Bug 557565

Summary: SELinux is preventing /usr/sbin/abrtd (deleted) "write" access on abrt.
Product: [Fedora] Fedora Reporter: Jesús Lorenzo <xainan66>
Component: selinux-policyAssignee: Daniel Walsh <dwalsh>
Status: CLOSED DUPLICATE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: low    
Version: 12CC: a10cars, abibok, admin, andersonlmor, antifreeze2173, ashwin.hambarde, aucuga, bconfiant, bnocera, Bohdan.Koudelka, brsessions, BugRocks2010, c-9100069, cairnzi, canerdeniz, c_arceo, casey72, cbclark4, chorlya, cp_caverna, cvibe2000, danemarks, dannyel.olivares, dgaiku, dobrotek6, drozzy, dwalsh, ericm24x7, ernesto.albanez, erougier, fftarga, franciscocantuaria, frenk.calza, fsanchezherrero, george-tet, g_mignacio, gmmolen, gnomeuser, gokuln, hitmanrhymer, itsec_issues, jacques_legras, jeancote, jhunos, j.t.anagnostopoulos, jyoerger, kiev, k.knoerzer, klhr3, kumarakshay2003, lacintra.michael, lmsmith1975, Logan.Ruff, lorddragonhat, luca.mazzaferro, marko.denda, marte17, martin.nad89, martin.sh, matthias.guentert, mauro_graca, md-atx, mdzias, mgrepl, middlefingur, mikeyescalona, mlatelcom, mockusmeister, mwildam, nhfrank, nikos_dragan, oliverla, one_piece365, orangewinds, ov10fac, pantelis.fedora, pcardosobr, petar.tsankov, phil.lundy, punisher41, QFanatic, redhat, rka, robpotasse, rpqmo65, r_urbani, samgalletta, sanchezfisica, sgoldber, shiwlof, soad.diego, software, sriram.pyngas, stargategod420, Stefan.Lauterwasser, stressfreechozeme, sujoykroy, szql34, taguchi, terry.w.reeves, three, tim.mickey, tivelinovramis, tonnytony31, ttam, ulrich.hobelmann, venoom, vmitev, wasohernandez, woshanzhimu, xqgex.n
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard: setroubleshoot_trace_hash:e82d6eacd0f3c0d2f33962ca2f85b0746f31ffc00ab6d717885abc746d2bbbe4
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2010-01-21 21:50:59 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Jesús Lorenzo 2010-01-21 20:22:22 UTC 
Resúmen:

SELinux is preventing /usr/sbin/abrtd (deleted) "write" access on abrt.

Descripción Detallada:

[abrtd es un tipo permisivo (abrt_t). Este acceso no fue denegado.]

SELinux denied access requested by abrtd. It is not expected that this access is
required by abrtd and this access may signal an intrusion attempt. It is also
possible that the specific version or configuration of the application is
causing it to require additional access.

Permitiendo Acceso:

You can generate a local policy module to allow this access - see FAQ
(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Please file a bug
report.

Información Adicional:

Contexto Fuente               system_u:system_r:abrt_t:s0
Contexto Destino              system_u:object_r:abrt_etc_t:s0
Objetos Destino               abrt [ dir ]
Fuente                        abrtd
Dirección de Fuente          /usr/sbin/abrtd (deleted)
Puerto                        <Desconocido>
Nombre de Equipo              (removed)
Paquetes RPM Fuentes          
Paquetes RPM Destinos         
RPM de Políticas             selinux-policy-3.6.32-69.fc12
SELinux Activado              True
Tipo de Política             targeted
Modo Obediente                Enforcing
Nombre de Plugin              catchall
Nombre de Equipo              (removed)
Plataforma                    Linux (removed) 2.6.31.5-127.fc12.x86_64 #1 SMP
                              Sat Nov 7 21:11:14 EST 2009 x86_64 x86_64
Cantidad de Alertas           3
Visto por Primera Vez         jue 21 ene 2010 11:20:32 CET
Visto por Última Vez         jue 21 ene 2010 11:20:32 CET
ID Local                      7963b17a-00ed-473b-992d-884f7c80c741
Números de Línea            

Mensajes de Auditoría Crudos 

node=(removed) type=AVC msg=audit(1264069232.40:42377): avc:  denied  { write } for  pid=1327 comm="abrtd" name="abrt" dev=sda7 ino=38979 scontext=system_u:system_r:abrt_t:s0 tcontext=system_u:object_r:abrt_etc_t:s0 tclass=dir

node=(removed) type=AVC msg=audit(1264069232.40:42377): avc:  denied  { add_name } for  pid=1327 comm="abrtd" name="pyhook.conf" scontext=system_u:system_r:abrt_t:s0 tcontext=system_u:object_r:abrt_etc_t:s0 tclass=dir

node=(removed) type=AVC msg=audit(1264069232.40:42377): avc:  denied  { create } for  pid=1327 comm="abrtd" name="pyhook.conf" scontext=system_u:system_r:abrt_t:s0 tcontext=system_u:object_r:abrt_etc_t:s0 tclass=file

node=(removed) type=SYSCALL msg=audit(1264069232.40:42377): arch=c000003e syscall=2 success=yes exit=9 a0=7fa47f4935f5 a1=241 a2=1b6 a3=0 items=0 ppid=1 pid=1327 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="abrtd" exe=2F7573722F7362696E2F6162727464202864656C6574656429 subj=system_u:system_r:abrt_t:s0 key=(null)



Hash String generated from  selinux-policy-3.6.32-69.fc12,catchall,abrtd,abrt_t,abrt_etc_t,dir,write
audit2allow suggests:

#============= abrt_t ==============
#!!!! The source type 'abrt_t' can write to a 'dir' of the following types:
# rpm_var_cache_t, abrt_var_cache_t, var_log_t, abrt_var_log_t, rpm_var_run_t, abrt_var_run_t, tmp_t, var_t, abrt_tmp_t, var_run_t, root_t

allow abrt_t abrt_etc_t:dir { write add_name };
allow abrt_t abrt_etc_t:file create;
Comment 1 Daniel Walsh 2010-01-21 21:50:59 UTC 

*** This bug has been marked as a duplicate of bug 546152 ***
Comment 2 José Manuel 2010-01-24 23:54:32 UTC 
I was used CodeWeavers CrossOver Linux Professional v8.0.0 Linux and firefox.
Comment 3 gordon 2010-02-03 21:36:25 UTC 
I was updating bug fixes when this happen.
Comment 4 mlatelcom 2010-02-03 22:44:57 UTC 
I was starting up when I got it