Description of problem: SELinux is preventing abrt-hook-ccpp from 'getattr' accesses on the file file. ***** Plugin catchall (100. confidence) suggests ************************** If cree que de manera predeterminada, abrt-hook-ccpp debería permitir acceso getattr sobre file file. Then debería reportar esto como un error. Puede generar un módulo de política local para permitir este acceso. Do permita el acceso momentáneamente executando: # grep abrt-hook-ccpp /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context system_u:system_r:abrt_dump_oops_t:s0 Target Context system_u:object_r:nsfs_t:s0 Target Objects file [ file ] Source abrt-hook-ccpp Source Path abrt-hook-ccpp Port <Unknown> Host (removed) Source RPM Packages Target RPM Packages Policy RPM selinux-policy-3.13.1-167.fc24.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Permissive Host Name (removed) Platform Linux (removed) 4.5.0-0.rc0.git1.1.fc24.x86_64 #1 SMP Tue Jan 12 20:40:44 UTC 2016 x86_64 x86_64 Alert Count 4 First Seen 2016-01-20 07:36:44 COT Last Seen 2016-01-20 08:39:15 COT Local ID c092c1fb-efc3-4318-a81e-1b452f10c70e Raw Audit Messages type=AVC msg=audit(1453297155.259:630): avc: denied { getattr } for pid=3257 comm="abrt-hook-ccpp" path="ipc:[4026531839]" dev="nsfs" ino=4026531839 scontext=system_u:system_r:abrt_dump_oops_t:s0 tcontext=system_u:object_r:nsfs_t:s0 tclass=file permissive=1 Hash: abrt-hook-ccpp,abrt_dump_oops_t,nsfs_t,file,getattr Version-Release number of selected component: selinux-policy-3.13.1-167.fc24.noarch Additional info: reporter: libreport-2.6.3 hashmarkername: setroubleshoot kernel: 4.5.0-0.rc0.git1.1.fc24.x86_64 type: libreport
It also happens in targeted mode, but at least I can report it now.
Description of problem: Rebooted my machine, and saw the alert. Version-Release number of selected component: selinux-policy-3.13.1-167.fc24.noarch Additional info: reporter: libreport-2.6.3 hashmarkername: setroubleshoot kernel: 4.5.0-0.rc0.git1.1.fc24.x86_64 type: libreport
We added NSFS support which causes this issue.
Hi, Could you do following: 1. #semanage permissive -a abrt_dump_oops_t 2. reproduce issue 3. ausearch -m AVC -ts recent 4. attach AVC msgs 5. #semanage permissive -d abrt_dump_oops_t Thank you.
I saw your message after upgrading to selinux-policy-3.13.1-168.fc24... The error has repeated itself once and it's as follows: ---- time->Thu Jan 21 13:08:28 2016 type=AVC msg=audit(1453399708.072:589): avc: denied { getattr } for pid=2244 comm="abrt-hook-ccpp" path="ipc:[4026531839]" dev="nsfs" ino=4026531839 scontext=system_u:system_r:abrt_dump_oops_t:s0 tcontext=system_u:object_r:nsfs_t:s0 tclass=file permissive=0 ----
Description of problem: Happened when installing the rpmfusion free repo rpm through firefox and packagekit. Version-Release number of selected component: selinux-policy-3.13.1-168.fc24.noarch Additional info: reporter: libreport-2.6.3 hashmarkername: setroubleshoot kernel: 4.5.0-0.rc0.git8.1.fc24.x86_64 type: libreport
Description of problem: This happened right after I logged into the desktop with my user. Version-Release number of selected component: selinux-policy-3.13.1-168.fc24.noarch Additional info: reporter: libreport-2.6.3 hashmarkername: setroubleshoot kernel: 4.5.0-0.rc1.git0.1.fc24.x86_64 type: libreport
commit 1ccf8374b4f6fc85445abb8a048f23d24664d467 Author: Lukas Vrabec <lvrabec> Date: Mon Feb 8 14:29:34 2016 +0100 Allow abrt_dump_oops_t to getattr filesystem nsfs files. rhbz#1300334
This bug appears to have been reported against 'rawhide' during the Fedora 24 development cycle. Changing version to '24'. More information and reason for this action is here: https://fedoraproject.org/wiki/Fedora_Program_Management/HouseKeeping/Fedora24#Rawhide_Rebase
selinux-policy-3.13.1-178.fc24 has been submitted as an update to Fedora 24. https://bodhi.fedoraproject.org/updates/FEDORA-2016-1350c96015
selinux-policy-3.13.1-178.fc24 has been pushed to the Fedora 24 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-1350c96015
selinux-policy-3.13.1-179.fc24 has been submitted as an update to Fedora 24. https://bodhi.fedoraproject.org/updates/FEDORA-2016-8f142bb969
selinux-policy-3.13.1-179.fc24 has been pushed to the Fedora 24 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-8f142bb969
selinux-policy-3.13.1-179.fc24 has been pushed to the Fedora 24 stable repository. If problems still persist, please make note of it in this bug report.