Sumário: O SELinux está impedindo o acesso a /usr/sbin/abrtd "create" on ccpp-1275582533-5395.lock Descrição detalhada: [SElinux está em modo permissivo. Esse acesso não foi negado.] O SELinux impediu o acesso requisitado pelo abrtd. Não é comum que este acesso seja requisitado pelo abrtd e isto pode indicar uma tentativa de intrusão. Também é possível que a versão ou configuração específicas do aplicativo estejam fazendo com que o mesmo requisite o acesso adicio Permitindo acesso: Você pode gerar um módulo de política local para permitir este acesso - veja o FAQ (http://docs.fedoraproject.org/selinux-faq-fc5/#id2961385) Por favor, registre um relatório de erro. Informações adicionais: Contexto de origem system_u:system_r:abrt_t:s0 Contexto de destino system_u:object_r:var_spool_t:s0 Objetos de destino ccpp-1275582533-5395.lock [ lnk_file ] Origem abrtd Caminho da origem /usr/sbin/abrtd Porta <Desconhecido> Máquina (removido) Pacotes RPM de origem abrt-1.1.4-1.fc14 Pacotes RPM de destino RPM da política selinux-policy-3.8.1-4.fc14 Selinux habilitado True Tipo de política targeted Modo reforçado Permissive Nome do plugin catchall Nome da máquina (removido) Plataforma Linux (removido) 2.6.32.11-99.fc12.x86_64 #1 SMP Mon Apr 5 19:59:38 UTC 2010 x86_64 x86_64 Contador de alertas 4 Visto pela primeira vez em Qui 03 Jun 2010 11:44:59 BRT Visto pela última vez em Qui 03 Jun 2010 13:28:54 BRT ID local d7be8372-e674-4eeb-9114-29198488a289 Números de linha Mensagens de auditoria não p node=(removido) type=AVC msg=audit(1275582534.265:265): avc: denied { create } for pid=1738 comm="abrtd" name="ccpp-1275582533-5395.lock" scontext=system_u:system_r:abrt_t:s0 tcontext=system_u:object_r:var_spool_t:s0 tclass=lnk_file node=(removido) type=SYSCALL msg=audit(1275582534.265:265): arch=c000003e syscall=88 success=yes exit=0 a0=7fff634354b0 a1=1682b38 a2=7fff634354b4 a3=2d33333532383535 items=0 ppid=1 pid=1738 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="abrtd" exe="/usr/sbin/abrtd" subj=system_u:system_r:abrt_t:s0 key=(null) Hash String generated from catchall,abrtd,abrt_t,var_spool_t,lnk_file,create audit2allow suggests: #============= abrt_t ============== allow abrt_t var_spool_t:lnk_file create;
*** This bug has been marked as a duplicate of bug 600123 ***
Summary: SELinux is preventing /usr/sbin/abrtd "create" access on ccpp-1286825684-2561.lock. Detailed Description: SELinux denied access requested by abrtd. It is not expected that this access is required by abrtd and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Allowing Access: You can generate a local policy module to allow this access - see FAQ (http://docs.fedoraproject.org/selinux-faq-fc5/#id2961385) Please file a bug report. Additional Information: Source Context system_u:system_r:abrt_t:s0-s0:c0.c1023 Target Context system_u:object_r:var_spool_t:s0 Target Objects ccpp-1286825684-2561.lock [ lnk_file ] Source abrtd Source Path /usr/sbin/abrtd Port <Unknown> Host (removed) Source RPM Packages abrt-1.1.13-2.fc13 Target RPM Packages Policy RPM selinux-policy-3.7.19-62.fc13 Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Plugin Name catchall Host Name (removed) Platform Linux fedora.local 2.6.34.7-56.fc13.x86_64 #1 SMP Wed Sep 15 03:36:55 UTC 2010 x86_64 x86_64 Alert Count 1 First Seen Tue 12 Oct 2010 08:51:44 AM EDT Last Seen Tue 12 Oct 2010 08:51:44 AM EDT Local ID f2bd74f8-160b-47af-a1c5-250ad0f7c180 Line Numbers Raw Audit Messages node=fedora.local type=AVC msg=audit(1286887904.70:10): avc: denied { create } for pid=1760 comm="abrtd" name="ccpp-1286825684-2561.lock" scontext=system_u:system_r:abrt_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_spool_t:s0 tclass=lnk_file node=fedora.local type=SYSCALL msg=audit(1286887904.70:10): arch=c000003e syscall=88 success=no exit=-13 a0=7fff81593730 a1=1659398 a2=7fff81593734 a3=2d34383635323836 items=0 ppid=1 pid=1760 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="abrtd" exe="/usr/sbin/abrtd" subj=system_u:system_r:abrt_t:s0-s0:c0.c1023 key=(null) ================================================================================The same "bug" also shows on my Fedora 13 i386 version.. Hope for a fix soon! thanks!
restorecon -R -v /var/spool Shoulf fix.
Sommario: SELinux impedisce l'accesso /usr/sbin/abrtd "create" on ccpp-1284407817-2801.lock. Descrizione dettagliata: SELinux ha negato l'accesso richiesto da abrtd. Non è previsto che questo accesso venga richiesto da abrtd, e tale accesso può segnalare un tentativo di intrusione. È anche possibile che questo sia provocato dalla specifica versione o dalla configurazione dell'applicazione per richiedere un ulteriore accesso. Abilitazione accesso in corso: E' possibile generare un modulo di politica locale per consentire questo accesso - consultare le FAQ (http://docs.fedoraproject.org/selinux-faq-fc5/#id2961385) Inviare un bug report. Informazioni aggiuntive: Contesto della sorgente system_u:system_r:abrt_t:s0-s0:c0.c1023 Contesto target system_u:object_r:var_spool_t:s0 Oggetti target ccpp-1284407817-2801.lock [ lnk_file ] Sorgente abrtd Percorso della sorgente /usr/sbin/abrtd Porta <Sconosciuto> Host (rimosso) Sorgente Pacchetti RPM abrt-1.1.13-2.fc13 Pacchetti RPM target RPM della policy selinux-policy-3.7.19-65.fc13 Selinux abilitato True Tipo di policy targeted Modalità Enforcing Enforcing Nome plugin catchall Host Name (rimosso) Piattaforma Linux (rimosso) 2.6.34.7-61.fc13.i686.PAE #1 SMP Tue Oct 19 04:24:06 UTC 2010 i686 i686 Conteggio avvisi 2 Primo visto sab 23 ott 2010 16:04:09 CEST Ultimo visto lun 25 ott 2010 08:54:15 CEST ID locale e72274e3-e7ab-4ec7-ac14-1cccb93b8bd5 Numeri di linea Messaggi Raw Audit node=(rimosso) type=AVC msg=audit(1287989655.930:10): avc: denied { create } for pid=1364 comm="abrtd" name="ccpp-1284407817-2801.lock" scontext=system_u:system_r:abrt_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_spool_t:s0 tclass=lnk_file node=(rimosso) type=SYSCALL msg=audit(1287989655.930:10): arch=40000003 syscall=83 success=no exit=-13 a0=bfee0ebe a1=9ad8564 a2=7a12458 a3=bfee0eae items=0 ppid=1 pid=1364 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="abrtd" exe="/usr/sbin/abrtd" subj=system_u:system_r:abrt_t:s0-s0:c0.c1023 key=(null)
(In reply to comment #3) > restorecon -R -v /var/spool > > Shoulf fix. Mr. Walsh, I ran this as root and I still get the SElinux warning. Running F13. Showed up after adding packages(media players, Firefox plugin's, and nvidia driver) via yum.
oops forgot the report Summary: SELinux is preventing /usr/sbin/abrtd "create" access on ccpp-1288137080-10771.lock. Detailed Description: SELinux denied access requested by abrtd. It is not expected that this access is required by abrtd and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Allowing Access: You can generate a local policy module to allow this access - see FAQ (http://docs.fedoraproject.org/selinux-faq-fc5/#id2961385) Please file a bug report. Additional Information: Source Context system_u:system_r:abrt_t:s0-s0:c0.c1023 Target Context system_u:object_r:var_spool_t:s0 Target Objects ccpp-1288137080-10771.lock [ lnk_file ] Source abrtd Source Path /usr/sbin/abrtd Port <Unknown> Host (removed) Source RPM Packages abrt-1.1.13-2.fc13 Target RPM Packages Policy RPM selinux-policy-3.7.19-65.fc13 Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Plugin Name catchall Host Name (removed) Platform Linux eric 2.6.34.7-61.fc13.i686.PAE #1 SMP Tue Oct 19 04:24:06 UTC 2010 i686 i686 Alert Count 1 First Seen Wed 27 Oct 2010 06:33:50 AM EDT Last Seen Wed 27 Oct 2010 06:33:50 AM EDT Local ID f02c5680-bbeb-45fb-9715-cbe2abd40747 Line Numbers Raw Audit Messages node=eric type=AVC msg=audit(1288175630.115:12): avc: denied { create } for pid=1802 comm="abrtd" name="ccpp-1288137080-10771.lock" scontext=system_u:system_r:abrt_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_spool_t:s0 tclass=lnk_file node=eric type=SYSCALL msg=audit(1288175630.115:12): arch=40000003 syscall=83 success=no exit=-13 a0=bfbcb20e a1=957c29c a2=9ad458 a3=bfbcb1fe items=0 ppid=1 pid=1802 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="abrtd" exe="/usr/sbin/abrtd" subj=system_u:system_r:abrt_t:s0-s0:c0.c1023 key=(null)
# ls -ldZ /var/spool/abrt drwxr-xr-x. abrt abrt system_u:object_r:abrt_var_cache_t:s0 /var/spool/abrt # matchpathcon /var/spool/abrt
Result of # matchpathcon /var/spool/abrt /var/spool/abrt system_u:object_r:abrt_var_cache_t:s0
Solved thanks
I executed: # restorecon -R -v /var/spool But after rebooting, same alert is generated.
Are you updated to the latest policy yum -y update What does the following commands output. # ls -ldZ /var/spool/abrt drwxr-xr-x. abrt abrt system_u:object_r:abrt_var_cache_t:s0 /var/spool/abrt # matchpathcon /var/spool/abrt
Yes, system is updated. # ls -ldZ /var/spool/abrt drwxr-xr-x. abrt abrt system_u:object_r:abrt_var_cache_t:s0 /var/spool/abrt # matchpathcon /var/spool/abrt /var/spool/abrt system_u:object_r:abrt_var_cache_t:s0
Summary: SELinux is preventing /sbin/setfiles access to a leaked /tmp/tmp0J0gBt file descriptor. Detailed Description: [restorecon has a permissive type (setfiles_t). This access was not denied.] SELinux denied access requested by the restorecon command. It looks like this is either a leaked descriptor or restorecon output was redirected to a file it is not allowed to access. Leaks usually can be ignored since SELinux is just closing the leak and reporting the error. The application does not use the descriptor, so it will run properly. If this is a redirection, you will not get output in the /tmp/tmp0J0gBt. You should generate a bugzilla on selinux-policy, and it will get routed to the appropriate package. You can safely ignore this avc. Allowing Access: You can generate a local policy module to allow this access - see FAQ (http://docs.fedoraproject.org/selinux-faq-fc5/#id2961385) Additional Information: Source Context system_u:system_r:setfiles_t:s0-s0:c0.c1023 Target Context system_u:object_r:initrc_tmp_t:s0 Target Objects /tmp/tmp0J0gBt [ file ] Source restorecon Source Path /sbin/setfiles Port <Unknown> Host (removed) Source RPM Packages policycoreutils-2.0.83-31.fc13 Target RPM Packages Policy RPM selinux-policy-3.7.19-65.fc13 Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Plugin Name leaks Host Name (removed) Platform Linux wolf.home 2.6.34.7-61.fc13.x86_64 #1 SMP Tue Oct 19 04:06:30 UTC 2010 x86_64 x86_64 Alert Count 19 First Seen Thu 21 Oct 2010 07:45:07 AM CEST Last Seen Sat 30 Oct 2010 04:32:26 PM CEST Local ID 7634dc07-c553-4c8c-8025-b3f870a87e5f Line Numbers Raw Audit Messages node=wolf.home type=AVC msg=audit(1288449146.272:28): avc: denied { read append } for pid=6139 comm="restorecon" path="/tmp/tmp0J0gBt" dev=dm-0 ino=2490457 scontext=system_u:system_r:setfiles_t:s0-s0:c0.c1023 tcontext=system_u:object_r:initrc_tmp_t:s0 tclass=file node=wolf.home type=AVC msg=audit(1288449146.272:28): avc: denied { read append } for pid=6139 comm="restorecon" path="/tmp/tmp0J0gBt" dev=dm-0 ino=2490457 scontext=system_u:system_r:setfiles_t:s0-s0:c0.c1023 tcontext=system_u:object_r:initrc_tmp_t:s0 tclass=file node=wolf.home type=SYSCALL msg=audit(1288449146.272:28): arch=c000003e syscall=59 success=yes exit=0 a0=1929690 a1=192a150 a2=1927d40 a3=20 items=0 ppid=6068 pid=6139 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="restorecon" exe="/sbin/setfiles" subj=system_u:system_r:setfiles_t:s0-s0:c0.c1023 key=(null) Same thing here, running fedora13. latest complain is about restorecon...
This is a different bug. Probably caused by packagekitd not labeled correctly. restorecon -R -v /usr/libexec
I give same alert whenever after starting system. selinux policy is updated. Executing "restore -R -v /var/spool" doesn't solve problem. Summary: SELinux is preventing /usr/sbin/abrtd "create" access on ccpp-1283665839-2306.lock. Detailed Description: SELinux denied access requested by abrtd. It is not expected that this access is required by abrtd and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Allowing Access: You can generate a local policy module to allow this access - see FAQ (http://docs.fedoraproject.org/selinux-faq-fc5/#id2961385) Please file a bug report. Additional Information: Source Context system_u:system_r:abrt_t:s0-s0:c0.c1023 Target Context system_u:object_r:var_spool_t:s0 Target Objects ccpp-1283665839-2306.lock [ lnk_file ] Source abrtd Source Path /usr/sbin/abrtd Port <Unknown> Host (removed) Source RPM Packages abrt-1.1.13-2.fc13 Target RPM Packages Policy RPM selinux-policy-3.7.19-65.fc13 Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Plugin Name catchall Host Name (removed) Platform Linux Mijax 2.6.34.7-61.fc13.x86_64 #1 SMP Tue Oct 19 04:06:30 UTC 2010 x86_64 x86_64 Alert Count 3 First Seen Tue 26 Oct 2010 04:52:25 PM IRST Last Seen Thu 28 Oct 2010 08:54:53 AM IRST Local ID da965bbe-94ad-4f03-a28e-0f93403a96e9 Line Numbers Raw Audit Messages node=Mijax type=AVC msg=audit(1288243493.311:6): avc: denied { create } for pid=1485 comm="abrtd" name="ccpp-1283665839-2306.lock" scontext=system_u:system_r:abrt_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_spool_t:s0 tclass=lnk_file node=Mijax type=SYSCALL msg=audit(1288243493.311:6): arch=c000003e syscall=88 success=no exit=-13 a0=7fffa9707970 a1=15ee278 a2=7fffa9707974 a3=2d39333835363633 items=0 ppid=1 pid=1485 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="abrtd" exe="/usr/sbin/abrtd" subj=system_u:system_r:abrt_t:s0-s0:c0.c1023 key=(null)
What is the label of /var/spool/abrt ls -lZd /var/spool/abrt drwxr-xr-x. abrt abrt system_u:object_r:abrt_var_cache_t:s0 /var/spool/abrt If that label is correct (abrt_var_cache_t) then abrt is attempting to create the lnk file in a different directory. If it is not correct then something went wrong when you installed your policy yum reinstall selinux-policy-targeted And see if anything blows up.
The label of /var/spool/abrt was correct. Is your intention of "abrt is attempting to create the lnk file in a different directory" i ignore this alert?
That is the only reason it would generate that AVC. Are there any directories under /var/spool/abrt labeled var_spool_t? restorecon -R -v /var/spool/abrt
In the afternoon of 4th Nov, i updated my system and got updates for policycoreutils and policycoreutils-python. At now, alert doesn't generate. Thank you anyway.
Created attachment 463289 [details] This happens whenever I try running googleearth on my a31p f13 I just downloaded google earth, had a kernel crash loading it, and then this.
Did you run the restorecon command?