Bug 595422 - AVC denials on abrtd restart
AVC denials on abrtd restart
Status: CLOSED CURRENTRELEASE
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: abrt (Show other bugs)
6.0
All Linux
low Severity medium
: rc
: ---
Assigned To: Jiri Moskovcak
Michal Nowak
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2010-05-24 11:12 EDT by Michal Nowak
Modified: 2015-02-01 17:52 EST (History)
10 users (show)

See Also:
Fixed In Version: selinux-policy-3.7.19-21.el6.noarch
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2010-11-11 09:30:38 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Michal Nowak 2010-05-24 11:12:42 EDT
Description of problem:

newman@dhcp-lab-222 abrt $ sudo grep var -R /etc/abrt/plugins/SQLite3.conf 
DBPath = /var/cache/abrt/abrt-db


newman@dhcp-lab-222 abrt $ sudo service abrtd restart
[...]
type=1400 audit(1274712433.267:5): avc:  denied  { read } for  pid=9834 comm="dmesg" path="pipe:[3619846]" dev=pipefs ino=3619846 scontext=unconfined_u:system_r:dmesg_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:abrt_t:s0-s0:c0.c1023 tclass=fifo_file

type=1400 audit(1274712433.267:6): avc:  denied  { write } for  pid=9834 comm="dmesg" path="pipe:[3619846]" dev=pipefs ino=3619846 scontext=unconfined_u:system_r:dmesg_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:abrt_t:s0-s0:c0.c1023 tclass=fifo_file

type=1400 audit(1274712433.267:7): avc:  denied  { read } for  pid=9834 comm="dmesg" path="inotify" dev=inotifyfs ino=1 scontext=unconfined_u:system_r:dmesg_t:s0-s0:c0.c1023 tcontext=system_u:object_r:inotifyfs_t:s0 tclass=dir

type=1400 audit(1274712433.267:8): avc:  denied  { write } for  pid=9834 comm="dmesg" path="/var/run/abrtd.lock" dev=dm-0 ino=524560 scontext=unconfined_u:system_r:dmesg_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:abrt_var_run_t:s0 tclass=file

type=1400 audit(1274712433.267:9): avc:  denied  { read } for  pid=9834 comm="dmesg" path="pipe:[3620192]" dev=pipefs ino=3620192 scontext=unconfined_u:system_r:dmesg_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:abrt_t:s0-s0:c0.c1023 tclass=fifo_file

[...]

Full log:

newman@dhcp-lab-222 abrt $ sudo service abrtd restart
Stopping abrt daemon: May 24 16:47:09 dhcp-lab-222 abrtd: UnRegistered Reporter plugin Bugzilla
May 24 16:47:09 dhcp-lab-222 abrtd: UnRegistered Analyzer plugin CCpp
May 24 16:47:09 dhcp-lab-222 abrtd: UnRegistered Action plugin FileTransfer
May 24 16:47:09 dhcp-lab-222 abrtd: UnRegistered Analyzer plugin Kerneloops
May 24 16:47:09 dhcp-lab-222 abrtd: UnRegistered Action plugin KerneloopsScanner
May 24 16:47:09 dhcp-lab-222 abrtd: UnRegistered Reporter plugin Logger
May 24 16:47:09 dhcp-lab-222 abrtd: UnRegistered Reporter plugin Mailx
May 24 16:47:09 dhcp-lab-222 abrtd: UnRegistered Analyzer plugin Python
May 24 16:47:09 dhcp-lab-222 abrtd: UnRegistered Action plugin SOSreport
May 24 16:47:09 dhcp-lab-222 abrtd: UnRegistered Database plugin SQLite3
May 24 16:47:09 dhcp-lab-222 abrtd: UnRegistered Reporter plugin TicketUploader
May 24 16:47:09 dhcp-lab-222 abrtd: Got signal 15, exiting
                                                           [  OK  ]
Starting abrt daemon: May 24 16:47:10 dhcp-lab-222 abrtd: Registered Reporter plugin 'Logger'
May 24 16:47:10 dhcp-lab-222 abrtd: Registered Reporter plugin 'Bugzilla'
May 24 16:47:10 dhcp-lab-222 abrtd: Registered Analyzer plugin 'CCpp'
May 24 16:47:10 dhcp-lab-222 abrtd: Registered Action plugin 'SOSreport'
May 24 16:47:10 dhcp-lab-222 abrtd: Registered Reporter plugin 'Mailx'
May 24 16:47:10 dhcp-lab-222 abrtd: Registered Analyzer plugin 'Kerneloops'
May 24 16:47:10 dhcp-lab-222 abrtd: Registered Action plugin 'KerneloopsScanner'
May 24 16:47:10 dhcp-lab-222 abrtd: Registered Analyzer plugin 'Python'
May 24 16:47:10 dhcp-lab-222 abrtd: Registered Reporter plugin 'TicketUploader'
May 24 16:47:10 dhcp-lab-222 abrtd: Registered Action plugin 'FileTransfer'
May 24 16:47:10 dhcp-lab-222 abrtd: Checking for unsaved crashes (dirs to check:2)
May 24 16:47:10 dhcp-lab-222 abrtd: Registered Database plugin 'SQLite3'

newman@dhcp-lab-222 abrt $ May 24 16:47:10 dhcp-lab-222 abrtd: Getting local universal unique identification
May 24 16:47:10 dhcp-lab-222 abrtd: Non-processed crash in /var/spool/abrt/kerneloops-1274712145-1, saving into database
May 24 16:47:13 dhcp-lab-222 kernel: type=1400 audit(1274712433.267:5): avc:  denied  { read } for  pid=9834 comm="dmesg" path="pipe:[3619846]" dev=pipefs ino=3619846 scontext=unconfined_u:system_r:dmesg_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:abrt_t:s0-s0:c0.c1023 tclass=fifo_file
May 24 16:47:13 dhcp-lab-222 kernel: type=1400 audit(1274712433.267:6): avc:  denied  { write } for  pid=9834 comm="dmesg" path="pipe:[3619846]" dev=pipefs ino=3619846 scontext=unconfined_u:system_r:dmesg_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:abrt_t:s0-s0:c0.c1023 tclass=fifo_file
May 24 16:47:13 dhcp-lab-222 kernel: type=1400 audit(1274712433.267:7): avc:  denied  { read } for  pid=9834 comm="dmesg" path="inotify" dev=inotifyfs ino=1 scontext=unconfined_u:system_r:dmesg_t:s0-s0:c0.c1023 tcontext=system_u:object_r:inotifyfs_t:s0 tclass=dir
May 24 16:47:13 dhcp-lab-222 kernel: type=1400 audit(1274712433.267:8): avc:  denied  { write } for  pid=9834 comm="dmesg" path="/var/run/abrtd.lock" dev=dm-0 ino=524560 scontext=unconfined_u:system_r:dmesg_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:abrt_var_run_t:s0 tclass=file
May 24 16:47:13 dhcp-lab-222 kernel: type=1400 audit(1274712433.267:9): avc:  denied  { read } for  pid=9834 comm="dmesg" path="pipe:[3620192]" dev=pipefs ino=3620192 scontext=unconfined_u:system_r:dmesg_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:abrt_t:s0-s0:c0.c1023 tclass=fifo_file
May 24 16:47:26 dhcp-lab-222 abrtd: Getting local universal unique identification
May 24 16:47:26 dhcp-lab-222 abrtd: Crash is in database already (dup of /var/spool/abrt/kerneloops-1274712145-1)
May 24 16:47:26 dhcp-lab-222 abrtd: Done checking for unsaved crashes
May 24 16:47:26 dhcp-lab-222 abrtd: Init complete, entering main loop



Version-Release number of selected component (if applicable):

abrt-1.1.2-3.el6.x86_64
selinux-policy-3.7.19-20.el6.noarch
Comment 1 Michal Nowak 2010-05-24 11:18:02 EDT
newman@dhcp-lab-222 ~ $ ls -laZ /var/spool/abrt/
drwxr-xr-x. abrt abrt system_u:object_r:abrt_var_cache_t:s0 .
drwxr-xr-x. root root system_u:object_r:var_spool_t:s0 ..
drwxr-x---. abrt root unconfined_u:object_r:abrt_var_cache_t:s0 kerneloops-1274714193-1
-rw-r--r--. root root unconfined_u:object_r:abrt_var_cache_t:s0 abrt-db
Comment 2 Michal Nowak 2010-05-24 11:18:45 EDT
It also produces AVCs on simple:

    sudo dumpoops -d dump1.dump
Comment 3 Daniel Walsh 2010-05-24 12:17:37 EDT
Looks like abrt is leaking file descriptors to inotifyfs, abrt_var_run_t and its fifo_file.

Probably abrt executes sosreport which executes dmesg.


I will need to dontaudit the leak of the fifo file and abrt_var_run_t.

No reason for inotify though.
Comment 4 Daniel Walsh 2010-05-24 12:18:04 EDT
SELinux fixes are in selinux-policy-3.7.19-21.el6.noarch
Comment 5 Denys Vlasenko 2010-05-25 07:54:09 EDT
(In reply to comment #3)
> Looks like abrt is leaking file descriptors to inotifyfs, abrt_var_run_t and
> its fifo_file.
> 
> Probably abrt executes sosreport which executes dmesg.
> 
> I will need to dontaudit the leak of the fifo file and abrt_var_run_t.
> 
> No reason for inotify though.    

Inotify leak is plugged in git now, will be in abrt-1.1.4
Comment 6 Jiri Moskovcak 2010-05-26 12:01:12 EDT
fd leaks are fixed in abrt-1.1.4.el6
Comment 10 releng-rhel@redhat.com 2010-11-11 09:30:38 EST
Red Hat Enterprise Linux 6.0 is now available and should resolve
the problem described in this bug report. This report is therefore being closed
with a resolution of CURRENTRELEASE. You may reopen this bug report if the
solution does not work for you.

Note You need to log in before you can comment on or make changes to this bug.