Bug 866018

Summary: SELinux is preventing /usr/bin/python2.7 from using the 'sys_nice' capabilities.
Product: [Fedora] Fedora Reporter: Mikhail <mikhail.v.gavrilov>
Component: selinux-policyAssignee: Miroslav Grepl <mgrepl>
Status: CLOSED NEXTRELEASE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 17CC: dominick.grift, dwalsh, mgrepl, mishu
Target Milestone: ---   
Target Release: ---   
Hardware: i686   
OS: Unspecified   
Whiteboard: abrt_hash:bd3b38ebe782ef8c7f30248ade4acb28c8dbe7105b743ff6f7765e73728644cd
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2012-10-17 06:57:20 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
File: type
none
File: hashmarkername none

Description Mikhail 2012-10-13 10:24:44 UTC 
Additional info:
libreport version: 2.0.16
kernel:         3.6.1-1.fc17.i686
Comment 1 Mikhail 2012-10-13 10:24:47 UTC 
Created attachment 626462 [details]
File: type
Comment 2 Mikhail 2012-10-13 10:24:49 UTC 
Created attachment 626463 [details]
File: hashmarkername
Comment 3 Miroslav Grepl 2012-10-15 09:51:29 UTC 
Could you attach AVC msgs which you are getting?
Comment 4 Mikhail 2012-10-15 20:22:53 UTC 
#  grep denied /var/log/audit/audit.log | grep -e php
type=AVC msg=audit(1350079879.724:662): avc:  denied  { read } for  pid=25503 comm="php-fpm" name="meminfo" dev="proc" ino=4026532026 scontext=system_u:system_r:phpfpm_t:s0 tcontext=system_u:object_r:proc_t:s0 tclass=file
type=AVC msg=audit(1350079879.724:662): avc:  denied  { open } for  pid=25503 comm="php-fpm" path="/proc/meminfo" dev="proc" ino=4026532026 scontext=system_u:system_r:phpfpm_t:s0 tcontext=system_u:object_r:proc_t:s0 tclass=file
type=AVC msg=audit(1350079879.724:663): avc:  denied  { getattr } for  pid=25503 comm="php-fpm" path="/proc/meminfo" dev="proc" ino=4026532026 scontext=system_u:system_r:phpfpm_t:s0 tcontext=system_u:object_r:proc_t:s0 tclass=file
Comment 5 Miroslav Grepl 2012-10-17 06:57:20 UTC 
How did you get it on F17. I guess you have local policy  for this.

kernel_read_system_state(phpfpm_t)

will fix it.
Comment 6 Mikhail 2012-10-17 07:02:18 UTC 
hmmmm very strange I use F18