Summary: SELinux is preventing /usr/sbin/abrtd (deleted) "write" access on /etc/abrt. Detailed Description: [abrtd has a permissive type (abrt_t). This access was not denied.] SELinux denied access requested by abrtd. It is not expected that this access is required by abrtd and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Allowing Access: You can generate a local policy module to allow this access - see FAQ (http://docs.fedoraproject.org/selinux-faq-fc5/#id2961385) Please file a bug report. Additional Information: Source Context system_u:system_r:abrt_t:s0 Target Context system_u:object_r:abrt_etc_t:s0 Target Objects /etc/abrt [ dir ] Source abrtd Source Path /usr/sbin/abrtd (deleted) Port <Unknown> Host (removed) Source RPM Packages Target RPM Packages abrt-1.0.6-1.fc12 Policy RPM selinux-policy-3.6.32-82.fc12 Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Plugin Name catchall Host Name (removed) Platform Linux (removed) 2.6.31.5-127.fc12.i686.PAE #1 SMP Sat Nov 7 21:25:57 EST 2009 i686 i686 Alert Count 3 First Seen Sat 06 Feb 2010 06:10:35 PM EST Last Seen Sat 06 Feb 2010 06:10:35 PM EST Local ID eeebe6d3-d8cc-4256-bfa2-8c18ad639392 Line Numbers Raw Audit Messages node=(removed) type=AVC msg=audit(1265497835.886:105): avc: denied { write } for pid=1424 comm="abrtd" name="abrt" dev=dm-1 ino=43139 scontext=system_u:system_r:abrt_t:s0 tcontext=system_u:object_r:abrt_etc_t:s0 tclass=dir node=(removed) type=AVC msg=audit(1265497835.886:105): avc: denied { add_name } for pid=1424 comm="abrtd" name="pyhook.conf" scontext=system_u:system_r:abrt_t:s0 tcontext=system_u:object_r:abrt_etc_t:s0 tclass=dir node=(removed) type=AVC msg=audit(1265497835.886:105): avc: denied { create } for pid=1424 comm="abrtd" name="pyhook.conf" scontext=system_u:system_r:abrt_t:s0 tcontext=system_u:object_r:abrt_etc_t:s0 tclass=file node=(removed) type=SYSCALL msg=audit(1265497835.886:105): arch=40000003 syscall=5 success=yes exit=9 a0=6870b9 a1=8241 a2=1b6 a3=38b629 items=0 ppid=1 pid=1424 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="abrtd" exe=2F7573722F7362696E2F6162727464202864656C6574656429 subj=system_u:system_r:abrt_t:s0 key=(null) Hash String generated from selinux-policy-3.6.32-82.fc12,catchall,abrtd,abrt_t,abrt_etc_t,dir,write audit2allow suggests: #============= abrt_t ============== #!!!! The source type 'abrt_t' can write to a 'dir' of the following types: # rpm_var_cache_t, abrt_var_cache_t, var_log_t, abrt_var_log_t, rpm_var_run_t, abrt_var_run_t, tmp_t, var_t, abrt_tmp_t, var_run_t, root_t allow abrt_t abrt_etc_t:dir { write add_name }; allow abrt_t abrt_etc_t:file create;
*** This bug has been marked as a duplicate of bug 546152 ***