Summary: SELinux is preventing /usr/sbin/abrtd (deleted) "write" access on /etc/abrt. Detailed Description: [abrtd has a permissive type (abrt_t). This access was not denied.] SELinux denied access requested by abrtd. It is not expected that this access is required by abrtd and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Allowing Access: You can generate a local policy module to allow this access - see FAQ (http://docs.fedoraproject.org/selinux-faq-fc5/#id2961385) Please file a bug report. Additional Information: Source Context system_u:system_r:abrt_t:s0 Target Context system_u:object_r:abrt_etc_t:s0 Target Objects /etc/abrt [ dir ] Source abrtd Source Path /usr/sbin/abrtd (deleted) Port <Unknown> Host (removed) Source RPM Packages Target RPM Packages abrt-1.0.3-1.fc12 Policy RPM selinux-policy-3.6.32-73.fc12 Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Plugin Name catchall Host Name (removed) Platform Linux (removed) 2.6.31.5-127.fc12.x86_64 #1 SMP Sat Nov 7 21:11:14 EST 2009 x86_64 x86_64 Alert Count 3 First Seen Thu 21 Jan 2010 01:12:34 PM MST Last Seen Thu 21 Jan 2010 01:12:34 PM MST Local ID 32f48c02-510b-4877-9e9d-7f9941345301 Line Numbers Raw Audit Messages node=(removed) type=AVC msg=audit(1264104754.53:73): avc: denied { write } for pid=1458 comm="abrtd" name="abrt" dev=dm-0 ino=38979 scontext=system_u:system_r:abrt_t:s0 tcontext=system_u:object_r:abrt_etc_t:s0 tclass=dir node=(removed) type=AVC msg=audit(1264104754.53:73): avc: denied { add_name } for pid=1458 comm="abrtd" name="pyhook.conf" scontext=system_u:system_r:abrt_t:s0 tcontext=system_u:object_r:abrt_etc_t:s0 tclass=dir node=(removed) type=AVC msg=audit(1264104754.53:73): avc: denied { create } for pid=1458 comm="abrtd" name="pyhook.conf" scontext=system_u:system_r:abrt_t:s0 tcontext=system_u:object_r:abrt_etc_t:s0 tclass=file node=(removed) type=SYSCALL msg=audit(1264104754.53:73): arch=c000003e syscall=2 success=yes exit=9 a0=7f66cca995f5 a1=241 a2=1b6 a3=0 items=0 ppid=1 pid=1458 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="abrtd" exe=2F7573722F7362696E2F6162727464202864656C6574656429 subj=system_u:system_r:abrt_t:s0 key=(null) Hash String generated from selinux-policy-3.6.32-73.fc12,catchall,abrtd,abrt_t,abrt_etc_t,dir,write audit2allow suggests: #============= abrt_t ============== #!!!! The source type 'abrt_t' can write to a 'dir' of the following types: # var_run_t, rpm_var_cache_t, abrt_var_cache_t, var_log_t, abrt_var_log_t, rpm_var_run_t, abrt_var_run_t, tmp_t, var_t, abrt_tmp_t, root_t allow abrt_t abrt_etc_t:dir { write add_name }; allow abrt_t abrt_etc_t:file create;
*** This bug has been marked as a duplicate of bug 546152 ***
I have just completed the 'yum update' of my Fedora Core 12 installation.
Just like Bernard I encountered this bug at the end of my Fedora 12 KDE Update via Terminal.
I thought I am the only one, but looks like I am in the same boat as everyone else. encountered after yum update of Fedora 12.
Same warning message appears at login each time. Also did 'yum update' with Fedora 12 around or just before Jan 31/10 and tried some security updates since then but still the message. This is my second time reporting this bug, first time giving a comment.
The tool doing the warning message is broken. You can install an update from updates-testing, if it has reached the mirrors. yum update setroubleshoot\* --enablerepo=updates-testing