Bug 733039

Summary: There is no selinux man page for ABRT
Product: Red Hat Enterprise Linux 6 Reporter: Miroslav Grepl <mgrepl>
Component: selinux-policyAssignee: Miroslav Grepl <mgrepl>
Status: CLOSED ERRATA QA Contact: Milos Malik <mmalik>
Severity: low Docs Contact:
Priority: low    
Version: 6.2CC: dwalsh, mmalik
Target Milestone: rc   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: selinux-policy-3.7.19-109.el6 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2011-12-06 10:13:28 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Miroslav Grepl 2011-08-24 14:55:27 UTC
Description of problem:

The ABRT event script support was added to selinux-policy using the abrt_handle_event boolean which is not documented.

Comment 1 Miroslav Grepl 2011-08-24 14:56:03 UTC
How about:


abrt_selinux(8)        ABRT SELinux Policy documentation       abrt_selinux(8)

NAME
       abrt_selinux - Security-Enhanced Linux Policy for the ABRT daemon

DESCRIPTION
       Security-Enhanced Linux (SELinux) secures the squid server via flexible mandatory access control.

SHARING FILES
       If   you  want  to share files with multiple domains (Apache, FTP, rsync, Samba, ABRT), you can set a file context
       of public_content_t and public_content_rw_t. These context allow any of the above domains to read the content.  If
       you  want   a   particular   domain  to  write  to  the  public_content_rw_t  domain, you must set the appropriate
       boolean. DOMAIN_anon_write.  So for ABRT you would execute:

       setsebool -P abrt_anon_write 1

BOOLEANS
       If  you  want  to allow ABRT to run ABRT event scripts properly, you need to set the abrt_handle_event boolean on.
       Then an event script will run in the own SELinux domain.

       setsebool -P abrt_handle_event 1

       Note  that you can also use the system-config-selinux utility that allows you to customize SELinux policy settings
       in the graphical user interface.

AUTHOR
       This manual page was written by Miroslav Grepl <mgrepl>.

Comment 2 Miroslav Grepl 2011-08-29 06:20:01 UTC
-Security-Enhanced Linux (SELinux) secures the squid server via flexible
mandatory access control.
+Security-Enhanced Linux (SELinux) secures the ABRT server via flexible
mandatory access control.

Comment 3 Miroslav Grepl 2011-08-31 20:01:08 UTC
Fixed in selinux-policy-3.7.19-109.el6

Comment 6 errata-xmlrpc 2011-12-06 10:13:28 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2011-1511.html