Description of problem: SELinux is preventing /usr/bin/abrt-dump-oops from 'syslog_read' accesses on the system Unknown. ***** Plugin catchall (100. confidence) suggests ************************** If you believe that abrt-dump-oops should be allowed syslog_read access on the Unknown system by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # grep abrt-dump-oops /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context system_u:system_r:abrt_helper_t:s0 Target Context system_u:system_r:kernel_t:s0 Target Objects Unknown [ system ] Source abrt-dump-oops Source Path /usr/bin/abrt-dump-oops Port <Unknown> Host (removed) Source RPM Packages abrt-addon-kerneloops-2.0.3-4.fc15 Target RPM Packages Policy RPM selinux-policy-3.9.16-38.fc15 Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 2.6.40.4-5.fc15.x86_64 #1 SMP Tue Aug 30 14:38:32 UTC 2011 x86_64 x86_64 Alert Count 40 First Seen 2011-08-25 13:01:59 CEST Last Seen 2011-10-05 23:24:10 CEST Local ID ce875e19-c429-4ee6-91a9-a3a0aeab2e78 Raw Audit Messages type=AVC msg=audit(1317849850.16:13): avc: denied { syslog_read } for pid=1244 comm="abrt-dump-oops" scontext=system_u:system_r:abrt_helper_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=system type=SYSCALL msg=audit(1317849850.16:13): arch=x86_64 syscall=syslog success=no exit=EACCES a0=3 a1=1aad090 a2=3fff a3=0 items=0 ppid=1204 pid=1244 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=abrt-dump-oops exe=/usr/bin/abrt-dump-oops subj=system_u:system_r:abrt_helper_t:s0 key=(null) Hash: abrt-dump-oops,abrt_helper_t,kernel_t,system,syslog_read Additional info: reporter: libreport-2.2.2 hashmarkername: setroubleshoot kernel: 3.14.8-200.fc20.x86_64 type: libreport Potential duplicate: bug 722747
Submitted by error. The AVC is several years old.