Description of problem: SELinux is preventing abrt-hook-ccpp from using the 'sigchld' accesses on a process. ***** Plugin catchall (100. confidence) suggests ************************** If jeśli abrt-hook-ccpp powinno mieć domyślnie sigchld dostęp do procesów z etykietami kernel_t. Then proszę to zgłosić jako błąd. Można utworzyć lokalny moduł polityki, aby umożliwić ten dostęp. Do można tymczasowo zezwolić na ten dostęp wykonując polecenia: # grep abrt-hook-ccpp /var/log/audit/audit.log | audit2allow -M mojapolityka # semodule -i mojapolityka.pp Additional Information: Source Context system_u:system_r:syslogd_t:s0 Target Context system_u:system_r:kernel_t:s0 Target Objects Unknown [ process ] Source abrt-hook-ccpp Source Path abrt-hook-ccpp Port <Unknown> Host (removed) Source RPM Packages Target RPM Packages Policy RPM selinux-policy-3.13.1-146.fc23.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 4.2.0-300.fc23.x86_64 #1 SMP Fri Sep 4 13:27:08 UTC 2015 x86_64 x86_64 Alert Count 1 First Seen 2015-09-09 19:26:23 CEST Last Seen 2015-09-09 19:26:23 CEST Local ID cc038d0b-c082-40b3-acdc-15f84fae80d4 Raw Audit Messages type=AVC msg=audit(1441819583.716:650): avc: denied { sigchld } for pid=3018 comm="abrt-hook-ccpp" scontext=system_u:system_r:syslogd_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=0 Hash: abrt-hook-ccpp,syslogd_t,kernel_t,process,sigchld Version-Release number of selected component: selinux-policy-3.13.1-146.fc23.noarch Additional info: reporter: libreport-2.6.2 hashmarkername: setroubleshoot kernel: 4.2.0-300.fc23.x86_64 type: libreport
Description of problem: It happen when systemd-journald crashed and abrt-ccpp did its job. Version-Release number of selected component: selinux-policy-3.13.1-147.fc23.noarch Additional info: reporter: libreport-2.6.2 hashmarkername: setroubleshoot kernel: 4.2.2-300.fc23.x86_64 type: libreport
Lukas, please update to the latest policy builds. Thank you.