Description of problem: /usr/sbin/abrt-server has gained the capability to read process details of the process that is reporting an error and SELinux prevents abrt-server to access the /proc/[pid]/ns/ipc file which is used in two ways: 1. its value is compared to /proc/1/ns/ipc to detect own IPC namespace https://github.com/abrt/abrt/commit/da53089e02cd11fc3a097df6bdf29bc17f0a6e78#diff-fe69ce5f2310380460e8cdc03c2df2d7R669 2. its value is compared to all processes in the reporting process' parent hierarchy to identify the command that created the namespace https://github.com/abrt/abrt/commit/da53089e02cd11fc3a097df6bdf29bc17f0a6e78#diff-fe69ce5f2310380460e8cdc03c2df2d7R690 Version-Release number of selected component (if applicable): selinux-policy-3.13.1-221.fc26.noarch Steps to Reproduce: 1. install ABRT from the current upstream master 2. induce an uncaught Python exception (will_python_raise from the will-crash package) Additional info: type=PROCTITLE msg=audit(1478155079.223:3871): proctitle=616272742D736572766572002D73 type=SYSCALL msg=audit(1478155079.223:3871): arch=c000003e syscall=262 success=yes exit=0 a0=4 a1=7f92ea2fc585 a2=7ffe0e4a7060 a3=0 items=0 ppid=31622 pid=3694 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="abrt-server" exe="/usr/sbin/abrt-server" subj=system_u:system_r:abrt_t:s0-s0:c0.c1023 key=(null) type=AVC msg=audit(1478155079.223:3871): avc: denied { getattr } for pid=3694 comm="abrt-server" path="ipc:[4026531839]" dev="nsfs" ino=4026531839 scontext=system_u:system_r:abrt_t:s0-s0:c0.c1023 tcontext=system_u:object_r:nsfs_t:s0 tclass=file permissive=1
This bug appears to have been reported against 'rawhide' during the Fedora 26 development cycle. Changing version to '26'.
selinux-policy-3.13.1-251.fc26 has been submitted as an update to Fedora 26. https://bodhi.fedoraproject.org/updates/FEDORA-2017-f36794dd98
selinux-policy-3.13.1-251.fc26 has been pushed to the Fedora 26 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2017-f36794dd98
selinux-policy-3.13.1-251.fc26 has been pushed to the Fedora 26 stable repository. If problems still persist, please make note of it in this bug report.