Bug 539960 - SELinux is preventing /usr/bin/python "write" access.
Summary: SELinux is preventing /usr/bin/python "write" access.
Keywords:
Status: CLOSED DUPLICATE of bug 539959
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy
Version: 12
Hardware: x86_64
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Daniel Walsh
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard: setroubleshoot_trace_hash:a713a78736f...
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2009-11-21 19:03 UTC by Rudolf Kastl
Modified: 2009-11-26 17:18 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2009-11-23 14:54:06 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)

Description Rudolf Kastl 2009-11-21 19:03:53 UTC 
Zusammenfassung:

SELinux is preventing /usr/bin/python "write" access.

Detaillierte Beschreibung:

[system-config-k hat einen toleranten Typ (kdumpgui_t). Dieser Zugriff wurde
nicht verweigert.]

SELinux denied access requested by system-config-k. It is not expected that this
access is required by system-config-k and this access may signal an intrusion
attempt. It is also possible that the specific version or configuration of the
application is causing it to require additional access.

Zugriff erlauben:

You can generate a local policy module to allow this access - see FAQ
(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Please file a bug
report.

Zusätzliche Informationen:

Quellkontext                  system_u:system_r:kdumpgui_t:s0-s0:c0.c1023
Zielkontext                   system_u:system_r:kdumpgui_t:s0-s0:c0.c1023
Zielobjekte                   None [ unix_dgram_socket ]
Quelle                        system-config-k
Quellen-Pfad                  /usr/bin/python
Port                          <Unbekannt>
Host                          (removed)
Quellen-RPM-Pakete            python-2.6.2-2.fc12
Ziel-RPM-Pakete               
RPM-Richtlinie                selinux-policy-3.6.32-46.fc12
SELinux aktiviert             True
Richtlinienversion            targeted
Enforcing-Modus               Enforcing
Plugin-Name                   catchall
Hostname                      (removed)
Plattform                     Linux (removed) 2.6.31.6-144.fc12.x86_64 #1 SMP
                              Fri Nov 20 18:32:50 EST 2009 x86_64 x86_64
Anzahl der Alarme             1
Zuerst gesehen                Sa 21 Nov 2009 20:01:28 CET
Zuletzt gesehen               Sa 21 Nov 2009 20:01:28 CET
Lokale ID                     bea6378b-5065-4f40-b517-22d93faa7701
Zeilennummern                 

Raw-Audit-Meldungen           

node=(removed) type=AVC msg=audit(1258830088.244:239): avc:  denied  { write } for  pid=21678 comm="system-config-k" scontext=system_u:system_r:kdumpgui_t:s0-s0:c0.c1023 tcontext=system_u:system_r:kdumpgui_t:s0-s0:c0.c1023 tclass=unix_dgram_socket

node=(removed) type=SYSCALL msg=audit(1258830088.244:239): arch=c000003e syscall=44 success=yes exit=4294967424 a0=3 a1=96d010 a2=88 a3=4000 items=0 ppid=21677 pid=21678 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="system-config-k" exe="/usr/bin/python" subj=system_u:system_r:kdumpgui_t:s0-s0:c0.c1023 key=(null)



Hash String generated from  selinux-policy-3.6.32-46.fc12,catchall,system-config-k,kdumpgui_t,kdumpgui_t,unix_dgram_socket,write
audit2allow suggests:

#============= kdumpgui_t ==============
allow kdumpgui_t self:unix_dgram_socket write;
Comment 1 Daniel Walsh 2009-11-23 14:54:06 UTC 

*** This bug has been marked as a duplicate of bug 539959 ***
Note You need to log in before you can comment on or make changes to this bug.