Bug 593906
Summary: | abrt-1.1.2 installation does not create /var/spool/abrt, causing selinux problems | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Kurt Driver <kurtdriver> |
Component: | abrt | Assignee: | Denys Vlasenko <dvlasenk> |
Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | medium | Docs Contact: | |
Priority: | low | ||
Version: | 14 | CC: | anton, bgodusky, cz172638, dvlasenk, dwalsh, frankly3d, garrett.mitchener, iprikryl, jmoskovc, jturner, kklic, mgrepl, mnowak, npajkovs, olivares14031, pcfe, schaiba, selinux |
Target Milestone: | --- | Keywords: | Reopened |
Target Release: | --- | ||
Hardware: | x86_64 | ||
OS: | Linux | ||
Whiteboard: | setroubleshoot_trace_hash:5bfe8959226ae2c2c07abc8bd13495d85209b5246fd8e4ec6bb6cd6ade335375 | ||
Fixed In Version: | abrt-2.0.1-2.fc15 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2011-04-26 16:19:21 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 494832 |
Description
Kurt Driver
2010-05-20 02:53:26 UTC
I have the latest selinux-policy from koji. http://koji.fedoraproject.org/koji/buildinfo?buildID=174238 $ rpm -qa selinux-policy\* selinux-policy-3.7.19-19.fc13.noarch selinux-policy-targeted-3.7.19-19.fc13.noarch Summary: SELinux is preventing /usr/sbin/abrtd "write" access on /var/spool. --snip-- Source Context unconfined_u:system_r:abrt_t:s0-s0:c0.c1023 Target Context system_u:object_r:var_spool_t:s0 Target Objects /var/spool [ dir ] Source abrtd Source Path /usr/sbin/abrtd Port <Unknown> Host ####### Source RPM Packages abrt-1.1.2-1.fc14 Target RPM Packages filesystem-2.4.35-1.fc14 Policy RPM selinux-policy-3.7.19-19.fc13 Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Plugin Name catchall Host Name ###### Platform Linux ##### 2.6.34-2.fc14.x86_64 #1 SMP Mon May 17 03:51:48 UTC 2010 x86_64 x86_64 Alert Count 4 First Seen Thu 20 May 2010 11:41:24 IST Last Seen Thu 20 May 2010 11:59:03 IST Local ID fd7364ef-21be-4027-9ff3-26c402c0eb64 Line Numbers Raw Audit Messages node=##### type=AVC msg=audit(1274353143.940:26429): avc: denied { write } for pid=2634 comm="abrtd" name="spool" dev=dm-6 ino=41025 scontext=unconfined_u:system_r:abrt_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_spool_t:s0 tclass=dir node=##### type=SYSCALL msg=audit(1274353143.940:26429): arch=c000003e syscall=83 success=no exit=-13 a0=41e791 a1=1ed a2=d a3=0 items=0 ppid=2633 pid=2634 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="abrtd" exe="/usr/sbin/abrtd" subj=unconfined_u:system_r:abrt_t:s0-s0:c0.c1023 key=(null) /var/spool/abrt should be in the payload with the abrtd package. *** Bug 594017 has been marked as a duplicate of this bug. *** (In reply to comment #2) > /var/spool/abrt should be in the payload with the abrtd package. the dir is there, with some kerneloops sub-dirs in my case. Users who are getting this problem just need to execute # mkdir /var/spool/abrt # restorecon -R -v /var/spool/abrt And the AVC will stop happening Frank you should be able to run the restorecon command above. (In reply to comment #5) > Users who are getting this problem just need to execute > > # mkdir /var/spool/abrt > # restorecon -R -v /var/spool/abrt > > And the AVC will stop happening > > > Frank you should be able to run the restorecon command above. Thanks Dan. Thank you Dan, is it correct that this isn't really a bug? I didn't think it important, but that it was something that could be changed, at some point, in the "out of the box" setup. Kurt Whoops! I just saw that you marked it as "NOTABUG". *** Bug 593973 has been marked as a duplicate of this bug. *** Well it is a bug in abrt that the directory was not in the payload. I am also modifying policy to make the correct thing happen if the directory does not exist. Thanks again Dan. *** Bug 594448 has been marked as a duplicate of this bug. *** Let's keep it open for now, there will be more reports about this which I want to mark as dups *** Bug 594022 has been marked as a duplicate of this bug. *** Please don't close this bug. *** Bug 593670 has been marked as a duplicate of this bug. *** Please try this build: http://koji.fedoraproject.org/koji/taskinfo?taskID=2201357 *** Bug 595036 has been marked as a duplicate of this bug. *** (In reply to comment #16) > Please try this build: > > http://koji.fedoraproject.org/koji/taskinfo?taskID=2201357 Worksforme This bug appears to have been reported against 'rawhide' during the Fedora 14 development cycle. Changing version to '14'. More information and reason for this action is here: http://fedoraproject.org/wiki/BugZappers/HouseKeeping abrt-2.0.0-1.fc15 has been submitted as an update for Fedora 15. https://admin.fedoraproject.org/updates/abrt-2.0.0-1.fc15 abrt-2.0.0-2.fc15 has been submitted as an update for Fedora 15. https://admin.fedoraproject.org/updates/abrt-2.0.0-2.fc15 Package abrt-2.0.0-2.fc15: * should fix your issue, * was pushed to the Fedora 15 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing abrt-2.0.0-2.fc15' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/abrt-2.0.0-2.fc15 then log in and leave karma (feedback). abrt-2.0.0-3.fc15 has been submitted as an update for Fedora 15. https://admin.fedoraproject.org/updates/abrt-2.0.0-3.fc15 abrt-2.0.0-4.fc15 has been submitted as an update for Fedora 15. https://admin.fedoraproject.org/updates/abrt-2.0.0-4.fc15 abrt-2.0.0-5.fc15 has been submitted as an update for Fedora 15. https://admin.fedoraproject.org/updates/abrt-2.0.0-5.fc15 abrt-2.0.1-1.fc15 has been submitted as an update for Fedora 15. https://admin.fedoraproject.org/updates/abrt-2.0.1-1.fc15 abrt-2.0.1-2.fc15 has been submitted as an update for Fedora 15. https://admin.fedoraproject.org/updates/abrt-2.0.1-2.fc15 abrt-2.0.1-2.fc15 has been pushed to the Fedora 15 stable repository. If problems still persist, please make note of it in this bug report. |