Description of problem: Running mock --shell as staff_t SELinux is preventing /usr/bin/python2.7 from 'getattr' accesses on the file /usr/sbin/lvm. ***** Plugin catchall (100. confidence) suggests ************************** If vous pensez que python2.7 devrait être autorisé à accéder getattr sur lvm file par défaut. Then vous devriez rapporter ceci en tant qu'anomalie. Vous pouvez générer un module de stratégie local pour autoriser cet accès. Do autoriser cet accès pour le moment en exécutant : # grep mock /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context staff_u:staff_r:mock_t:s0-s0:c0.c1023 Target Context system_u:object_r:lvm_exec_t:s0 Target Objects /usr/sbin/lvm [ file ] Source mock Source Path /usr/bin/python2.7 Port <Unknown> Host (removed) Source RPM Packages python-2.7.5-9.fc20.x86_64 Target RPM Packages lvm2-2.02.103-5.fc20.x86_64 Policy RPM selinux-policy-3.12.1-106.fc20.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Permissive Host Name (removed) Platform Linux (removed) 3.12.5-302.fc20.x86_64 #1 SMP Tue Dec 17 20:42:32 UTC 2013 x86_64 x86_64 Alert Count 7 First Seen 2013-12-22 15:03:14 CET Last Seen 2013-12-27 17:50:57 CET Local ID b26e2bd1-3eb0-4688-81dd-fd63a459997c Raw Audit Messages type=AVC msg=audit(1388163057.199:4030): avc: denied { getattr } for pid=23715 comm="mock" path="/usr/sbin/lvm" dev="dm-2" ino=1216888 scontext=staff_u:staff_r:mock_t:s0-s0:c0.c1023 tcontext=system_u:object_r:lvm_exec_t:s0 tclass=file type=SYSCALL msg=audit(1388163057.199:4030): arch=x86_64 syscall=stat success=yes exit=0 a0=14cdbc0 a1=7fff73afe810 a2=7fff73afe810 a3=1 items=0 ppid=23714 pid=23715 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 ses=1 tty=pts10 comm=mock exe=/usr/bin/python2.7 subj=staff_u:staff_r:mock_t:s0-s0:c0.c1023 key=(null) Hash: mock,mock_t,lvm_exec_t,file,getattr Additional info: reporter: libreport-2.1.10 hashmarkername: setroubleshoot kernel: 3.12.5-302.fc20.x86_64 type: libreport
*** This bug has been marked as a duplicate of bug 1046948 ***