Bug 530748

Summary: SELinux is preventing /usr/sbin/abrtd "write" access on /root.
Product: [Fedora] Fedora Reporter: Tony White <twhite>
Component: abrtAssignee: Jiri Moskovcak <jmoskovc>
Status: CLOSED DUPLICATE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: low    
Version: 12CC: beland, dfediuck, dnovotny, dvlasenk, dwalsh, iprikryl, jmoskovc, kklic, mgrepl, mnowak, npajkovs
Target Milestone: ---   
Target Release: ---   
Hardware: i686   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2010-02-13 13:07:36 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Tony White 2009-10-24 17:59:01 UTC 
Summary:

SELinux is preventing /usr/sbin/abrtd "write" access on /root.

Detailed Description:

[abrtd has a permissive type (abrt_t). This access was not denied.]

SELinux denied access requested by abrtd. It is not expected that this access is
required by abrtd and this access may signal an intrusion attempt. It is also
possible that the specific version or configuration of the application is
causing it to require additional access.

Allowing Access:

You can generate a local policy module to allow this access - see FAQ
(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Please file a bug
report.

Additional Information:

Source Context                system_u:system_r:abrt_t:s0
Target Context                system_u:object_r:admin_home_t:s0
Target Objects                /root [ dir ]
Source                        abrtd
Source Path                   /usr/sbin/abrtd
Port                          <Unknown>
Host                          (removed)
Source RPM Packages           abrt-0.0.10-1.fc12
Target RPM Packages           filesystem-2.4.30-2.fc12
Policy RPM                    selinux-policy-3.6.32-27.fc12
Selinux Enabled               True
Policy Type                   targeted
MLS Enabled                   True
Enforcing Mode                Enforcing
Plugin Name                   catchall
Host Name                     (removed)
Platform                      Linux m3n.localdomain 2.6.31.1-56.fc12.i686 #1 SMP
                              Tue Sep 29 16:32:02 EDT 2009 i686 i686
Alert Count                   3
First Seen                    Sat 24 Oct 2009 08:07:56 BST
Last Seen                     Sat 24 Oct 2009 08:07:56 BST
Local ID                      cb00e1f5-6c5e-47f6-a0a6-63906f417bd4
Line Numbers                  

Raw Audit Messages            

node=m3n.localdomain type=AVC msg=audit(1256368076.601:39): avc:  denied  { write } for  pid=1228 comm="abrtd" name="root" dev=sda2 ino=263 scontext=system_u:system_r:abrt_t:s0 tcontext=system_u:object_r:admin_home_t:s0 tclass=dir

node=m3n.localdomain type=AVC msg=audit(1256368076.601:39): avc:  denied  { add_name } for  pid=1228 comm="abrtd" name=".abrt" scontext=system_u:system_r:abrt_t:s0 tcontext=system_u:object_r:admin_home_t:s0 tclass=dir

node=m3n.localdomain type=AVC msg=audit(1256368076.601:39): avc:  denied  { create } for  pid=1228 comm="abrtd" name=".abrt" scontext=system_u:system_r:abrt_t:s0 tcontext=system_u:object_r:admin_home_t:s0 tclass=dir

node=m3n.localdomain type=SYSCALL msg=audit(1256368076.601:39): arch=40000003 syscall=39 success=yes exit=0 a0=931db24 a1=1c0 a2=bfbd4fec a3=0 items=0 ppid=1 pid=1228 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="abrtd" exe="/usr/sbin/abrtd" subj=system_u:system_r:abrt_t:s0 key=(null)


Reported manually as selinux bug reporting tool no longer works.
Comment 1 Daniel Novotny 2009-10-29 14:30:37 UTC 
hello Tony,
what were you doing when this happened? can you reproduce it?
Comment 2 Tony White 2009-10-29 14:59:31 UTC 
Hi Daniel, it was this :
https://bugzilla.redhat.com/show_bug.cgi?id=531027
Comment 3 Bug Zapper 2009-11-16 14:12:49 UTC 
This bug appears to have been reported against 'rawhide' during the Fedora 12 development cycle.
Changing version to '12'.

More information and reason for this action is here:
http://fedoraproject.org/wiki/BugZappers/HouseKeeping
Comment 4 Christopher Beland 2010-02-12 20:13:06 UTC 
Possible duplicate of bug 522878.
Comment 5 Daniel Walsh 2010-02-13 13:07:36 UTC 

*** This bug has been marked as a duplicate of bug 522878 ***