Bugzilla (bugzilla.redhat.com) will be under maintenance for infrastructure upgrades and will not be available on July 31st between 12:30 AM - 05:30 AM UTC. We appreciate your understanding and patience. You can follow status.redhat.com for details.
Bug 522878 (abrthome) - setroubleshoot: SELinux is preventing /usr/sbin/abrtd "read" access on Bugzilla.conf.
Summary: setroubleshoot: SELinux is preventing /usr/sbin/abrtd "read" access on Bugzil...
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: abrthome
Product: Fedora
Classification: Fedora
Component: abrt
Version: 12
Hardware: x86_64
OS: Linux
low
medium
Target Milestone: ---
Assignee: Jiri Moskovcak
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard: setroubleshoot_trace_hash:842563814e7...
: 522977 524300 524596 524866 524867 524868 524869 525207 525770 525771 526961 526962 526964 526965 527381 527437 527817 528262 528263 528381 529018 529020 529040 529961 530138 530139 530140 530748 530749 531416 531417 531571 531572 532184 532630 532747 533013 533207 533556 (view as bug list)
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2009-09-11 22:34 UTC by Francesco Frassinelli (frafra)
Modified: 2018-04-11 09:21 UTC (History)
34 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2010-02-13 13:05:24 UTC
Type: ---


Attachments (Terms of Use)

Description Francesco Frassinelli (frafra) 2009-09-11 22:34:17 UTC
The following was filed automatically by setroubleshoot:

Sommario:

SELinux is preventing /usr/sbin/abrtd "read" access on Bugzilla.conf.

Descrizione dettagliata:

[abrtd has a permissive type (abrt_t). This access was not denied.]

SELinux denied access requested by abrtd. It is not expected that this access is
required by abrtd and this access may signal an intrusion attempt. It is also
possible that the specific version or configuration of the application is
causing it to require additional access.

Abilitazione accesso in corso:

You can generate a local policy module to allow this access - see FAQ
(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Please file a bug
report.

Informazioni aggiuntive:

Contesto della sorgente       system_u:system_r:abrt_t:s0
Contesto target               system_u:object_r:user_home_dir_t:s0
Oggetti target                Bugzilla.conf [ file ]
Sorgente                      abrtd
Percorso della sorgente       /usr/sbin/abrtd
Porta                         <Sconosciuto>
Host                          (removed)
Sorgente Pacchetti RPM        abrt-0.0.8.5-1.fc12
Pacchetti RPM target          
RPM della policy              selinux-policy-3.6.31-2.fc12
Selinux abilitato             True
Tipo di policy                targeted
MLS abilitato                 True
Modalità Enforcing           Enforcing
Nome plugin                   catchall
Host Name                     (removed)
Piattaforma                   Linux (removed) 2.6.31-2.fc12.x86_64 #1 SMP Thu
                              Sep 10 00:25:40 EDT 2009 x86_64 x86_64
Conteggio avvisi              2
Primo visto                   sab 12 set 2009 00:32:57 CEST
Ultimo visto                  sab 12 set 2009 00:32:57 CEST
ID locale                     b0432dcc-e803-4962-a924-8f23c0eaf948
Numeri di linea               

Messaggi Raw Audit            

node=(removed) type=AVC msg=audit(1252708377.556:21): avc:  denied  { read } for  pid=1361 comm="abrtd" name="Bugzilla.conf" dev=dm-0 ino=1442508 scontext=system_u:system_r:abrt_t:s0 tcontext=system_u:object_r:user_home_dir_t:s0 tclass=file

node=(removed) type=AVC msg=audit(1252708377.556:21): avc:  denied  { open } for  pid=1361 comm="abrtd" name="Bugzilla.conf" dev=dm-0 ino=1442508 scontext=system_u:system_r:abrt_t:s0 tcontext=system_u:object_r:user_home_dir_t:s0 tclass=file

node=(removed) type=SYSCALL msg=audit(1252708377.556:21): arch=c000003e syscall=2 success=yes exit=0 a0=13360e8 a1=0 a2=1b6 a3=238 items=0 ppid=1 pid=1361 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="abrtd" exe="/usr/sbin/abrtd" subj=system_u:system_r:abrt_t:s0 key=(null)


audit2allow suggests:

#============= abrt_t ==============
allow abrt_t user_home_dir_t:file { read open };

Comment 1 Daniel Walsh 2009-09-11 22:45:35 UTC
Abort should not be touching anyones home dir.  It is very dangerous for a system process to be mucking around in  home dir.

Comment 2 Michal Schmidt 2009-09-12 22:44:48 UTC
*** Bug 522977 has been marked as a duplicate of this bug. ***

Comment 3 Daniel Walsh 2009-09-22 15:09:14 UTC
*** Bug 524300 has been marked as a duplicate of this bug. ***

Comment 4 Daniel Walsh 2009-09-22 15:09:56 UTC
*** Bug 524866 has been marked as a duplicate of this bug. ***

Comment 5 Daniel Walsh 2009-09-22 15:10:18 UTC
*** Bug 524867 has been marked as a duplicate of this bug. ***

Comment 6 Daniel Walsh 2009-09-22 15:10:40 UTC
*** Bug 524868 has been marked as a duplicate of this bug. ***

Comment 7 Daniel Walsh 2009-09-22 15:11:03 UTC
*** Bug 524869 has been marked as a duplicate of this bug. ***

Comment 8 Daniel Walsh 2009-09-24 15:44:31 UTC
*** Bug 525207 has been marked as a duplicate of this bug. ***

Comment 9 Daniel Walsh 2009-09-28 13:51:47 UTC
*** Bug 525771 has been marked as a duplicate of this bug. ***

Comment 10 Daniel Walsh 2009-09-28 13:52:21 UTC
*** Bug 525770 has been marked as a duplicate of this bug. ***

Comment 11 Daniel Walsh 2009-10-03 10:41:40 UTC
*** Bug 526965 has been marked as a duplicate of this bug. ***

Comment 12 Daniel Walsh 2009-10-03 10:42:16 UTC
*** Bug 526964 has been marked as a duplicate of this bug. ***

Comment 13 Daniel Walsh 2009-10-03 10:43:02 UTC
*** Bug 526962 has been marked as a duplicate of this bug. ***

Comment 14 Daniel Walsh 2009-10-03 10:43:22 UTC
*** Bug 526961 has been marked as a duplicate of this bug. ***

Comment 15 Daniel Walsh 2009-10-06 14:07:56 UTC
*** Bug 527381 has been marked as a duplicate of this bug. ***

Comment 16 Daniel Walsh 2009-10-06 14:25:24 UTC
*** Bug 527437 has been marked as a duplicate of this bug. ***

Comment 17 Kevin 2009-10-06 20:07:35 UTC
.bugzillacookies

Comment 18 Kevin 2009-10-06 20:13:05 UTC
Or  .abrt/Bugzilla.conf

Comment 19 Daniel Walsh 2009-10-07 19:44:55 UTC
*** Bug 527817 has been marked as a duplicate of this bug. ***

Comment 20 Daniel Walsh 2009-10-11 11:55:58 UTC
*** Bug 528262 has been marked as a duplicate of this bug. ***

Comment 21 Daniel Walsh 2009-10-11 11:56:37 UTC
*** Bug 528263 has been marked as a duplicate of this bug. ***

Comment 22 Martin Naď 2009-10-12 04:51:26 UTC
*** Bug 528381 has been marked as a duplicate of this bug. ***

Comment 23 Daniel Walsh 2009-10-14 16:34:38 UTC
*** Bug 529018 has been marked as a duplicate of this bug. ***

Comment 24 Daniel Walsh 2009-10-14 16:35:11 UTC
*** Bug 529020 has been marked as a duplicate of this bug. ***

Comment 25 Daniel Walsh 2009-10-14 19:33:51 UTC
*** Bug 529040 has been marked as a duplicate of this bug. ***

Comment 26 Jiri Moskovcak 2009-10-20 10:41:28 UTC
Abrt daemon doesn't read/write to ~HOME since version 0.0.10.

Jirka

Comment 27 Daniel Walsh 2009-10-20 22:35:55 UTC
*** Bug 524596 has been marked as a duplicate of this bug. ***

Comment 28 Daniel Walsh 2009-10-20 22:46:30 UTC
*** Bug 529961 has been marked as a duplicate of this bug. ***

Comment 29 Daniel Walsh 2009-10-21 16:57:08 UTC
*** Bug 530138 has been marked as a duplicate of this bug. ***

Comment 30 Daniel Walsh 2009-10-21 16:57:29 UTC
*** Bug 530139 has been marked as a duplicate of this bug. ***

Comment 31 Daniel Walsh 2009-10-21 17:15:25 UTC
*** Bug 530140 has been marked as a duplicate of this bug. ***

Comment 32 Zack Cerza 2009-10-27 15:28:58 UTC
I still see this every time I use abrt-gui.

abrt-0.0.10-1.fc12.x86_64

Comment 33 Daniel Walsh 2009-10-28 12:15:39 UTC
*** Bug 531417 has been marked as a duplicate of this bug. ***

Comment 34 Daniel Walsh 2009-10-28 12:15:56 UTC
*** Bug 531416 has been marked as a duplicate of this bug. ***

Comment 35 Daniel Walsh 2009-10-28 19:29:23 UTC
*** Bug 531572 has been marked as a duplicate of this bug. ***

Comment 36 Daniel Walsh 2009-10-28 19:29:46 UTC
*** Bug 531571 has been marked as a duplicate of this bug. ***

Comment 37 Daniel Walsh 2009-11-02 15:03:54 UTC
*** Bug 532184 has been marked as a duplicate of this bug. ***

Comment 38 Daniel Walsh 2009-11-03 14:07:43 UTC
*** Bug 532630 has been marked as a duplicate of this bug. ***

Comment 39 Zack Cerza 2009-11-03 17:22:34 UTC
*** Bug 532747 has been marked as a duplicate of this bug. ***

Comment 40 Miroslav Grepl 2009-11-06 09:48:54 UTC
*** Bug 533013 has been marked as a duplicate of this bug. ***

Comment 41 Miroslav Grepl 2009-11-06 09:50:11 UTC
*** Bug 533207 has been marked as a duplicate of this bug. ***

Comment 42 Miroslav Grepl 2009-11-09 09:43:55 UTC
*** Bug 533556 has been marked as a duplicate of this bug. ***

Comment 43 Bug Zapper 2009-11-16 12:17:38 UTC
This bug appears to have been reported against 'rawhide' during the Fedora 12 development cycle.
Changing version to '12'.

More information and reason for this action is here:
http://fedoraproject.org/wiki/BugZappers/HouseKeeping

Comment 45 Christopher Beland 2010-02-12 20:09:56 UTC
Bug 530749 and Bug 530748 appear to be possible duplicates.

Duplicate reports have trailed off, and I don't see any instances filed against version 1.0 or later.  (We are currently on abrt-1.0.6-1.fc12.)  Should this bug be marked CLOSED/ERRATA?

Comment 46 Daniel Walsh 2010-02-13 13:06:25 UTC
*** Bug 530749 has been marked as a duplicate of this bug. ***

Comment 47 Daniel Walsh 2010-02-13 13:07:36 UTC
*** Bug 530748 has been marked as a duplicate of this bug. ***


Note You need to log in before you can comment on or make changes to this bug.