| Summary: | SELinux is preventing /usr/bin/python from 'read' accesses on the file yum.pid. | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | phutauruk <phutauruk> |
| Component: | selinux-policy | Assignee: | Miroslav Grepl <mgrepl> |
| Status: | CLOSED NOTABUG | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | medium | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 13 | CC: | dominick.grift, dwalsh, mgrepl |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | i386 | ||
| OS: | Linux | ||
| Whiteboard: | setroubleshoot_trace_hash:663a3a12c2a9c8d0099b3c710c8ba9eebb3a6658e752003a4082e2039dcb164d | ||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2011-07-29 06:42:21 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
F13 is no longer supported. Please update to a newer version of Fedora. You probably have mislabled yum binary. # restorecon -R -v `which yum` |
SELinux is preventing /usr/bin/python from 'read' accesses on the file yum.pid. ***** Plugin catchall (100. confidence) suggests *************************** If you believe that python should be allowed read access on the yum.pid file by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # grep yum /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context system_u:system_r:abrt_t:s0-s0:c0.c1023 Target Context system_u:object_r:initrc_var_run_t:s0 Target Objects yum.pid [ file ] Source yum Source Path /usr/bin/python Port <Unknown> Host (removed) Source RPM Packages python-2.6.4-27.fc13 Target RPM Packages Policy RPM selinux-policy-3.7.19-101.fc13 Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 2.6.34.8-68.fc13.i686 #1 SMP Thu Feb 17 15:00:46 UTC 2011 i686 i686 Alert Count 980 First Seen Thu 19 May 2011 02:08:19 AM WIT Last Seen Thu 19 May 2011 02:40:59 AM WIT Local ID 13be85aa-ab2c-4167-beb8-6eaf61aa5197 Raw Audit Messages type=AVC msg=audit(1305747659.961:21124): avc: denied { read } for pid=2600 comm="yum" name="yum.pid" dev=dm-0 ino=6475 scontext=system_u:system_r:abrt_t:s0-s0:c0.c1023 tcontext=system_u:object_r:initrc_var_run_t:s0 tclass=file type=SYSCALL msg=audit(1305747659.961:21124): arch=i386 syscall=open success=no exit=EACCES a0=9e2c538 a1=8000 a2=1b6 a3=9d4cbe1 items=0 ppid=2599 pid=2600 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=yum exe=/usr/bin/python subj=system_u:system_r:abrt_t:s0-s0:c0.c1023 key=(null) Hash: yum,abrt_t,initrc_var_run_t,file,read audit2allow #============= abrt_t ============== allow abrt_t initrc_var_run_t:file read; audit2allow -R #============= abrt_t ============== allow abrt_t initrc_var_run_t:file read;