557565 – SELinux is preventing /usr/sbin/abrtd (deleted) "write" access on abrt.

Bug 557565 - SELinux is preventing /usr/sbin/abrtd (deleted) "write" access on abrt.

Summary: SELinux is preventing /usr/sbin/abrtd (deleted) "write" access on abrt.

Keywords:
Status:	CLOSED DUPLICATE of bug 546152
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	selinux-policy
Sub Component:
Version:	12
Hardware:	x86_64
OS:	Linux
Priority:	low
Severity:	medium
Target Milestone:	---
Assignee:	Daniel Walsh
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:	setroubleshoot_trace_hash:e82d6eacd0f...
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2010-01-21 20:22 UTC by Jesús Lorenzo
Modified:	2010-02-22 15:53 UTC (History)
CC List:	111 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2010-01-21 21:50:59 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Jesús Lorenzo 2010-01-21 20:22:22 UTC

Resúmen:

SELinux is preventing /usr/sbin/abrtd (deleted) "write" access on abrt.

Descripción Detallada:

[abrtd es un tipo permisivo (abrt_t). Este acceso no fue denegado.]

SELinux denied access requested by abrtd. It is not expected that this access is
required by abrtd and this access may signal an intrusion attempt. It is also
possible that the specific version or configuration of the application is
causing it to require additional access.

Permitiendo Acceso:

You can generate a local policy module to allow this access - see FAQ
(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Please file a bug
report.

Información Adicional:

Contexto Fuente               system_u:system_r:abrt_t:s0
Contexto Destino              system_u:object_r:abrt_etc_t:s0
Objetos Destino               abrt [ dir ]
Fuente                        abrtd
Dirección de Fuente          /usr/sbin/abrtd (deleted)
Puerto                        <Desconocido>
Nombre de Equipo              (removed)
Paquetes RPM Fuentes          
Paquetes RPM Destinos         
RPM de Políticas             selinux-policy-3.6.32-69.fc12
SELinux Activado              True
Tipo de Política             targeted
Modo Obediente                Enforcing
Nombre de Plugin              catchall
Nombre de Equipo              (removed)
Plataforma                    Linux (removed) 2.6.31.5-127.fc12.x86_64 #1 SMP
                              Sat Nov 7 21:11:14 EST 2009 x86_64 x86_64
Cantidad de Alertas           3
Visto por Primera Vez         jue 21 ene 2010 11:20:32 CET
Visto por Última Vez         jue 21 ene 2010 11:20:32 CET
ID Local                      7963b17a-00ed-473b-992d-884f7c80c741
Números de Línea            

Mensajes de Auditoría Crudos 

node=(removed) type=AVC msg=audit(1264069232.40:42377): avc:  denied  { write } for  pid=1327 comm="abrtd" name="abrt" dev=sda7 ino=38979 scontext=system_u:system_r:abrt_t:s0 tcontext=system_u:object_r:abrt_etc_t:s0 tclass=dir

node=(removed) type=AVC msg=audit(1264069232.40:42377): avc:  denied  { add_name } for  pid=1327 comm="abrtd" name="pyhook.conf" scontext=system_u:system_r:abrt_t:s0 tcontext=system_u:object_r:abrt_etc_t:s0 tclass=dir

node=(removed) type=AVC msg=audit(1264069232.40:42377): avc:  denied  { create } for  pid=1327 comm="abrtd" name="pyhook.conf" scontext=system_u:system_r:abrt_t:s0 tcontext=system_u:object_r:abrt_etc_t:s0 tclass=file

node=(removed) type=SYSCALL msg=audit(1264069232.40:42377): arch=c000003e syscall=2 success=yes exit=9 a0=7fa47f4935f5 a1=241 a2=1b6 a3=0 items=0 ppid=1 pid=1327 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="abrtd" exe=2F7573722F7362696E2F6162727464202864656C6574656429 subj=system_u:system_r:abrt_t:s0 key=(null)



Hash String generated from  selinux-policy-3.6.32-69.fc12,catchall,abrtd,abrt_t,abrt_etc_t,dir,write
audit2allow suggests:

#============= abrt_t ==============
#!!!! The source type 'abrt_t' can write to a 'dir' of the following types:
# rpm_var_cache_t, abrt_var_cache_t, var_log_t, abrt_var_log_t, rpm_var_run_t, abrt_var_run_t, tmp_t, var_t, abrt_tmp_t, var_run_t, root_t

allow abrt_t abrt_etc_t:dir { write add_name };
allow abrt_t abrt_etc_t:file create;

Comment 1 Daniel Walsh 2010-01-21 21:50:59 UTC


*** This bug has been marked as a duplicate of bug 546152 ***

Comment 2 José Manuel 2010-01-24 23:54:32 UTC

I was used CodeWeavers CrossOver Linux Professional v8.0.0 Linux and firefox.

Comment 3 gordon 2010-02-03 21:36:25 UTC

I was updating bug fixes when this happen.

Comment 4 mlatelcom 2010-02-03 22:44:57 UTC

I was starting up when I got it

Note You need to log in before you can comment on or make changes to this bug.

a10cars
abibok
admin
andersonlmor
antifreeze2173
ashwin.hambarde
aucuga
bconfiant
bnocera
Bohdan.Koudelka
brsessions
BugRocks2010
c-9100069
cairnzi
canerdeniz
c_arceo
casey72
cbclark4
chorlya
cp_caverna
cvibe2000
danemarks
dannyel.olivares
dgaiku
dobrotek6
drozzy
dwalsh
ericm24x7
ernesto.albanez
erougier
fftarga
franciscocantuaria
frenk.calza
fsanchezherrero
george-tet
g_mignacio
gmmolen
gnomeuser
gokuln
hitmanrhymer
itsec_issues
jacques_legras
jeancote
jhunos
j.t.anagnostopoulos
jyoerger
kiev
k.knoerzer
klhr3
kumarakshay2003
lacintra.michael
lmsmith1975
Logan.Ruff
lorddragonhat
luca.mazzaferro
marko.denda
marte17
martin.nad89
martin.sh
matthias.guentert
mauro_graca
md-atx
mdzias
mgrepl
middlefingur
mikeyescalona
mlatelcom
mockusmeister
mwildam
nhfrank
nikos_dragan
oliverla
one_piece365
orangewinds
ov10fac
pantelis.fedora
pcardosobr
petar.tsankov
phil.lundy
punisher41
QFanatic
redhat
rka
robpotasse
rpqmo65
r_urbani
samgalletta
sanchezfisica
sgoldber
shiwlof
soad.diego
software
sriram.pyngas
stargategod420
Stefan.Lauterwasser
stressfreechozeme
sujoykroy
szql34
taguchi
terry.w.reeves
three
tim.mickey
tivelinovramis
tonnytony31
ttam
ulrich.hobelmann
venoom
vmitev
wasohernandez
woshanzhimu
xqgex.n