Bug 638172 - user runs as abrt_helper_t, SELinux is preventing /bin/bash "execute" access on /bin/bash.
Summary: user runs as abrt_helper_t, SELinux is preventing /bin/bash "execute" access ...
Keywords:
Status: CLOSED DUPLICATE of bug 638150
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy
Version: 14
Hardware: i386
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Daniel Walsh
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard: setroubleshoot_trace_hash:b0f59ed5f79...
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2010-09-28 12:45 UTC by Mads Kiilerich
Modified: 2010-09-28 15:50 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2010-09-28 15:50:54 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)
ps -fZed output, showing lots of abrt_helper_t (16.60 KB, text/plain)
2010-09-28 12:55 UTC, Mads Kiilerich 		no flags Details
View All

Description Mads Kiilerich 2010-09-28 12:45:51 UTC 
Summary:

SELinux is preventing /bin/bash "execute" access on /bin/bash.

Detailed Description:

[SELinux is in permissive mode. This access was not denied.]

SELinux denied access requested by sh. It is not expected that this access is
required by sh and this access may signal an intrusion attempt. It is also
possible that the specific version or configuration of the application is
causing it to require additional access.

Allowing Access:

You can generate a (removed) policy module to allow this access - see FAQ
(http://docs.fedoraproject.org/selinux-faq-fc5/#id2961385) Please file a bug
report.

Additional Information:

Source Context                unconfined_u:system_r:abrt_helper_t:s0-s0:c0.c1023
Target Context                system_u:object_r:shell_exec_t:s0
Target Objects                /bin/bash [ file ]
Source                        sh
Source Path                   /bin/bash
Port                          <Unknown>
Host                          (removed)
Source RPM Packages           bash-4.1.7-3.fc14
Target RPM Packages           bash-4.1.7-3.fc14
Policy RPM                    selinux-policy-3.9.5-7.fc14
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Permissive
Plugin Name                   catchall
Host Name                     (removed)
Platform                      Linux (removed) 2.6.35.4-28.fc14.i686.PAE #1 SMP Wed
                              Sep 15 01:57:00 UTC 2010 i686 i686
Alert Count                   3
First Seen                    Tue 28 Sep 2010 02:42:38 PM CEST
Last Seen                     Tue 28 Sep 2010 02:42:38 PM CEST
Local ID                      777bc8a0-9e9b-4c1f-8fa9-5bf4339ca6fc
Line Numbers                  

Raw Audit Messages            

node=(removed) type=AVC msg=audit(1285677758.364:30): avc:  denied  { execute } for  pid=2088 comm="xrdb" name="bash" dev=dm-0 ino=475727 scontext=unconfined_u:system_r:abrt_helper_t:s0-s0:c0.c1023 tcontext=system_u:object_r:shell_exec_t:s0 tclass=file

node=(removed) type=AVC msg=audit(1285677758.364:30): avc:  denied  { open } for  pid=2088 comm="xrdb" name="bash" dev=dm-0 ino=475727 scontext=unconfined_u:system_r:abrt_helper_t:s0-s0:c0.c1023 tcontext=system_u:object_r:shell_exec_t:s0 tclass=file

node=(removed) type=AVC msg=audit(1285677758.364:30): avc:  denied  { execute_no_trans } for  pid=2088 comm="xrdb" path="/bin/bash" dev=dm-0 ino=475727 scontext=unconfined_u:system_r:abrt_helper_t:s0-s0:c0.c1023 tcontext=system_u:object_r:shell_exec_t:s0 tclass=file

node=(removed) type=SYSCALL msg=audit(1285677758.364:30): arch=40000003 syscall=11 success=yes exit=0 a0=25eee4 a1=bfd8d770 a2=bfd90f08 a3=3 items=0 ppid=2087 pid=2088 auid=502 uid=502 gid=502 euid=502 suid=502 fsuid=502 egid=502 sgid=502 fsgid=502 tty=(none) ses=1 comm="sh" exe="/bin/bash" subj=unconfined_u:system_r:abrt_helper_t:s0-s0:c0.c1023 key=(null)



Hash String generated from  catchall,sh,abrt_helper_t,shell_exec_t,file,execute
audit2allow suggests:

#============= abrt_helper_t ==============
allow abrt_helper_t shell_exec_t:file { execute open execute_no_trans };
Comment 1 Mads Kiilerich 2010-09-28 12:55:03 UTC 
Created attachment 450180 [details]
ps -fZed output, showing lots of abrt_helper_t

After upgrading to f14 I get this and 60 other errors (quickly increasing to 100+) occurs when logging in in Gnome for the first time on a newly created user.

This looks like a candidate for a basic problem, but now I see that xrdb is involved.

And hey, everything runs as abrt_helper_t ?

I recently uninstalled everything abrt and just installed it again.
Comment 2 Daniel Walsh 2010-09-28 14:18:35 UTC 
I would say you have a labeling problem.

touch /.autorelabel; reboot

Should fix it.

Reopen if this does not fix the problem.
Comment 3 Mads Kiilerich 2010-09-28 14:27:31 UTC 
I agree that it looks like a labelling problem, but I had already done both a autorelabel-on-boot and fixfiles relabel. In both cases I got the git-shell messages from bug 638150.

I assume that it is more likely some bad content in the SE database, but I don't know where to look. AFAIK I haven't touched the SE database manually on this machine, so I assume would expect that whatever is in there should be handled correctly when updating.
Comment 4 Daniel Walsh 2010-09-28 14:32:24 UTC 
ps -eZ | grep init
ps -eZ | grep sshd
Comment 5 Mads Kiilerich 2010-09-28 14:52:39 UTC 
system_u:system_r:kernel_t:s0       1 ?        00:00:02 init
system_u:system_r:kernel_t:s0    1708 ?        00:00:00 sshd

(I assume that the ps -fZed output showed the same.)
Comment 6 Daniel Walsh 2010-09-28 15:01:53 UTC 
Did you see any error message about failure to load policy?

ls -lZ /sbin/upstart
-rwxr-xr-x. root root system_u:object_r:init_exec_t:s0 /sbin/upstart

Does 

yum reinstall selinux-policy-targeted 

complete successfully?
Comment 7 Mads Kiilerich 2010-09-28 15:50:54 UTC 
caused by incorrectly installed selinux-policy-targeted

*** This bug has been marked as a duplicate of bug 638150 ***
Note You need to log in before you can comment on or make changes to this bug.