Description of problem: SELinux is preventing gdb from 'add_name' accesses on the directory __pycache__. ***** Plugin catchall_labels (83.8 confidence) suggests ******************* If you want to allow gdb to have add_name access on the __pycache__ directory Then sie müssen das Label auf __pycache__ ändern Do # semanage fcontext -a -t FILE_TYPE '__pycache__' wobei FILE_TYPE einer der folgenen Werte ist: abrt_tmp_t, abrt_upload_watch_tmp_t, abrt_var_cache_t, abrt_var_log_t, abrt_var_run_t, mock_var_lib_t, rpm_var_cache_t, rpm_var_run_t, tmp_t, var_log_t, var_run_t, var_spool_t, var_t. Führen Sie danach Folgendes aus: restorecon -v '__pycache__' ***** Plugin catchall (17.1 confidence) suggests ************************** If sie denken, dass es gdb standardmässig erlaubt sein sollte, add_name Zugriff auf __pycache__ directory zu erhalten. Then sie sollten dies als Fehler melden. Um diesen Zugriff zu erlauben, können Sie ein lokales Richtlinien-Modul erstellen. Do zugriff jetzt erlauben, indem Sie die nachfolgenden Befehle ausführen: # grep gdb /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context system_u:system_r:abrt_t:s0-s0:c0.c1023 Target Context system_u:object_r:usr_t:s0 Target Objects __pycache__ [ dir ] Source gdb Source Path gdb Port <Unknown> Host (removed) Source RPM Packages Target RPM Packages Policy RPM selinux-policy-3.13.1-153.fc23.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 4.2.5-300.fc23.x86_64 #1 SMP Tue Oct 27 04:29:56 UTC 2015 x86_64 x86_64 Alert Count 5 First Seen 2015-11-04 22:33:36 CET Last Seen 2015-11-04 22:33:36 CET Local ID 07395993-ef22-4146-9c87-3fd8e8bda95d Raw Audit Messages type=AVC msg=audit(1446672816.374:917): avc: denied { add_name } for pid=31647 comm="gdb" name="__pycache__" scontext=system_u:system_r:abrt_t:s0-s0:c0.c1023 tcontext=system_u:object_r:usr_t:s0 tclass=dir permissive=0 Hash: gdb,abrt_t,usr_t,dir,add_name Version-Release number of selected component: selinux-policy-3.13.1-153.fc23.noarch Additional info: reporter: libreport-2.6.3 hashmarkername: setroubleshoot kernel: 4.2.5-300.fc23.x86_64 type: libreport
Thank you for the report! Such AVC usually occurs when gdb auto-loads a gdb python module that does not have byte-complied python files. The most recent AVCs are linked to the move from Python2 to Python3 and are always packaging bugs in the package that owns the loaded python module. In order to fix this bug we have to find where is the "__pycache__" directory located. Is this bug a duplicate of bug #1204355? The AVC should disappear once all the loaded python files get cached. 1. Make sure you can reproduce the AVC 2. Go to ABRT problem directory in the /var/spool/abrt/ directory 3. Run "# gdb -c coredump" 4. Try to reproduce the AVC
(In reply to Jakub Filak from comment #1) > Thank you for the report! Such AVC usually occurs when gdb auto-loads a gdb > python module that does not have byte-complied python files. The most recent > AVCs are linked to the move from Python2 to Python3 and are always packaging > bugs in the package that owns the loaded python module. In order to fix this > bug we have to find where is the "__pycache__" directory located. Yes, it is a correct. Thank you. > > Is this bug a duplicate of bug #1204355? > > The AVC should disappear once all the loaded python files get cached. > > 1. Make sure you can reproduce the AVC > 2. Go to ABRT problem directory in the /var/spool/abrt/ directory > 3. Run "# gdb -c coredump" > 4. Try to reproduce the AVC *** This bug has been marked as a duplicate of bug 1204355 ***
Yes, looks like a duplicate of bug #1204355.