Description of problem: repeated messages in syslog after ongoing "Hardware Event" problems with CPU temperature; which get logged to /var/log/mcelog with the following output: MCE 0 CPU 0 THERMAL EVENT TSC 3ff5acb60fe4 TIME 1391938820 Sun Feb 9 03:40:20 2014 Processor 0 heated above trip temperature. Throttling enabled. Please check your system cooling. Performance will be impacted STATUS 88030003 MCGSTATUS 0 MCGCAP c09 APICID 0 SOCKETID 0 CPUID Vendor Intel Family 6 Model 42 Hardware event. This is not a software error. MCE 1 CPU 1 THERMAL EVENT TSC 3ff5acb6a32c TIME 1391938820 Sun Feb 9 03:40:20 2014 Processor 1 heated above trip temperature. Throttling enabled. Please check your system cooling. Performance will be impacted STATUS 88030003 MCGSTATUS 0 MCGCAP c09 APICID 1 SOCKETID 0 CPUID Vendor Intel Family 6 Model 42 Hardware event. This is not a software error. MCE 2 CPU 0 THERMAL EVENT TSC 3ff5acd69162 TIME 1391938820 Sun Feb 9 03:40:20 2014 Processor 0 below trip temperature. Throttling disabled STATUS 88040002 MCGSTATUS 0 MCGCAP c09 APICID 0 SOCKETID 0 CPUID Vendor Intel Family 6 Model 42 Hardware event. This is not a software error. MCE 3 CPU 1 THERMAL EVENT TSC 3ff5acd6fdd8 TIME 1391938820 Sun Feb 9 03:40:20 2014 Processor 1 below trip temperature. Throttling disabled STATUS 88040002 MCGSTATUS 0 MCGCAP c09 APICID 1 SOCKETID 0 CPUID Vendor Intel Family 6 Model 42 SELinux is preventing /usr/bin/python2.7 from 'open' accesses on the file /var/log/mcelog. ***** Plugin catchall (100. confidence) suggests ************************** If you believe that python2.7 should be allowed open access on the mcelog file by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # grep abrt-action-che /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context system_u:system_r:abrt_t:s0-s0:c0.c1023 Target Context system_u:object_r:mcelog_log_t:s0 Target Objects /var/log/mcelog [ file ] Source abrt-action-che Source Path /usr/bin/python2.7 Port <Unknown> Host (removed) Source RPM Packages python-2.7.5-9.fc20.x86_64 Target RPM Packages Policy RPM selinux-policy-3.12.1-122.fc20.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 3.12.10-300.fc20.x86_64 #1 SMP Thu Feb 6 22:11:48 UTC 2014 x86_64 x86_64 Alert Count 27 First Seen 2014-02-07 09:46:30 CST Last Seen 2014-02-09 03:41:20 CST Local ID 84161e23-d7bb-408c-bf4e-48042a3cc721 Raw Audit Messages type=AVC msg=audit(1391938880.539:750): avc: denied { open } for pid=25995 comm="abrt-action-che" path="/var/log/mcelog" dev="sda2" ino=130955 scontext=system_u:system_r:abrt_t:s0-s0:c0.c1023 tcontext=system_u:object_r:mcelog_log_t:s0 tclass=file type=SYSCALL msg=audit(1391938880.539:750): arch=x86_64 syscall=open success=no exit=EACCES a0=2479630 a1=0 a2=1b6 a3=0 items=0 ppid=25984 pid=25995 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 ses=4294967295 tty=(none) comm=abrt-action-che exe=/usr/bin/python2.7 subj=system_u:system_r:abrt_t:s0-s0:c0.c1023 key=(null) Hash: abrt-action-che,abrt_t,mcelog_log_t,file,open Additional info: reporter: libreport-2.1.12 hashmarkername: setroubleshoot kernel: 3.12.10-300.fc20.x86_64 type: libreport
Created attachment 860930 [details] File: var-log-mcelog
I've included the attachment file containing the logged content of the '/var/log/mcelog' file. It is mainly (only) the output spewn out after one of the multi-core CPUs gets heated to the "critical" temperature level (100 degrees celsius)
We have optional_policy(` mcelog_read_log(abrt_t) ') in the policy but there is a bug in mcelog_read_log() interface. commit 56ea1e810ae57479d697fbf63cb5af4adb838bea Author: Miroslav Grepl <mgrepl> Date: Tue Feb 11 17:12:21 2014 +0100 Fix mcelog_read_log() interface
selinux-policy-3.12.1-126.fc20 has been submitted as an update for Fedora 20. https://admin.fedoraproject.org/updates/selinux-policy-3.12.1-126.fc20
Package selinux-policy-3.12.1-126.fc20: * should fix your issue, * was pushed to the Fedora 20 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing selinux-policy-3.12.1-126.fc20' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2014-2801/selinux-policy-3.12.1-126.fc20 then log in and leave karma (feedback).
Package selinux-policy-3.12.1-127.fc20: * should fix your issue, * was pushed to the Fedora 20 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing selinux-policy-3.12.1-127.fc20' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2014-2801/selinux-policy-3.12.1-127.fc20 then log in and leave karma (feedback).
selinux-policy-3.12.1-127.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report.