Bug 691588 - SELinux is preventing /usr/sbin/abrtd "create" access on abrt.socket.
Summary: SELinux is preventing /usr/sbin/abrtd "create" access on abrt.socket.
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy
Version: 12
Hardware: x86_64
OS: Linux
unspecified
medium
Target Milestone: ---
Assignee: Miroslav Grepl
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard: setroubleshoot_trace_hash:49292c4f7b5...
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2011-03-28 22:00 UTC by Armel KARERWA
Modified: 2011-03-29 11:08 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2011-03-29 11:08:50 UTC
Type: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Armel KARERWA 2011-03-28 22:00:27 UTC 
Résumé:

SELinux is preventing /usr/sbin/abrtd "create" access on abrt.socket.

Description détaillée:

[abrtd has a permissive type (abrt_t). This access was not denied.]

SELinux denied access requested by abrtd. It is not expected that this access is
required by abrtd and this access may signal an intrusion attempt. It is also
possible that the specific version or configuration of the application is
causing it to require additional access.

Autoriser l'accès:

You can generate a local policy module to allow this access - see FAQ
(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Please file a bug
report.

Informations complémentaires:

Contexte source               unconfined_u:system_r:abrt_t:s0
Contexte cible                unconfined_u:object_r:abrt_var_run_t:s0
Objets du contexte            abrt.socket [ sock_file ]
source                        abrtd
Chemin de la source           /usr/sbin/abrtd
Port                          <Inconnu>
Hôte                         (removed)
Paquetages RPM source         abrt-1.1.13-1.fc12
Paquetages RPM cible          
Politique RPM                 selinux-policy-3.6.32-127.fc12
Selinux activé               True
Type de politique             targeted
MLS activé                   True
Mode strict                   Enforcing
Nom du plugin                 catchall
Nom de l'hôte                (removed)
Plateforme                    Linux (removed)
                              2.6.31.5-127.fc12.x86_64 #1 SMP Sat Nov 7 21:11:14
                              EST 2009 x86_64 x86_64
Compteur d'alertes            1
Première alerte              lun. 28 mars 2011 02:01:38 CAT
Dernière alerte              lun. 28 mars 2011 02:01:38 CAT
ID local                      a31e9d0e-15d2-47b1-8525-2f40eb201e4d
Numéros des lignes           

Messages d'audit bruts        

node=(removed) type=AVC msg=audit(1301270498.337:289): avc:  denied  { create } for  pid=7920 comm="abrtd" name="abrt.socket" scontext=unconfined_u:system_r:abrt_t:s0 tcontext=unconfined_u:object_r:abrt_var_run_t:s0 tclass=sock_file

node=(removed) type=SYSCALL msg=audit(1301270498.337:289): arch=c000003e syscall=49 success=yes exit=0 a0=8 a1=7fffb344df20 a2=6e a3=7fffb344dcb0 items=0 ppid=7919 pid=7920 auid=503 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=9 comm="abrtd" exe="/usr/sbin/abrtd" subj=unconfined_u:system_r:abrt_t:s0 key=(null)



Hash String generated from  selinux-policy-3.6.32-127.fc12,catchall,abrtd,abrt_t,abrt_var_run_t,sock_file,create
audit2allow suggests:

#============= abrt_t ==============
allow abrt_t abrt_var_run_t:sock_file create;
Comment 1 Armel KARERWA 2011-03-28 22:30:39 UTC 
I was running the update ofmy abrt service.
Comment 2 Miroslav Grepl 2011-03-29 11:08:50 UTC 
F12 is no longer supported. Please update to newer version of Fedora.

Anyways,
you can allow it using

# grep abrt /var/log/audit/audit.log | audit2allow -M myabrt
# semodule -i myabrt.pp
Note You need to log in before you can comment on or make changes to this bug.