Bug 1601389 - SELinux is preventing abrt-action-ins from read access on the file /var/lib/rhsm/repo_server_val/redhat.repo
Summary: SELinux is preventing abrt-action-ins from read access on the file /var/lib/r...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: selinux-policy
Version: 7.6
Hardware: Unspecified
OS: Linux
unspecified
unspecified
Target Milestone: rc
: ---
Assignee: Lukas Vrabec
QA Contact: Milos Malik
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2018-07-16 09:21 UTC by Lukas Slebodnik
Modified: 2018-10-30 10:08 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2018-10-30 10:07:41 UTC
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2018:3111 None None None 2018-10-30 10:08:12 UTC

Description Lukas Slebodnik 2018-07-16 09:21:25 UTC
SELinux is preventing abrt-action-ins from read access on the file /var/lib/rhsm/repo_server_val/redhat.repo.

*****  Plugin catchall (100. confidence) suggests   **************************

If you believe that abrt-action-ins should be allowed read access on the redhat.repo file by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# ausearch -c 'abrt-action-ins' --raw | audit2allow -M my-abrtactionins
# semodule -i my-abrtactionins.pp


Additional Information:
Source Context                system_u:system_r:abrt_t:s0-s0:c0.c1023
Target Context                system_u:object_r:rhsmcertd_var_lib_t:s0
Target Objects                /var/lib/rhsm/repo_server_val/redhat.repo [ file ]
Source                        abrt-action-ins
Source Path                   abrt-action-ins
Port                          <Unknown>
Host                          host.example.com
Source RPM Packages           python-2.7.5-74.el7.x86_64
Target RPM Packages           
Policy RPM                    selinux-policy-3.13.1-207.el7.noarch
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Enforcing
Host Name                     host.example.com
Platform                      Linux xhost.example.com 3.10.0-920.el7.x86_64 #1
                              SMP Thu Jul 12 12:34:02 EDT 2018 x86_64 x86_64
Alert Count                   2
First Seen                    2018-07-16 05:17:18 EDT
Last Seen                     2018-07-16 05:17:18 EDT
Local ID                      16903f8d-4cd9-446f-a51e-b7c6e1926e9d

Raw Audit Messages
type=AVC msg=audit(1531732638.89:451): avc:  denied  { read } for  pid=21450 comm="abrt-action-ins" name="redhat.repo" dev="dm-0" ino=73 scontext=system_u:system_r:abrt_t:s0-s0:c0.c1023 tcontext=system_u:object_r:rhsmcertd_var_lib_t:s0 tclass=file permissive=0


type=SYSCALL msg=audit(1531732638.89:451): arch=x86_64 syscall=open success=no exit=EACCES a0=1d2e890 a1=0 a2=1b6 a3=24 items=1 ppid=21418 pid=21450 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=abrt-action-ins exe=/usr/bin/python2.7 subj=system_u:system_r:abrt_t:s0-s0:c0.c1023 key=(null)

type=CWD msg=audit(1531732638.89:451): cwd=/var/spool/abrt/ccpp-2018-07-16-05:17:14-19875

type=PATH msg=audit(1531732638.89:451): item=0 name=/var/lib/rhsm/repo_server_val/redhat.repo inode=73 dev=fd:00 mode=0100644 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:rhsmcertd_var_lib_t:s0 objtype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0

Hash: abrt-action-ins,abrt_t,rhsmcertd_var_lib_t,file,read

Comment 5 errata-xmlrpc 2018-10-30 10:07:41 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2018:3111


Note You need to log in before you can comment on or make changes to this bug.