+++ This bug was initially created as a clone of Bug #1263717 +++ Description of problem: I find avc messages for spacewalk abrt on Fedora 22 ---- time->Sun Sep 13 19:39:51 2015 type=AVC msg=audit(1442187591.812:1655): avc: denied { execmem } for pid=30860 comm="spacewalk-abrt" scontext=system_u:system_r:abrt_t:s0-s0:c0.c1023 tcontext=system_u:system_r:abrt_t:s0-s0:c0.c1023 tclass=process permissive=0 ---- time->Sun Sep 13 19:39:53 2015 type=AVC msg=audit(1442187593.915:1657): avc: denied { sigchld } for pid=30869 comm="abrt-hook-ccpp" scontext=system_u:system_r:abrt_t:s0-s0:c0.c1023 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=0 ---- time->Sun Sep 13 19:40:05 2015 type=AVC msg=audit(1442187605.891:1658): avc: denied { execmem } for pid=31022 comm="spacewalk-abrt" scontext=system_u:system_r:abrt_t:s0-s0:c0.c1023 tcontext=system_u:system_r:abrt_t:s0-s0:c0.c1023 tclass=process permissive=0 Version-Release number of selected component (if applicable): spacewalk-selinux-2.3.2-1.fc22.noarch How reproducible: always on fedora 22 --- Additional comment from Milos Malik on 2015-09-24 09:57:31 EDT --- Following local policy solved the problem. SELinux denials and segfaults do not appear anymore. # cat mypolicy.te policy_module(mypolicy, 1.0) require { type abrt_t; type kernel_t; class process { execmem sigchld }; } allow abrt_t abrt_t : process { execmem }; allow abrt_t kernel_t : process { sigchld }; #
time->Sun Sep 13 19:40:05 2015 type=AVC msg=audit(1442187605.891:1658): avc: denied { execmem } for pid=31022 comm="spacewalk-abrt" scontext=system_u:system_r:abrt_t:s0-s0:c0.c1023 tcontext=system_u:system_r:abrt_t:s0-s0:c0.c1023 tclass=process permissive=0 Does spacewalk-abrt come from ABRT?
Fedora 22 changed to end-of-life (EOL) status on 2016-07-19. Fedora 22 is no longer maintained, which means that it will not receive any further security or bug fix updates. As a result we are closing this bug. If you can reproduce this bug against a currently maintained version of Fedora please feel free to reopen this bug against that version. If you are unable to reopen this bug, please file a new report against the current release. If you experience problems, please add a comment to this bug. Thank you for reporting this bug and we are sorry it could not be fixed.