Bug 595422

Summary: AVC denials on abrtd restart
Product: Red Hat Enterprise Linux 6 Reporter: Michal Nowak <mnowak>
Component: abrtAssignee: Jiri Moskovcak <jmoskovc>
Status: CLOSED CURRENTRELEASE QA Contact: Michal Nowak <mnowak>
Severity: medium Docs Contact:
Priority: low    
Version: 6.0CC: ahecox, dfediuck, dvlasenk, dwalsh, gavin, jburke, jmoskovc, kklic, npajkovs, ohudlick
Target Milestone: rc   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: selinux-policy-3.7.19-21.el6.noarch Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2010-11-11 14:30:38 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Michal Nowak 2010-05-24 15:12:42 UTC 
Description of problem:

newman@dhcp-lab-222 abrt $ sudo grep var -R /etc/abrt/plugins/SQLite3.conf 
DBPath = /var/cache/abrt/abrt-db


newman@dhcp-lab-222 abrt $ sudo service abrtd restart
[...]
type=1400 audit(1274712433.267:5): avc:  denied  { read } for  pid=9834 comm="dmesg" path="pipe:[3619846]" dev=pipefs ino=3619846 scontext=unconfined_u:system_r:dmesg_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:abrt_t:s0-s0:c0.c1023 tclass=fifo_file

type=1400 audit(1274712433.267:6): avc:  denied  { write } for  pid=9834 comm="dmesg" path="pipe:[3619846]" dev=pipefs ino=3619846 scontext=unconfined_u:system_r:dmesg_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:abrt_t:s0-s0:c0.c1023 tclass=fifo_file

type=1400 audit(1274712433.267:7): avc:  denied  { read } for  pid=9834 comm="dmesg" path="inotify" dev=inotifyfs ino=1 scontext=unconfined_u:system_r:dmesg_t:s0-s0:c0.c1023 tcontext=system_u:object_r:inotifyfs_t:s0 tclass=dir

type=1400 audit(1274712433.267:8): avc:  denied  { write } for  pid=9834 comm="dmesg" path="/var/run/abrtd.lock" dev=dm-0 ino=524560 scontext=unconfined_u:system_r:dmesg_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:abrt_var_run_t:s0 tclass=file

type=1400 audit(1274712433.267:9): avc:  denied  { read } for  pid=9834 comm="dmesg" path="pipe:[3620192]" dev=pipefs ino=3620192 scontext=unconfined_u:system_r:dmesg_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:abrt_t:s0-s0:c0.c1023 tclass=fifo_file

[...]

Full log:

newman@dhcp-lab-222 abrt $ sudo service abrtd restart
Stopping abrt daemon: May 24 16:47:09 dhcp-lab-222 abrtd: UnRegistered Reporter plugin Bugzilla
May 24 16:47:09 dhcp-lab-222 abrtd: UnRegistered Analyzer plugin CCpp
May 24 16:47:09 dhcp-lab-222 abrtd: UnRegistered Action plugin FileTransfer
May 24 16:47:09 dhcp-lab-222 abrtd: UnRegistered Analyzer plugin Kerneloops
May 24 16:47:09 dhcp-lab-222 abrtd: UnRegistered Action plugin KerneloopsScanner
May 24 16:47:09 dhcp-lab-222 abrtd: UnRegistered Reporter plugin Logger
May 24 16:47:09 dhcp-lab-222 abrtd: UnRegistered Reporter plugin Mailx
May 24 16:47:09 dhcp-lab-222 abrtd: UnRegistered Analyzer plugin Python
May 24 16:47:09 dhcp-lab-222 abrtd: UnRegistered Action plugin SOSreport
May 24 16:47:09 dhcp-lab-222 abrtd: UnRegistered Database plugin SQLite3
May 24 16:47:09 dhcp-lab-222 abrtd: UnRegistered Reporter plugin TicketUploader
May 24 16:47:09 dhcp-lab-222 abrtd: Got signal 15, exiting
                                                           [  OK  ]
Starting abrt daemon: May 24 16:47:10 dhcp-lab-222 abrtd: Registered Reporter plugin 'Logger'
May 24 16:47:10 dhcp-lab-222 abrtd: Registered Reporter plugin 'Bugzilla'
May 24 16:47:10 dhcp-lab-222 abrtd: Registered Analyzer plugin 'CCpp'
May 24 16:47:10 dhcp-lab-222 abrtd: Registered Action plugin 'SOSreport'
May 24 16:47:10 dhcp-lab-222 abrtd: Registered Reporter plugin 'Mailx'
May 24 16:47:10 dhcp-lab-222 abrtd: Registered Analyzer plugin 'Kerneloops'
May 24 16:47:10 dhcp-lab-222 abrtd: Registered Action plugin 'KerneloopsScanner'
May 24 16:47:10 dhcp-lab-222 abrtd: Registered Analyzer plugin 'Python'
May 24 16:47:10 dhcp-lab-222 abrtd: Registered Reporter plugin 'TicketUploader'
May 24 16:47:10 dhcp-lab-222 abrtd: Registered Action plugin 'FileTransfer'
May 24 16:47:10 dhcp-lab-222 abrtd: Checking for unsaved crashes (dirs to check:2)
May 24 16:47:10 dhcp-lab-222 abrtd: Registered Database plugin 'SQLite3'

newman@dhcp-lab-222 abrt $ May 24 16:47:10 dhcp-lab-222 abrtd: Getting local universal unique identification
May 24 16:47:10 dhcp-lab-222 abrtd: Non-processed crash in /var/spool/abrt/kerneloops-1274712145-1, saving into database
May 24 16:47:13 dhcp-lab-222 kernel: type=1400 audit(1274712433.267:5): avc:  denied  { read } for  pid=9834 comm="dmesg" path="pipe:[3619846]" dev=pipefs ino=3619846 scontext=unconfined_u:system_r:dmesg_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:abrt_t:s0-s0:c0.c1023 tclass=fifo_file
May 24 16:47:13 dhcp-lab-222 kernel: type=1400 audit(1274712433.267:6): avc:  denied  { write } for  pid=9834 comm="dmesg" path="pipe:[3619846]" dev=pipefs ino=3619846 scontext=unconfined_u:system_r:dmesg_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:abrt_t:s0-s0:c0.c1023 tclass=fifo_file
May 24 16:47:13 dhcp-lab-222 kernel: type=1400 audit(1274712433.267:7): avc:  denied  { read } for  pid=9834 comm="dmesg" path="inotify" dev=inotifyfs ino=1 scontext=unconfined_u:system_r:dmesg_t:s0-s0:c0.c1023 tcontext=system_u:object_r:inotifyfs_t:s0 tclass=dir
May 24 16:47:13 dhcp-lab-222 kernel: type=1400 audit(1274712433.267:8): avc:  denied  { write } for  pid=9834 comm="dmesg" path="/var/run/abrtd.lock" dev=dm-0 ino=524560 scontext=unconfined_u:system_r:dmesg_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:abrt_var_run_t:s0 tclass=file
May 24 16:47:13 dhcp-lab-222 kernel: type=1400 audit(1274712433.267:9): avc:  denied  { read } for  pid=9834 comm="dmesg" path="pipe:[3620192]" dev=pipefs ino=3620192 scontext=unconfined_u:system_r:dmesg_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:abrt_t:s0-s0:c0.c1023 tclass=fifo_file
May 24 16:47:26 dhcp-lab-222 abrtd: Getting local universal unique identification
May 24 16:47:26 dhcp-lab-222 abrtd: Crash is in database already (dup of /var/spool/abrt/kerneloops-1274712145-1)
May 24 16:47:26 dhcp-lab-222 abrtd: Done checking for unsaved crashes
May 24 16:47:26 dhcp-lab-222 abrtd: Init complete, entering main loop



Version-Release number of selected component (if applicable):

abrt-1.1.2-3.el6.x86_64
selinux-policy-3.7.19-20.el6.noarch
Comment 1 Michal Nowak 2010-05-24 15:18:02 UTC 
newman@dhcp-lab-222 ~ $ ls -laZ /var/spool/abrt/
drwxr-xr-x. abrt abrt system_u:object_r:abrt_var_cache_t:s0 .
drwxr-xr-x. root root system_u:object_r:var_spool_t:s0 ..
drwxr-x---. abrt root unconfined_u:object_r:abrt_var_cache_t:s0 kerneloops-1274714193-1
-rw-r--r--. root root unconfined_u:object_r:abrt_var_cache_t:s0 abrt-db
Comment 2 Michal Nowak 2010-05-24 15:18:45 UTC 
It also produces AVCs on simple:

    sudo dumpoops -d dump1.dump
Comment 3 Daniel Walsh 2010-05-24 16:17:37 UTC 
Looks like abrt is leaking file descriptors to inotifyfs, abrt_var_run_t and its fifo_file.

Probably abrt executes sosreport which executes dmesg.


I will need to dontaudit the leak of the fifo file and abrt_var_run_t.

No reason for inotify though.
Comment 4 Daniel Walsh 2010-05-24 16:18:04 UTC 
SELinux fixes are in selinux-policy-3.7.19-21.el6.noarch
Comment 5 Denys Vlasenko 2010-05-25 11:54:09 UTC 
(In reply to comment #3)
> Looks like abrt is leaking file descriptors to inotifyfs, abrt_var_run_t and
> its fifo_file.
> 
> Probably abrt executes sosreport which executes dmesg.
> 
> I will need to dontaudit the leak of the fifo file and abrt_var_run_t.
> 
> No reason for inotify though.    

Inotify leak is plugged in git now, will be in abrt-1.1.4
Comment 6 Jiri Moskovcak 2010-05-26 16:01:12 UTC 
fd leaks are fixed in abrt-1.1.4.el6
Comment 10 releng-rhel@redhat.com 2010-11-11 14:30:38 UTC 
Red Hat Enterprise Linux 6.0 is now available and should resolve
the problem described in this bug report. This report is therefore being closed
with a resolution of CURRENTRELEASE. You may reopen this bug report if the
solution does not work for you.