Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.
Bug 613489 - O SELinux está impedindo o acesso a /usr/bin/eu-unstrip "read" on /etc/httpd/modules
O SELinux está impedindo o acesso a /usr/bin/eu-unstrip "read" on /etc/h...
Status: CLOSED WONTFIX
Product: Fedora
Classification: Fedora
Component: selinux-policy (Show other bugs)
13
x86_64 Linux
low Severity medium
: ---
: ---
Assigned To: Miroslav Grepl
Fedora Extras Quality Assurance
setroubleshoot_trace_hash:d3683cff69a...
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2010-07-11 21:29 EDT by Bruno Felipe Arndt
Modified: 2011-06-29 09:40 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2011-06-29 09:40:45 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Bruno Felipe Arndt 2010-07-11 21:29:31 EDT
Sumário:

O SELinux está impedindo o acesso a /usr/bin/eu-unstrip "read" on
/etc/httpd/modules

Descrição detalhada:

O SELinux impediu o acesso requisitado pelo eu-unstrip. Não é comum que este
acesso seja requisitado pelo eu-unstrip e isto pode indicar uma tentativa de
intrusão. Também é possível que a versão ou configuração específicas do
aplicativo estejam fazendo com que o mesmo requisite o acesso adicio

Permitindo acesso:

Você pode gerar um módulo de política local para permitir este acesso - veja
o FAQ (http://docs.fedoraproject.org/selinux-faq-fc5/#id2961385) Por favor,
registre um relatório de erro.

Informações adicionais:

Contexto de origem            system_u:system_r:abrt_t:s0-s0:c0.c1023
Contexto de destino           system_u:object_r:httpd_modules_t:s0
Objetos de destino            /etc/httpd/modules [ lnk_file ]
Origem                        eu-unstrip
Caminho da origem             /usr/bin/eu-unstrip
Porta                         <Desconhecido>
Máquina                      (removido)
Pacotes RPM de origem         elfutils-0.148-1.fc13
Pacotes RPM de destino        httpd-2.2.15-1.fc13
RPM da política              selinux-policy-3.7.19-33.fc13
Selinux habilitado            True
Tipo de política             targeted
Modo reforçado               Enforcing
Nome do plugin                catchall
Nome da máquina              (removido)
Plataforma                    Linux (removido) 2.6.33.6-147.fc13.x86_64 #1
                              SMP Tue Jul 6 22:32:17 UTC 2010 x86_64 x86_64
Contador de alertas           53
Visto pela primeira vez em    Dom 11 Jul 2010 22:20:17 BRT
Visto pela última vez em     Dom 11 Jul 2010 22:20:17 BRT
ID local                      84067fd2-62e6-4163-b730-af62aeb6d98a
Números de linha             

Mensagens de auditoria não p 

node=(removido) type=AVC msg=audit(1278897617.959:21464): avc:  denied  { read } for  pid=3110 comm="eu-unstrip" name="modules" dev=sda3 ino=1575097 scontext=system_u:system_r:abrt_t:s0-s0:c0.c1023 tcontext=system_u:object_r:httpd_modules_t:s0 tclass=lnk_file

node=(removido) type=SYSCALL msg=audit(1278897617.959:21464): arch=c000003e syscall=2 success=no exit=-13 a0=9240e0 a1=0 a2=0 a3=6132626330626435 items=0 ppid=1436 pid=3110 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="eu-unstrip" exe="/usr/bin/eu-unstrip" subj=system_u:system_r:abrt_t:s0-s0:c0.c1023 key=(null)



Hash String generated from  catchall,eu-unstrip,abrt_t,httpd_modules_t,lnk_file,read
audit2allow suggests:

#============= abrt_t ==============
allow abrt_t httpd_modules_t:lnk_file read;
Comment 1 Daniel Walsh 2010-07-12 17:27:37 EDT
Miroslav add

files_dontaudit_read_all_symlinks(abrt_t)
Comment 2 Miroslav Grepl 2010-07-13 03:52:13 EDT
Fixed in selinux-policy-3.7.19-36.fc13.
Comment 3 Fedora Update System 2010-07-14 10:25:49 EDT
selinux-policy-3.7.19-37.fc13 has been submitted as an update for Fedora 13.
http://admin.fedoraproject.org/updates/selinux-policy-3.7.19-37.fc13
Comment 4 Fedora Update System 2010-07-14 19:07:41 EDT
selinux-policy-3.7.19-37.fc13 has been pushed to the Fedora 13 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update selinux-policy'.  You can provide feedback for this update here: http://admin.fedoraproject.org/updates/selinux-policy-3.7.19-37.fc13
Comment 5 Fedora Admin XMLRPC Client 2010-11-08 16:52:03 EST
This package has changed ownership in the Fedora Package Database.  Reassigning to the new owner of this component.
Comment 6 Fedora Admin XMLRPC Client 2010-11-08 16:53:25 EST
This package has changed ownership in the Fedora Package Database.  Reassigning to the new owner of this component.
Comment 7 Fedora Admin XMLRPC Client 2010-11-08 16:56:02 EST
This package has changed ownership in the Fedora Package Database.  Reassigning to the new owner of this component.
Comment 8 Bug Zapper 2011-06-01 10:11:24 EDT
This message is a reminder that Fedora 13 is nearing its end of life.
Approximately 30 (thirty) days from now Fedora will stop maintaining
and issuing updates for Fedora 13.  It is Fedora's policy to close all
bug reports from releases that are no longer maintained.  At that time
this bug will be closed as WONTFIX if it remains open with a Fedora 
'version' of '13'.

Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained version, simply change the 'version' 
to a later Fedora version prior to Fedora 13's end of life.

Bug Reporter: Thank you for reporting this issue and we are sorry that 
we may not be able to fix it before Fedora 13 is end of life.  If you 
would still like to see this bug fixed and are able to reproduce it 
against a later version of Fedora please change the 'version' of this 
bug to the applicable version.  If you are unable to change the version, 
please add a comment here and someone will do it for you.

Although we aim to fix as many bugs as possible during every release's 
lifetime, sometimes those efforts are overtaken by events.  Often a 
more recent Fedora release includes newer upstream software that fixes 
bugs or makes them obsolete.

The process we are following is described here: 
http://fedoraproject.org/wiki/BugZappers/HouseKeeping
Comment 9 Bug Zapper 2011-06-29 09:40:45 EDT
Fedora 13 changed to end-of-life (EOL) status on 2011-06-25. Fedora 13 is 
no longer maintained, which means that it will not receive any further 
security or bug fix updates. As a result we are closing this bug.

If you can reproduce this bug against a currently maintained version of 
Fedora please feel free to reopen this bug against that version.

Thank you for reporting this bug and we are sorry it could not be fixed.

Note You need to log in before you can comment on or make changes to this bug.