Bug 594688
Summary: | SELinux is preventing /usr/sbin/abrtd "write" access on /var/spool. | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 6 | Reporter: | Jay Turner <jturner> |
Component: | abrt | Assignee: | Jiri Moskovcak <jmoskovc> |
Status: | CLOSED CURRENTRELEASE | QA Contact: | BaseOS QE - Apps <qe-baseos-apps> |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 6.0 | CC: | ahecox, dfediuck, dvlasenk, dwalsh, gavin, kklic, npajkovs, srevivo, syeghiay |
Target Milestone: | beta | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | abrt-1.1.3-1.el6 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2010-06-03 14:18:37 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Jay Turner
2010-05-21 10:52:56 UTC
abrt should include /var/spool/abrt in its rpm payload. I will add a fix to allow abrt to create this directory in selinux-policy-3.7.19-20.el6.noarch But this is really an abrt bug. (In reply to comment #1) > abrt should include /var/spool/abrt in its rpm payload. I will add a fix to > allow abrt to create this directory in selinux-policy-3.7.19-20.el6.noarch > > But this is really an abrt bug. Dan, we fixed abrt, the build is at https://brewweb.devel.redhat.com/buildinfo?buildID=132768 Knocking this back to Assigned. The root of the problem is that for compatibility, the abrtd daemon attempts to rename "/var/cache/abrt" to "/var/spool/abrt" which is causing the SELinux denial. Looks like we need to cleanup this code in Daemon.cpp. I'm not sure what the best solution is (copy the files as oppose to renaming the directories?) but something needs to be fixed in abrt. (In reply to comment #4) > Knocking this back to Assigned. The root of the problem is that for > compatibility, the abrtd daemon attempts to rename "/var/cache/abrt" to > "/var/spool/abrt" which is causing the SELinux denial. Looks like we need to > cleanup this code in Daemon.cpp. I'm not sure what the best solution is (copy > the files as oppose to renaming the directories?) but something needs to be > fixed in abrt. The code which tries to preserve old crash data by renaming was removed. Here is the new build: https://brewweb.devel.redhat.com/buildinfo?buildID=132957 |