Bug 533502 - SELinux is preventing /usr/bin/python "create" access on x86_64.
Summary: SELinux is preventing /usr/bin/python "create" access on x86_64.
Keywords:
Status: CLOSED RAWHIDE
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy
Version: 12
Hardware: x86_64
OS: Linux
low
medium
Target Milestone: ---
Assignee: Daniel Walsh
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard: setroubleshoot_trace_hash:176155f500a...
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2009-11-06 21:46 UTC by cheguaka
Modified: 2009-11-23 21:56 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2009-11-09 14:51:22 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)

Description cheguaka 2009-11-06 21:46:40 UTC 
Resúmen:

SELinux is preventing /usr/bin/python "create" access on x86_64.

Descripción Detallada:

[yum es un tipo permisivo (abrt_t). Este acceso no fue denegado.]

SELinux denied access requested by yum. It is not expected that this access is
required by yum and this access may signal an intrusion attempt. It is also
possible that the specific version or configuration of the application is
causing it to require additional access.

Permitiendo Acceso:

You can generate a local policy module to allow this access - see FAQ
(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Please file a bug
report.

Información Adicional:

Contexto Fuente               system_u:system_r:abrt_t:s0
Contexto Destino              system_u:object_r:rpm_var_cache_t:s0
Objetos Destino               x86_64 [ dir ]
Fuente                        yum
Dirección de Fuente          /usr/bin/python
Puerto                        <Desconocido>
Nombre de Equipo              (removed)
Paquetes RPM Fuentes          python-2.6.2-2.fc12
Paquetes RPM Destinos         
RPM de Políticas             selinux-policy-3.6.32-40.fc12
SELinux Activado              True
Tipo de Política             targeted
MLS Activado                  True
Modo Obediente                Enforcing
Nombre de Plugin              catchall
Nombre de Equipo              (removed)
Plataforma                    Linux (removed)
                              2.6.31.5-115.fc12.x86_64 #1 SMP Tue Nov 3 23:56:19
                              EST 2009 x86_64 x86_64
Cantidad de Alertas           1
Visto por Primera Vez         vie 06 nov 2009 22:45:30 EST
Visto por Última Vez         vie 06 nov 2009 22:45:30 EST
ID Local                      e389874f-bb23-4e81-af29-89677d7481bd
Números de Línea            

Mensajes de Auditoría Crudos 

node=(removed) type=AVC msg=audit(1257565530.543:32095): avc:  denied  { create } for  pid=2200 comm="yum" name="x86_64" scontext=system_u:system_r:abrt_t:s0 tcontext=system_u:object_r:rpm_var_cache_t:s0 tclass=dir

node=(removed) type=SYSCALL msg=audit(1257565530.543:32095): arch=c000003e syscall=83 success=yes exit=4294967424 a0=1285e70 a1=1ed a2=7f45c8990e40 a3=7fffada70890 items=0 ppid=2199 pid=2200 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="yum" exe="/usr/bin/python" subj=system_u:system_r:abrt_t:s0 key=(null)



Hash String generated from  selinux-policy-3.6.32-40.fc12,catchall,yum,abrt_t,rpm_var_cache_t,dir,create
audit2allow suggests:

#============= abrt_t ==============
allow abrt_t rpm_var_cache_t:dir create;
Comment 1 cheguaka 2009-11-06 21:57:19 UTC 
I was trying to connect irc whit telepathy, but telepathy-idle, crashed. abrt poped, and I tried to submit the bug.abrt tried to download 29 debuginfo packages via yum, the the error  came.
Comment 2 James Antill 2009-11-09 14:38:12 UTC 
I assume this is yumdb stuff, aka. /var/lib/yum/yumdb ... so is valid.
Comment 3 Daniel Walsh 2009-11-09 14:51:22 UTC 
Fixed in selinux-policy-3.6.32-42.fc12.noarch
Note You need to log in before you can comment on or make changes to this bug.