed)
Platform Linux (removed) 2.6.31.1-56.fc12.x86_64 #1 SMP Tue Sep
29 16:16:22 EDT 2009 x86_64 x86_64
Alert Count 1
First Seen Wed 21 Oct 2009 12:51:57 PM EDT
Last Seen Wed 21 Oct 2009 12:51:57 PM EDT
Local ID 8e9f0d34-4072-4935-911a-5bada291f534
Line Numbers
Raw Audit Messages
node=(removed) type=AVC msg=audit(1256143917.314:27): avc: denied { chown } for pid=1735 comm="abrtd" capability=0 scontext=system_u:system_r:abrt_t:s0 tcontext=system_u:system_r:abrt_t:s0 tclass=capability
node=(removed) type=SYSCALL msg=audit(1256143917.314:27): arch=c000003e syscall=92 success=yes exit=0 a0=917948 a1=1f6 a2=1f6 a3=1 items=0 ppid=1 pid=1735 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="abrtd" exe="/usr/sbin/abrtd" subj=system_u:system_r:abrt_t:s0 key=(null)
Hash String generated from selinux-policy-3.6.32-27.fc12,catchall,abrtd,abrt_t,abrt_t,capability,chown
audit2allow suggests:
#============= abrt_t ==============
allow abrt_t self:capability chown;