Description of problem: Crash while trying to (unsuccessfully) shut down a recently updated F22 machine (crash occured after writing "sudo poweroff" in a console) SELinux is preventing abrt-hook-ccpp from 'getattr' accesses on the file /usr/lib/systemd/systemd-logind. ***** Plugin catchall (100. confidence) suggests ************************** If vous pensez que abrt-hook-ccpp devrait être autorisé à accéder getattr sur systemd-logind file par défaut. Then vous devriez rapporter ceci en tant qu'anomalie. Vous pouvez générer un module de stratégie local pour autoriser cet accès. Do autoriser cet accès pour le moment en exécutant : # grep abrt-hook-ccpp /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context system_u:system_r:abrt_dump_oops_t:s0 Target Context system_u:object_r:systemd_logind_exec_t:s0 Target Objects /usr/lib/systemd/systemd-logind [ file ] Source abrt-hook-ccpp Source Path abrt-hook-ccpp Port <Unknown> Host (removed) Source RPM Packages Target RPM Packages systemd-219-25.fc22.x86_64 Policy RPM selinux-policy-3.13.1-128.18.fc22.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 4.2.5-201.fc22.x86_64 #1 SMP Wed Oct 28 20:00:23 UTC 2015 x86_64 x86_64 Alert Count 1 First Seen 2015-11-23 01:32:36 CET Last Seen 2015-11-23 01:32:36 CET Local ID 3138732b-0356-41af-a6e3-42e12ef69145 Raw Audit Messages type=AVC msg=audit(1448238756.78:332): avc: denied { getattr } for pid=7040 comm="abrt-hook-ccpp" path="/usr/lib/systemd/systemd-logind" dev="dm-2" ino=409919 scontext=system_u:system_r:abrt_dump_oops_t:s0 tcontext=system_u:object_r:systemd_logind_exec_t:s0 tclass=file permissive=0 Hash: abrt-hook-ccpp,abrt_dump_oops_t,systemd_logind_exec_t,file,getattr Version-Release number of selected component: selinux-policy-3.13.1-128.18.fc22.noarch Additional info: reporter: libreport-2.6.3 hashmarkername: setroubleshoot kernel: 4.2.5-201.fc22.x86_64 type: libreport
We see abrt-hook-ccpp checks random executables.
It is caused by generating backtraces from the core_pattern helper (bug #1245477, bug #1276305): https://github.com/abrt/abrt/blob/master/src/hooks/abrt-hook-ccpp.c#L416 When I changed the core_pattern to: "|/usr/bin/strace -o /tmp/abrt-strace.%I /usr/libexec/abrt-hook-ccpp %s %c %p %u %g %t %e %P %I" ran /usr/bin/will_segfault and open the /tmp/abrt-strace.24655 file I can see these lines: ... ptrace(PTRACE_GETREGS, 24655, NULL, 0x7ffdb3bf8dc0) = 0 stat("/usr/bin/will_segfault", {st_mode=S_IFREG|0755, st_size=11288, ...}) = 0 open("/usr/bin/will_segfault", O_RDONLY) = 7 fcntl(7, F_GETFL) = 0x8000 (flags O_RDONLY|O_LARGEFILE) fstat(7, {st_mode=S_IFREG|0755, st_size=11288, ...}) = 0 mmap(NULL, 11288, PROT_READ|PROT_WRITE, MAP_PRIVATE, 7, 0) = 0x7f31e4c8f000 ... It looks like that the executable file is examined while generating the backtrace. PS: Do not try to reproduce it on your machine, I had to ask Denys Vlasenko to patch strace to be able get the output file properly [1][2]. http://sourceforge.net/p/strace/code/ci/5b783b73daaa4c90c9dafaf6e8f400eb79e2eb73/ http://sourceforge.net/p/strace/code/ci/258e0fdfbf6e6f6c4de9dc7f4cc6774e2a937c57/
https://github.com/fedora-selinux/selinux-policy/commit/1701e0a381697c81d6d57719286b2d2f71e41f4d
Fedora 22 changed to end-of-life (EOL) status on 2016-07-19. Fedora 22 is no longer maintained, which means that it will not receive any further security or bug fix updates. As a result we are closing this bug. If you can reproduce this bug against a currently maintained version of Fedora please feel free to reopen this bug against that version. If you are unable to reopen this bug, please file a new report against the current release. If you experience problems, please add a comment to this bug. Thank you for reporting this bug and we are sorry it could not be fixed.