Hide Forgot
SELinux is preventing /usr/bin/gdb from 'read' accesses on the file /usr/lib/debug/lib64/libselinux.so.1.debug. ***** Plugin file (36.8 confidence) suggests ******************************* If you think this is caused by a badly mislabeled machine. Then you need to fully relabel. Do touch /.autorelabel; reboot ***** Plugin file (36.8 confidence) suggests ******************************* If you think this is caused by a badly mislabeled machine. Then you need to fully relabel. Do touch /.autorelabel; reboot ***** Plugin catchall_labels (23.2 confidence) suggests ******************** If you want to allow gdb to have read access on the libselinux.so.1.debug file Then you need to change the label on /usr/lib/debug/lib64/libselinux.so.1.debug Do # semanage fcontext -a -t FILE_TYPE '/usr/lib/debug/lib64/libselinux.so.1.debug' where FILE_TYPE is one of the following: nsplugin_rw_t, system_dbusd_var_lib_t, policykit_auth_exec_t, abrt_t, bin_t, cert_t, tmp_t, usr_t, abrt_var_run_t, noxattrfs, prelink_exec_t, nsplugin_home_t, fusefs_t, locale_t, ld_so_t, nfs_t, proc_t, sysfs_t, sysctl_crypto_t, system_cronjob_var_lib_t, policykit_var_lib_t, abrt_exec_t, rpm_exec_t, abrt_t, lib_t, shell_exec_t, afs_cache_t, abrt_helper_exec_t, modules_object_t, sosreport_tmp_t, abrt_tmp_t, var_lib_t, dbusd_etc_t, ld_so_t, configfile, userdomain, domain, rpm_var_cache_t, abrt_var_cache_t, textrel_shlib_t, abrt_etc_t, fail2ban_var_lib_t, rpm_log_t, var_log_t, policykit_reload_t, mta_exec_type, rpm_script_tmp_t, abrt_var_log_t, rpm_var_lib_t, rpm_var_run_t, net_conf_t, user_cron_spool_t, etc_runtime_t, anon_inodefs_t, sysctl_kernel_t, httpd_modules_t, abrt_var_run_t, ld_so_cache_t, sosreport_exec_t, exec_type, root_t. Then execute: restorecon -v '/usr/lib/debug/lib64/libselinux.so.1.debug' ***** Plugin catchall (5.04 confidence) suggests *************************** If you believe that gdb should be allowed read access on the libselinux.so.1.debug file by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # grep gdb /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context system_u:system_r:abrt_t:s0-s0:c0.c1023 Target Context system_u:object_r:file_t:s0 Target Objects /usr/lib/debug/lib64/libselinux.so.1.debug [ file ] Source gdb Source Path /usr/bin/gdb Port <Unknown> Host (removed) Source RPM Packages elfutils-0.152-1.fc16 Target RPM Packages libselinux-debuginfo-2.0.101-1.fc16 Policy RPM selinux-policy-3.9.16-15.fc16 Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 2.6.39-0.rc2.git0.0.fc16.x86_64 #1 SMP Wed Apr 6 15:30:19 UTC 2011 x86_64 x86_64 Alert Count 25 First Seen Sat 16 Apr 2011 10:36:27 AM CLST Last Seen Sat 16 Apr 2011 01:01:04 PM CLST Local ID b9bcca8d-f338-4728-a46e-135261748841 Raw Audit Messages type=AVC msg=audit(1302969664.280:113): avc: denied { read } for pid=7783 comm="eu-unstrip" name="libselinux.so.1.debug" dev=dm-2 ino=3946542 scontext=system_u:system_r:abrt_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file type=SYSCALL msg=audit(1302969664.280:113): arch=x86_64 syscall=open success=no exit=EACCES a0=b102f0 a1=0 a2=0 a3=2e78756e696c6573 items=0 ppid=770 pid=7783 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=eu-unstrip exe=/usr/bin/eu-unstrip subj=system_u:system_r:abrt_t:s0-s0:c0.c1023 key=(null) Hash: gdb,abrt_t,file_t,file,read audit2allow #============= abrt_t ============== allow abrt_t file_t:file read; audit2allow -R #============= abrt_t ============== allow abrt_t file_t:file read;
restorecon -R -v /var/lib/debug And please yum -y update.