Descriptionat3_steamboat99
2009-12-18 07:20:12 UTC
Summary:
SELinux is preventing /usr/bin/abrt-pyhook-helper "write" access on
/var/cache/abrt.
Detailed Description:
[abrt-pyhook-hel has a permissive type (sectoolm_t). This access was not
denied.]
SELinux denied access requested by abrt-pyhook-hel. It is not expected that this
access is required by abrt-pyhook-hel and this access may signal an intrusion
attempt. It is also possible that the specific version or configuration of the
application is causing it to require additional access.
Allowing Access:
You can generate a local policy module to allow this access - see FAQ
(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Please file a bug
report.
Additional Information:
Source Context system_u:system_r:sectoolm_t:s0-s0:c0.c1023
Target Context system_u:object_r:abrt_var_cache_t:s0
Target Objects /var/cache/abrt [ dir ]
Source abrt-pyhook-hel
Source Path /usr/bin/abrt-pyhook-helper
Port <Unknown>
Host (removed)
Source RPM Packages abrt-addon-python-1.0.0-1.fc12
Target RPM Packages abrt-1.0.0-1.fc12
Policy RPM selinux-policy-3.6.32-56.fc12
Selinux Enabled True
Policy Type targeted
Enforcing Mode Enforcing
Plugin Name catchall
Host Name (removed)
Platform Linux (removed) 2.6.31.6-166.fc12.x86_64 #1 SMP Wed
Dec 9 10:46:22 EST 2009 x86_64 x86_64
Alert Count 3
First Seen Fri 18 Dec 2009 01:19:27 AM CST
Last Seen Fri 18 Dec 2009 01:19:27 AM CST
Local ID 9cb8ad63-04e2-41ca-8fb0-ea8ae9bf1695
Line Numbers
Raw Audit Messages
node=(removed) type=AVC msg=audit(1261120767.573:27452): avc: denied { write } for pid=2827 comm="abrt-pyhook-hel" name="abrt" dev=sda2 ino=37246 scontext=system_u:system_r:sectoolm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:abrt_var_cache_t:s0 tclass=dir
node=(removed) type=AVC msg=audit(1261120767.573:27452): avc: denied { add_name } for pid=2827 comm="abrt-pyhook-hel" name="pyhook-1261120767-2826.lock" scontext=system_u:system_r:sectoolm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:abrt_var_cache_t:s0 tclass=dir
node=(removed) type=AVC msg=audit(1261120767.573:27452): avc: denied { create } for pid=2827 comm="abrt-pyhook-hel" name="pyhook-1261120767-2826.lock" scontext=system_u:system_r:sectoolm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:abrt_var_cache_t:s0 tclass=lnk_file
node=(removed) type=SYSCALL msg=audit(1261120767.573:27452): arch=c000003e syscall=88 success=yes exit=0 a0=7fff80dccdf0 a1=1b63098 a2=7fff80dccdf4 a3=7fff80dccb30 items=0 ppid=2826 pid=2827 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=491 sgid=491 fsgid=491 tty=(none) ses=4294967295 comm="abrt-pyhook-hel" exe="/usr/bin/abrt-pyhook-helper" subj=system_u:system_r:sectoolm_t:s0-s0:c0.c1023 key=(null)
Hash String generated from selinux-policy-3.6.32-56.fc12,catchall,abrt-pyhook-hel,sectoolm_t,abrt_var_cache_t,dir,write
audit2allow suggests:
#============= sectoolm_t ==============
allow sectoolm_t abrt_var_cache_t:dir { write add_name };
allow sectoolm_t abrt_var_cache_t:lnk_file create;
chcon -t abrt_helper_exec_t /usr/libexec/abrt-pyhook-helper
Will fix this problem.
I will fix the default labelling in the next release
Fixed in selinux-policy-3.6.32-60.fc12.noarch