Bug 578679 - SELinux is preventing /usr/bin/gdb "add_name" access on gobject.pyc.
Summary: SELinux is preventing /usr/bin/gdb "add_name" access on gobject.pyc.
Keywords:
Status: CLOSED DUPLICATE of bug 528554
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy
Version: 12
Hardware: i386
OS: Linux
low
medium
Target Milestone: ---
Assignee: Daniel Walsh
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard: setroubleshoot_trace_hash:5a1ece76163...
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2010-04-01 03:44 UTC by xqdjk
Modified: 2010-08-16 19:14 UTC (History)
4 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2010-04-01 12:44:48 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)

Description xqdjk 2010-04-01 03:44:17 UTC 
概述:

SELinux is preventing /usr/bin/gdb "add_name" access on gobject.pyc.

详细描述:

[gdb 有一个宽容类型 (abrt_t)。此访问未受拒绝。]

SELinux denied access requested by gdb. It is not expected that this access is
required by gdb and this access may signal an intrusion attempt. It is also
possible that the specific version or configuration of the application is
causing it to require additional access.

允许访问:

You can generate a local policy module to allow this access - see FAQ
(http://docs.fedoraproject.org/selinux-faq-fc5/#id2961385) Please file a bug
report.

附加信息:

源上下文                  system_u:system_r:abrt_t:s0-s0:c0.c1023
目标上下文               system_u:object_r:usr_t:s0
目标对象                  gobject.pyc [ dir ]
源                           gdb
源路径                     /usr/bin/gdb
端口                        <未知>
主机                        (removed)
源 RPM 软件包             gdb-7.0.1-35.fc12
目标 RPM 软件包          
策略 RPM                    selinux-policy-3.6.32-103.fc12
启用 Selinux                True
策略类型                  targeted
Enforcing 模式              Enforcing
插件名称                  catchall
主机名                     (removed)
平台                        Linux (removed)
                              2.6.32.9-70.fc12.i686.PAE #1 SMP Wed Mar 3
                              04:57:21 UTC 2010 i686 i686
警报计数                  3
第一个                     2010年03月25日 星期四 10时40分42秒
最后一个                  2010年03月25日 星期四 10时40分42秒
本地 ID                     8fef01fe-1cb7-404d-a8ad-c195f0c7e53b
行号                        

原始核查信息            

node=(removed) type=AVC msg=audit(1269484842.193:43): avc:  denied  { add_name } for  pid=13002 comm="gdb" name="gobject.pyc" scontext=system_u:system_r:abrt_t:s0-s0:c0.c1023 tcontext=system_u:object_r:usr_t:s0 tclass=dir

node=(removed) type=AVC msg=audit(1269484842.193:43): avc:  denied  { create } for  pid=13002 comm="gdb" name="gobject.pyc" scontext=system_u:system_r:abrt_t:s0-s0:c0.c1023 tcontext=system_u:object_r:usr_t:s0 tclass=file

node=(removed) type=AVC msg=audit(1269484842.193:43): avc:  denied  { write } for  pid=13002 comm="gdb" name="gobject.pyc" dev=dm-0 ino=483 scontext=system_u:system_r:abrt_t:s0-s0:c0.c1023 tcontext=system_u:object_r:usr_t:s0 tclass=file

node=(removed) type=SYSCALL msg=audit(1269484842.193:43): arch=40000003 syscall=5 success=yes exit=14 a0=bfad3a8b a1=82c1 a2=81ed a3=bfad4aeb items=0 ppid=1872 pid=13002 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="gdb" exe="/usr/bin/gdb" subj=system_u:system_r:abrt_t:s0-s0:c0.c1023 key=(null)



Hash String generated from  catchall,gdb,abrt_t,usr_t,dir,add_name
audit2allow suggests:

#============= abrt_t ==============
allow abrt_t usr_t:dir add_name;
allow abrt_t usr_t:file { write create };
Comment 1 Daniel Walsh 2010-04-01 12:44:48 UTC 

*** This bug has been marked as a duplicate of bug 528554 ***
Note You need to log in before you can comment on or make changes to this bug.