Bug 533427
Summary: | SELinux is preventing /usr/bin/python "create" access on fedora-debuginfo. | ||||||
---|---|---|---|---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Rod C. Johnson <rod.c.johnson> | ||||
Component: | selinux-policy | Assignee: | Daniel Walsh <dwalsh> | ||||
Status: | CLOSED WORKSFORME | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||
Severity: | medium | Docs Contact: | |||||
Priority: | low | ||||||
Version: | 12 | CC: | 01kevink, 1.brian.murphy, 454john, aab, aaronsa53, abdeslam2009, about2cure, accounts, acogue, adamus1117, adi.sunarya, afriadi.ah, ajeet.ajeetkumar, alanmerriman, alejandro183, alelima.xandao, allesindtoren, alsanguz, altarouti.m, amarjeetalien, amauricio.jimenez, amine.elbaghdadi, amir2229, amit, amon.ra.ymond, andres.danziger1, andrig.t.miller, anim-eh, anis.haris, anto73_m, antoniozamora76028, arbrmastr, arslan.rozyyev, artemio.silva, arto.aikioniemi, arturomnty, artzfam, ashish3536, attar-moha, attila.foeldes, audit.art, a.volovic, avranchi, b10242381, barryl123, bashon, beaucapas, bee100000, benhim, benl, berni.8612, bertux66, best4ever.bharat, bfsmith9, bgraz9, bharatkumar089, bijolianabhi, bill.poppovich, bioreef, bismar.blog, blust19, bob, borgan, braden, brauket, brian, brianw29, brokenmoth08, BRosandick, bsexton, bub181, bugchaser, bugfedora, bugzilla.redhat.com, bugzilla_rhn, buster.stockman, campbecg, cantonsen, carrerah, catalyst214, celiohermoso, cewalker7, chalin_3, charpit24, chenjianming_711, chris.partezana, chris, christoph.wickert, chrys87, cje, coachepooh2, crxtasy12, c.twelve, ctyler.fedora, cward, cyrusyzgtt, da.animator, dakshay, damienkervennic, danderson, danieljucan, daniel.lui64, danilo.bogdanov, danlsgiga, darem3, darxlord, dave.wilcock, david.paige, demarco122, devel.niks, diego.p77, dilip_rout, dimi, dinodestroyerdanny, dipesh_insomniac, dmachop, dmitryburstein, dobrotek6, don.novak, draileanu, drarem, drfudgeboy, drmanishdangi77, droberts, dwalsh, dweb98, eavila, eddymurphy, eduard0.ec0, elycastelljr, entropy92, eric2kwok, ericosaucedo, esuendale, ethan.dumeyer, fabio.andreolj, factacy, faisal0967, fanisatt, farshid.dehghan, fastijum, fedora, fedora, felip_assis, ferraneloi, findingharrylime, fjpires, flaim230, flhtcu91, forthommel, francico.87, franck.wiatrowski, froze14ph, gaetan, garosre3, gczarcinski, gedsonrios, geoscottjr, geslinux, gileadeg, gkosto87, gokhansever, gomez, great_king_72, grifter7, gs06897, gururamesh2008, gustavo, hackob, hadi_farzin, hairon.nunez, halimonur, hans.gatu, hapysmel, hawks.junior, heartlockpending, hedayaty, hitesh.dhola, hlk.dogan, hobbes1069, hopparz, HUGO.MUOTUNE, huynhthehao, igndenok, iliko1st, imranirl, ink08, iramireze, ironshack, isaacsannithomas, isada0, ivor, izartova, jacksonguitar91, jacob, jahiamir, jaimemieles, jamesmccullough, james.nelson27, janseneric, jan.teichmann, jbrown51, jdanbarnes, jdking69, jdshaddy666, jeremy, jeremy.butler36, jessie.supe, jfcodelacruz, jhd152, jimmyjh27, jmacleod, jmksbabydog2, jocagovi, johannes.postler, john.brown009, Jordan_ad, Jsh08d, jszapipes, juha.koskiniemi, kamikaze666, kasonfaa, kenjiown, khem23053, kimfolsen80, kleeman10, KMAYHEW6, konus2000, koolkartik87, koshaduk, kumarakshay2003, kutekunal, lajkmas, lakshminaras2002, lcostafraga, leoncogs, leonelpm, lgraves, linux, linux, lmacken, luca.botti, luya, ma1t05, madomingo, maiconmolina92, mail202as-news, mail2koushikdas, mail, mailtorishabhjain, maithanhan, malazoj, manitha, manjunathp2, manmathan.kumarathurai, manzanasconfitadas, marbolangos, marcridilla, martin.nad89, martin.sh, martinthain99, marty39a, m.asgarikhah, matetiau, matthewalien, maurizio.antillon, maxime.tierre, mckeltonalan, mdhensley, mevaibhav, mgrepl, michaelho, michkin_a, mike.reid2, misiaczkowaty, mjcasey1115, mmeteva, mohanvelin, morirmorir, morphix, mputniorz, mrbatwood, mr.erdk, msdeleonpeque, muhammad.baiquni, musa_abuh, name_be, neddih1004, neil_stelzer, netguy57, ngirardin, nidal.malla, Nightwalker287, nitin.ramachandran, nocountryman, nolimithottboy, nonishjain, ntsurfer, nymarek, oflor, okesh.badhiye, olivares14031, olunow, one.call.merch, opalka.richard, opoq1, optimal_solution2000, orionlin1975, palango, pandyatirth, papseddy, partha.d, paulmarc.bougharios, paulokandimba1, pavel.ondracka, pds_pers, peeths003, pellegew, peppymaverick, perplesso82, peter.kolbus, peter.taylor, phcutty, philip.chimento, phunkjunkies, piero.ticchione, pikachu.2014, pmcdonou, pommerenke.peter, popelov, prapulla.kumar, pratyush.a.sahay, presoblue, purosbichos, pyromanov, qtl.aas, rado.kljucevsek, rafepren, raj.crzyrev, ravisrhyme, raybell88, rdb69, reddyyvu, reelkaas, reg.peter, rene.purcell, renich, revbruce3, rezal69, rfpkm909, rhysllanelli, rivarda1, rjenkins, rm-carneiro, robinthakurrajput, rockstarsavin, rodrigo.sanchez, rogerb, rolle.hoffmann, romduch, rorrim.tec, rosen, rplainfield, rpqmo65, rs55_ame, rudyheryanto, rwdoty, ryanoncall, rybka, sahebgouda, sajujosephin, salisburyde, santiago.lunar.m, santiagopena57, sarrab1976, sassmann, sbdresser, seancanfixit, sebastiandouilly, sebastian.nitulescu, seth.bladen, severnsn, sgoldber, shanmugam_sridharan, sherifkhan, shineindigo, shobimathew, skyblue1988, skydec, slimg00dy, slishan, smartskm, smooge, sorkan, spcarevalo, sraja, stephenwday, steven.snow, steve.obrien, steve, surajprakash, sus1989, svecar.zd, swampy_sql, sweigand, tacor, t.chrzczonowicz, temaxd, thommyd, thub, thunderbirdtr, tianxiexingnazi, tjd77, tjpueschel, tjsspyder, tminar, tomas.ostlund42, tomaszgalazka2, tomo7788, tonysk8, topke63, toth.david, tpsanca, travelngeek, travistrash, tremlex, trev690.wright, tribby21, tristian.celestin, Triv, uckelman, ulrich, ulrich.hobelmann, uncaught, unix63, veresp, vikigoyal, vince.geek, vincent.passaro, vinodkbishnoi, vitahavya, volans2000, wherebrandon_fedora_bugzilla, williamcheah88, wilsonjallan, wnn283592, wolfgang.rupprecht, wrexx18, xanexp, xavier1687, xeno, xqdjk, x-rated_angel, yakoob, yaozhuo, ymedhui, yodafon, yorulezkos, zolko.m, zub07513 | ||||
Target Milestone: | --- | Keywords: | Reopened | ||||
Target Release: | --- | ||||||
Hardware: | i386 | ||||||
OS: | Linux | ||||||
Whiteboard: | setroubleshoot_trace_hash:9c9aad111bd5a0ea57ffbd0fefb94b1594a9c3fa849ded1fd0186acf34acede1 | ||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2009-11-19 22:08:38 UTC | Type: | --- | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Attachments: |
|
Description
Rod C. Johnson
2009-11-06 18:33:18 UTC
Fixed in selinux-policy-3.6.32-42.fc12.noarch This happen every time I log in. Well something is blowing up everytime you log in. Have you tried the newer policy? This problem is still not fixed as of 17 November 2009. The latest update in fedora, updates, or updates-testing is selinux-policy-3.6.32-41.fc12 -46 has been put in fedora-updates and has been pushed. It should get to a mirror near you soon. I was chating on "amsn" and wow.... bug!! Since I re-open this, I am now closing. With "3.6.32-46.fc12" applied, this problem no longer occurs. This happened for me on a newly installed Fedora 12 system with all updates applied (as of 2009-11-22). The happened when the automatic bug reporting tool detected a crash in compiz and promted me to send a bug report. The full message given by "SELinux Security Alerts" was: --------------- Summary: SELinux is preventing /usr/bin/python "create" access on fedora-debuginfo. Detailed Description: [yum has a permissive type (abrt_t). This access was not denied.] SELinux denied access requested by yum. It is not expected that this access is required by yum and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Allowing Access: You can generate a local policy module to allow this access - see FAQ (http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Please file a bug report. Additional Information: Source Context system_u:system_r:abrt_t:s0 Target Context system_u:object_r:rpm_var_cache_t:s0 Target Objects fedora-debuginfo [ dir ] Source yum Source Path /usr/bin/python Port <Unknown> Host (removed) Source RPM Packages python-2.6.2-2.fc12 Target RPM Packages Policy RPM selinux-policy-3.6.32-41.fc12 Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Plugin Name catchall Host Name (removed) Platform Linux tomas-laptop 2.6.31.5-127.fc12.i686 #1 SMP Sat Nov 7 21:41:45 EST 2009 i686 i686 Alert Count 1 First Seen Sun 22 Nov 2009 10:56:47 PM CET Last Seen Sun 22 Nov 2009 10:56:47 PM CET Local ID f0844f39-a963-4701-98d9-99d64b6f8577 Line Numbers Raw Audit Messages node=tomas-laptop type=AVC msg=audit(1258927007.131:23658): avc: denied { create } for pid=2804 comm="yum" name="fedora-debuginfo" scontext=system_u:system_r:abrt_t:s0 tcontext=system_u:object_r:rpm_var_cache_t:s0 tclass=dir node=tomas-laptop type=SYSCALL msg=audit(1258927007.131:23658): arch=40000003 syscall=39 success=yes exit=0 a0=9e26a88 a1=1ed a2=4c3868 a3=982a050 items=0 ppid=2803 pid=2804 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="yum" exe="/usr/bin/python" subj=system_u:system_r:abrt_t:s0 key=(null) Installing the selinux-policy from updates-testing fixed it for me. Ok, this issue now seems to be fixed after the updates released 24 November. Thanks. I'm having this problem with an up-to-date Fedora 12 (installed from the beta live-cd a few weeks ago and updated daily). Since I'm assuming yum runs at regular intervals (plus my daily "yum update"s), this bug must still be there. I'd like to REOPEN, but I'm not sure where to do that (or if it's possible... lack of privileges?), as this bugzilla looks quite different from what I'm used to. Could you attach the latest setroubleshoot message? rpm -q selinux-policy-targeted Oh. Seems like the SELinux applet did not show me the latest message (that which caused it to pop up in the first place), but an older message from 11/19. The messages I got were just wrong contexts for /var/lib/misc/prelink.*. So I guess this is fixed... It shows you the oldest unseen, not the latest to come up. It happend to me after installing the flash rpm provided by adobe which contains adobe YUM Repo. So it looks like yum is trying to create the .repo file and SeLinux don't like that. That is exactly when it started happening to me... and still does selinux-policy-targeted-3.6.32-46.fc12.noarch Jordan update to selinux-policy-targeted-3.6.32-55.fc12.noarch Sorry to intrude, but I'm a newbie here, new to Linux, just installed more updates, which required a restart, and it's happening to me. Bug reporting tool says it's been reported before, this thread says CLOSED WORKSFORME, but ITDOESNTWORKFORME. After these updates I now have three different versions of Fedora in the boot menu - does that have anything to do with this bug? I don't understand why this bug has been fixed and fixed and fixed again and it still keeps occurring. I'm totally confused and frustrated. (In reply to comment #19) > Sorry to intrude, but I'm a newbie here, new to Linux, just installed more > updates, which required a restart, and it's happening to me. Bug reporting tool > says it's been reported before, this thread says CLOSED WORKSFORME, but > ITDOESNTWORKFORME. Several people reported this bug to be fixed a wile back. Are you sure your system is fully updated and you did a reboot after the last update? When sealert reports a violation and you open the tool, it shows the first alarm instead of the last one. So what you see is likely an old alarm but not the one that triggered the warning. Use the <next> <previous> buttons to browse through the reports. If you still see this problem, take a look at the time it appeared and the version of selinux-polity-affected. I am very optimistic that is hasn't happened lately with the latest selinux-policy. > After these updates I now have three different versions of > Fedora in the boot menu - does that have anything to do with this bug? No, this is normal. yum update selinux-policy-targeted Or even better yum update selinux-policy-targeted --enablerepo=updates-testing Current policy is selinux-policy-3.6.32-59.fc12.noarch Latest testing policy is selinux-policy-3.6.32-63.fc12.noarch i installed fedora 12 on a lenovo W500. When i ran the updates this morning i got this error, and signed up for a redhad bugzilla id, and reported the error(it is the first of 8 selinux errors) I have not used alternate/3rd party repos. i haven't even put in m3 decoding or dvd watching. this issue does still exist on 100% redhat/fedora distributed packages, so it DOES NOT WORK FOR ME. i will be happy to provide any information from my system to help solve the problem. this is preventing yum from working. i really don't want to disable selinux. it is there for a good reason. i installed fedora 12 on a lenovo W500. When i ran the updates this morning i got this error, and signed up for a redhad bugzilla id, and reported the error(it is the first of 8 selinux errors) I have not used alternate/3rd party repos. i haven't even put in m3 decoding or dvd watching. this issue does still exist on 100% redhat/fedora distributed packages, so it DOES NOT WORK FOR ME. i will be happy to provide any information from my system to help solve the problem. this is preventing yum from working. i really don't want to disable selinux. it is there for a good reason. What error exactly did you get when you ran yum update? I am new to Fedora just run yum update as per details on previous comment and seems to have fixed bug thanks for your help. TFH The bug report that I filed occurs when I do a cold boot of the OS-Fedora 12. The only thing I have noticed different in this new OS install is that the network connection is disabled by default, which was not the case with Fedora 11. whenever i boot into my fedora KDE desktop i always get the SELinux message that this bug has occured..apart from booting into the desktop i didn't do anything. right now i'm updating my selinux policy and will reboot afterwards.. yes, not occurred this time when i rebooted after the update..thankyou. Created attachment 394546 [details]
creo que seja o arquivo certo, estou tendo complicação para para fazer update do sistema, sempre aparesse erro, pesso que me ajudem
I installed fedora 12 on my laptop and I opened software update and this bug is not allowing me to receive any updates. Any fixes? Well, if you just want to update your computer, try becoming root and write " yum update " in your console. It works for me many times. |