Summary: SELinux is preventing /usr/sbin/abrtd "add_name" access on etilqs_BF4xOp3k8g6gqz9. Detailed Description: [abrtd has a permissive type (abrt_t). This access was not denied.] SELinux denied access requested by abrtd. It is not expected that this access is required by abrtd and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Allowing Access: You can generate a local policy module to allow this access - see FAQ (http://docs.fedoraproject.org/selinux-faq-fc5/#id2961385) Please file a bug report. Additional Information: Source Context unconfined_u:system_r:abrt_t:s0-s0:c0.c1023 Target Context system_u:object_r:mount_tmp_t:s0 Target Objects etilqs_BF4xOp3k8g6gqz9 [ dir ] Source abrtd Source Path /usr/sbin/abrtd Port <Unknown> Host (removed) Source RPM Packages abrt-1.0.9-1.fc12 Target RPM Packages Policy RPM selinux-policy-3.6.32-110.fc12 Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Plugin Name catchall Host Name (removed) Platform Linux (removed) 2.6.32.11-99.fc12.i686 #1 SMP Mon Apr 5 16:32:08 EDT 2010 i686 i686 Alert Count 3 First Seen Sun 25 Apr 2010 12:48:00 AM IST Last Seen Sun 25 Apr 2010 12:48:00 AM IST Local ID d1aca929-99ba-4ce3-81ed-facd6db0b496 Line Numbers Raw Audit Messages node=(removed) type=AVC msg=audit(1272136680.233:21): avc: denied { add_name } for pid=6089 comm="abrtd" name="etilqs_BF4xOp3k8g6gqz9" scontext=unconfined_u:system_r:abrt_t:s0-s0:c0.c1023 tcontext=system_u:object_r:mount_tmp_t:s0 tclass=dir node=(removed) type=AVC msg=audit(1272136680.233:21): avc: denied { create } for pid=6089 comm="abrtd" name="etilqs_BF4xOp3k8g6gqz9" scontext=unconfined_u:system_r:abrt_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:mount_tmp_t:s0 tclass=file node=(removed) type=AVC msg=audit(1272136680.233:21): avc: denied { read write open } for pid=6089 comm="abrtd" name="etilqs_BF4xOp3k8g6gqz9" dev=tmpfs ino=72417 scontext=unconfined_u:system_r:abrt_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:mount_tmp_t:s0 tclass=file node=(removed) type=SYSCALL msg=audit(1272136680.233:21): arch=40000003 syscall=5 success=yes exit=12 a0=bfe61b9b a1=280c2 a2=180 a3=ffffffff items=0 ppid=1 pid=6089 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="abrtd" exe="/usr/sbin/abrtd" subj=unconfined_u:system_r:abrt_t:s0-s0:c0.c1023 key=(null) Hash String generated from catchall,abrtd,abrt_t,mount_tmp_t,dir,add_name audit2allow suggests: #============= abrt_t ============== allow abrt_t mount_tmp_t:dir add_name; #!!!! The source type 'abrt_t' can write to a 'file' of the following types: # abrt_tmp_t, rpm_var_cache_t, abrt_var_cache_t, abrt_var_log_t, rpm_var_run_t, abrt_var_run_t, root_t allow abrt_t mount_tmp_t:file { read write create open };
What were you doing when this happened? What is mounted in mount_tmp_t? Reassigning to abrt to see if those guys have any idea what is going on?
*** Bug 585566 has been marked as a duplicate of this bug. ***