Bug 1312183 - SELinux is preventing /usr/bin/gdb from 'remove_name' accesses on the directory __init__.cpython-34.pyc.139678859261312.
SELinux is preventing /usr/bin/gdb from 'remove_name' accesses on the directo...
Status: CLOSED EOL
Product: Fedora
Classification: Fedora
Component: selinux-policy (Show other bugs)
22
x86_64 Unspecified
low Severity low
: ---
: ---
Assigned To: Miroslav Grepl
Fedora Extras Quality Assurance
abrt_hash:3229382011cd057304915b7a5ed...
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2016-02-25 21:33 EST by hkoba
Modified: 2016-07-19 16:56 EDT (History)
5 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2016-07-19 16:56:57 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description hkoba 2016-02-25 21:33:19 EST
Description of problem:
This occured when my firefox died and sealert is called.
SELinux is preventing /usr/bin/gdb from 'remove_name' accesses on the directory __init__.cpython-34.pyc.139678859261312.

*****  Plugin catchall_labels (83.8 confidence) suggests   *******************

If you want to allow gdb to have remove_name access on the __init__.cpython-34.pyc.139678859261312 directory
Then __init__.cpython-34.pyc.139678859261312 のラベルを変更する必要があります
Do
# semanage fcontext -a -t FILE_TYPE '__init__.cpython-34.pyc.139678859261312'
この FILE_TYPE 以下のどれかです: abrt_tmp_t, abrt_upload_watch_tmp_t, abrt_var_cache_t, abrt_var_log_t, abrt_var_run_t, mock_var_lib_t, rpm_var_cache_t, rpm_var_run_t, sosreport_tmp_t, tmp_t, var_log_t, var_run_t, var_spool_t, var_t. 
次にこれを実行してください: 
restorecon -v '__init__.cpython-34.pyc.139678859261312'


*****  Plugin catchall (17.1 confidence) suggests   **************************

If gdb に、 __init__.cpython-34.pyc.139678859261312 directory の remove_name アクセスがデフォルトで許可されるべきです。   
Then バグとして報告してください。 
ローカルのポリシーモジュールを生成すると、
 このアクセスを許可することができます。
Do
このアクセスを一時的に許可するには、以下を実行してください。
# grep gdb /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp

Additional Information:
Source Context                system_u:system_r:abrt_t:s0-s0:c0.c1023
Target Context                system_u:object_r:usr_t:s0
Target Objects                __init__.cpython-34.pyc.139678859261312 [ dir ]
Source                        gdb
Source Path                   /usr/bin/gdb
Port                          <Unknown>
Host                          (removed)
Source RPM Packages           gdb-7.9.1-20.fc22.x86_64
Target RPM Packages           
Policy RPM                    selinux-policy-3.13.1-128.21.fc22.noarch
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Permissive
Host Name                     (removed)
Platform                      Linux (removed) 4.3.4-200.fc22.x86_64 #1 SMP Mon
                              Jan 25 13:37:15 UTC 2016 x86_64 x86_64
Alert Count                   1
First Seen                    2016-02-26 11:29:31 JST
Last Seen                     2016-02-26 11:29:31 JST
Local ID                      14fbc6d3-5d76-4fbe-89ff-3a4f322f172a

Raw Audit Messages
type=AVC msg=audit(1456453771.536:2265): avc:  denied  { remove_name } for  pid=7886 comm="gdb" name="__init__.cpython-34.pyc.139678859261312" dev="dm-2" ino=1051295 scontext=system_u:system_r:abrt_t:s0-s0:c0.c1023 tcontext=system_u:object_r:usr_t:s0 tclass=dir permissive=1


type=AVC msg=audit(1456453771.536:2265): avc:  denied  { rename } for  pid=7886 comm="gdb" name="__init__.cpython-34.pyc.139678859261312" dev="dm-2" ino=1051295 scontext=system_u:system_r:abrt_t:s0-s0:c0.c1023 tcontext=system_u:object_r:usr_t:s0 tclass=file permissive=1


type=SYSCALL msg=audit(1456453771.536:2265): arch=x86_64 syscall=rename success=yes exit=0 a0=7f0984c9f628 a1=7f0981a85ed8 a2=7f0991858e40 a3=634 items=0 ppid=7885 pid=7886 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=gdb exe=/usr/bin/gdb subj=system_u:system_r:abrt_t:s0-s0:c0.c1023 key=(null)

Hash: gdb,abrt_t,usr_t,dir,remove_name

Version-Release number of selected component:
selinux-policy-3.13.1-128.21.fc22.noarch

Additional info:
reporter:       libreport-2.6.4
hashmarkername: setroubleshoot
kernel:         4.3.4-200.fc22.x86_64
type:           libreport
Comment 1 Fedora End Of Life 2016-07-19 16:56:57 EDT
Fedora 22 changed to end-of-life (EOL) status on 2016-07-19. Fedora 22 is
no longer maintained, which means that it will not receive any further
security or bug fix updates. As a result we are closing this bug.

If you can reproduce this bug against a currently maintained version of
Fedora please feel free to reopen this bug against that version. If you
are unable to reopen this bug, please file a new report against the
current release. If you experience problems, please add a comment to this
bug.

Thank you for reporting this bug and we are sorry it could not be fixed.

Note You need to log in before you can comment on or make changes to this bug.