Bug 542079 - SELinux is preventing /usr/bin/abrt-pyhook-helper access to a leaked udp_socket file descriptor.
Summary: SELinux is preventing /usr/bin/abrt-pyhook-helper access to a leaked udp_sock...
Keywords:
Status: CLOSED DUPLICATE of bug 539566
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy
Version: 12
Hardware: x86_64
OS: Linux
low
medium
Target Milestone: ---
Assignee: Daniel Walsh
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard: setroubleshoot_trace_hash:a027224d9fe...
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2009-11-28 09:10 UTC by Rick van de Kolk
Modified: 2009-12-05 20:23 UTC (History)
3 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2009-11-30 12:04:02 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)

Description Rick van de Kolk 2009-11-28 09:10:55 UTC 
Summary:

SELinux is preventing /usr/bin/abrt-pyhook-helper access to a leaked udp_socket
file descriptor.

Detailed Description:

[SELinux is in permissive mode. This access was not denied.]

SELinux denied access requested by the abrt-pyhook-hel command. It looks like
this is either a leaked descriptor or abrt-pyhook-hel output was redirected to a
file it is not allowed to access. Leaks usually can be ignored since SELinux is
just closing the leak and reporting the error. The application does not use the
descriptor, so it will run properly. If this is a redirection, you will not get
output in the udp_socket. You should generate a bugzilla on selinux-policy, and
it will get routed to the appropriate package. You can safely ignore this avc.

Allowing Access:

You can generate a local policy module to allow this access - see FAQ
(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385)

Additional Information:

Source Context                unconfined_u:unconfined_r:abrt_helper_t:s0-s0:c0.c
                              1023
Target Context                unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1
                              023
Target Objects                udp_socket [ udp_socket ]
Source                        abrt-pyhook-hel
Source Path                   /usr/bin/abrt-pyhook-helper
Port                          <Unknown>
Host                          (removed)
Source RPM Packages           abrt-addon-python-1.0.0-1.fc12
Target RPM Packages           
Policy RPM                    selinux-policy-3.6.32-49.fc12
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Permissive
Plugin Name                   leaks
Host Name                     (removed)
Platform                      Linux (removed) 2.6.31.6-145.fc12.x86_64
                              #1 SMP Sat Nov 21 15:57:45 EST 2009 x86_64 x86_64
Alert Count                   2
First Seen                    Sat 21 Nov 2009 10:36:23 AM CET
Last Seen                     Sat 28 Nov 2009 10:08:46 AM CET
Local ID                      46af5769-7de0-4d4a-b88d-3248c09bb84c
Line Numbers                  

Raw Audit Messages            

node=(removed) type=AVC msg=audit(1259399326.567:12): avc:  denied  { read write } for  pid=2179 comm="abrt-pyhook-hel" path="socket:[23235]" dev=sockfs ino=23235 scontext=unconfined_u:unconfined_r:abrt_helper_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=udp_socket

node=(removed) type=SYSCALL msg=audit(1259399326.567:12): arch=c000003e syscall=59 success=yes exit=0 a0=2011680 a1=2074380 a2=7fff41356a40 a3=6f7a79702f6e6962 items=0 ppid=2142 pid=2179 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=481 sgid=481 fsgid=481 tty=(none) ses=1 comm="abrt-pyhook-hel" exe="/usr/bin/abrt-pyhook-helper" subj=unconfined_u:unconfined_r:abrt_helper_t:s0-s0:c0.c1023 key=(null)



Hash String generated from  selinux-policy-3.6.32-49.fc12,leaks,abrt-pyhook-hel,abrt_helper_t,unconfined_t,udp_socket,read,write
audit2allow suggests:

#============= abrt_helper_t ==============
allow abrt_helper_t unconfined_t:udp_socket { read write };
Comment 1 Miroslav Grepl 2009-11-30 12:04:02 UTC 

*** This bug has been marked as a duplicate of bug 539566 ***
Note You need to log in before you can comment on or make changes to this bug.