The following was filed automatically by setroubleshoot: Souhrn: SELinux is preventing abrtd "remove_name" access on reason. Podrobný popis: [SELinux is in permissive mode. This access was not denied.] SELinux denied access requested by abrtd. It is not expected that this access is required by abrtd and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Povolení přístupu: You can generate a local policy module to allow this access - see FAQ (http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) against this package. Další informace: Kontext zdroje system_u:system_r:initrc_t:s0 Kontext cíle system_u:object_r:abrt_var_cache_t:s0 Objekty cíle reason [ dir ] Zdroj abrtd Cesta zdroje /usr/sbin/abrtd (deleted) Port <Neznámé> Počítač (removed) RPM balíčky zdroje RPM balíčky cíle RPM politiky selinux-policy-3.6.30-2.fc12 Selinux povolen True Typ politiky targeted MLS povoleno True Vynucovací režim Permissive Název zásuvného modulu catchall Název počítače (removed) Platforma Linux (removed) 2.6.31-0.204.rc9.fc12.x86_64 #1 SMP Sat Sep 5 20:45:55 EDT 2009 x86_64 x86_64 Počet upozornění 6 Poprvé viděno Po 7. září 2009, 22:02:52 CEST Naposledy viděno Út 8. září 2009, 11:37:02 CEST Místní ID 6c775055-1c09-4bcc-a831-cb92a7e502c7 Čísla řádků Původní zprávy auditu node=(removed) type=AVC msg=audit(1252402622.831:692): avc: denied { remove_name } for pid=1588 comm="abrtd" name="reason" dev=dm-1 ino=16008 scontext=system_u:system_r:initrc_t:s0 tcontext=system_u:object_r:abrt_var_cache_t:s0 tclass=dir node=(removed) type=AVC msg=audit(1252402622.831:692): avc: denied { unlink } for pid=1588 comm="abrtd" name="reason" dev=dm-1 ino=16008 scontext=system_u:system_r:initrc_t:s0 tcontext=system_u:object_r:abrt_var_cache_t:s0 tclass=file node=(removed) type=SYSCALL msg=audit(1252402622.831:692): arch=c000003e syscall=87 success=yes exit=0 a0=214eec8 a1=0 a2=0 a3=2d32323632303432 items=0 ppid=1 pid=1588 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="abrtd" exe=2F7573722F7362696E2F6162727464202864656C6574656429 subj=system_u:system_r:initrc_t:s0 key=(null) audit2allow suggests: #============= initrc_t ============== allow initrc_t abrt_var_cache_t:dir remove_name; allow initrc_t abrt_var_cache_t:file unlink;
Matej, if you see all the same types of bugs, please do not report them all. It takes me a while to close. All of the abrt bugs are caused by a rename of abrt to abrtd, reporting hundreds of them stops me from doing my real job, one is enough.
(In reply to comment #1) > Matej, if you see all the same types of bugs, please do not report them all. > It takes me a while to close. All of the abrt bugs are caused by a rename of > abrt to abrtd, reporting hundreds of them stops me from doing my real job, one > is enough. OK, but to my defense: a) I didn't filed all 70+ AVC denials I've got, b) I didn't know it was caused by rename of daemon exec but by some catastrophical damage (or missing) SELinux policy. So, I wanted to cover all aspects, so that new (replacing the missing) policy would have them. c) I got a little edgy after 50th AVC denial or so ;-)
I understand and I think there is a problem with the tool that is supposed to discover dups automatically. Sadly I am so busy closing abrt bugs, I have not been able to look into what is going on.