RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 739862 - SELinux is preventing /usr/sbin/abrtd from 'setattr' accesses on the directory abrt.
Summary: SELinux is preventing /usr/sbin/abrtd from 'setattr' accesses on the director...
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: selinux-policy
Version: 6.1
Hardware: x86_64
OS: Unspecified
unspecified
unspecified
Target Milestone: rc
: ---
Assignee: Miroslav Grepl
QA Contact: BaseOS QE Security Team
URL:
Whiteboard: abrt_hash:5e0b226f0685c07966df6192adb...
Depends On:
Blocks: 671354
TreeView+ depends on / blocked
 
Reported: 2011-09-20 08:49 UTC by Michal Nowak
Modified: 2013-03-08 02:12 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2011-09-20 10:32:46 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)

Description Michal Nowak 2011-09-20 08:49:17 UTC
abrt version: 2.0.5
executable:     /usr/bin/python
hashmarkername: setroubleshoot
kernel:         2.6.32-198.el6.x86_64
reason:         SELinux is preventing /usr/sbin/abrtd from 'setattr' accesses on the directory abrt.
time:           Tue Sep 20 10:48:59 2011

description:
:SELinux is preventing /usr/sbin/abrtd from 'setattr' accesses on the directory abrt.
:
:*****  Plugin catchall (100. confidence) suggests  ***************************
:
:If you believe that abrtd should be allowed setattr access on the abrt directory by default.
:Then you should report this as a bug.
:You can generate a local policy module to allow this access.
:Do
:allow this access for now by executing:
:# grep abrtd /var/log/audit/audit.log | audit2allow -M mypol
:# semodule -i mypol.pp
:
:Additional Information:
:Source Context                unconfined_u:system_r:abrt_t:s0-s0:c0.c1023
:Target Context                unconfined_u:object_r:user_tmp_t:s0
:Target Objects                abrt [ dir ]
:Source                        abrtd
:Source Path                   /usr/sbin/abrtd
:Port                          <Unknown>
:Host                          (removed)
:Source RPM Packages           abrt-2.0.4-10.el6
:Target RPM Packages           
:Policy RPM                    selinux-policy-3.7.19-110.el6
:Selinux Enabled               True
:Policy Type                   targeted
:Enforcing Mode                Enforcing
:Host Name                     (removed)
:Platform                      Linux (removed)
:                              2.6.32-198.el6.x86_64 #1 SMP Thu Sep 15 23:40:38
:                              EDT 2011 x86_64 x86_64
:Alert Count                   1
:First Seen                    Tue 20 Sep 2011 10:48:44 AM CEST
:Last Seen                     Tue 20 Sep 2011 10:48:44 AM CEST
:Local ID                      e5301bbc-2bc9-4325-be4c-74a49545963a
:
:Raw Audit Messages
:type=AVC msg=audit(1316508524.356:1871): avc:  denied  { setattr } for  pid=23982 comm="abrtd" name="abrt" dev=dm-0 ino=89965 scontext=unconfined_u:system_r:abrt_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_tmp_t:s0 tclass=dir
:
:
:type=SYSCALL msg=audit(1316508524.356:1871): arch=x86_64 syscall=chown success=no exit=EACCES a0=11452c0 a1=ad a2=ad a3=7fffcca3ff20 items=0 ppid=23981 pid=23982 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm=abrtd exe=/usr/sbin/abrtd subj=unconfined_u:system_r:abrt_t:s0-s0:c0.c1023 key=(null)
:
:Hash: abrtd,abrt_t,user_tmp_t,dir,setattr
:
:audit2allow
:
:#============= abrt_t ==============
:allow abrt_t user_tmp_t:dir setattr;
:
:audit2allow -R
:
:#============= abrt_t ==============
:allow abrt_t user_tmp_t:dir setattr;
:

Comment 1 Michal Nowak 2011-09-20 08:51:12 UTC
I got this by setting 

  DumpLocation = /tmp/abrt

in abrt.conf and then restarted `abrt-ccpp' & `abrtd' services, AVC happened on the latter one.

Comment 3 Michal Nowak 2011-09-20 08:54:09 UTC
[newman@dhcp-25-35 ~]$ sudo service abrt-ccpp restart
[newman@dhcp-25-35 ~]$ sudo service abrtd restart
Stopping abrt daemon:                                      [  OK  ]
Starting abrt daemon: abrtd: Failed to start: got sig 17
                                                           [FAILED]

Comment 4 Michal Nowak 2011-09-20 10:32:10 UTC
Withdrawing. Was my fault. I should let abrt to create the DUMP_DIR on it's own not to create it by hand.


Note You need to log in before you can comment on or make changes to this bug.