Bug 750465 - SELinux is preventing /usr/bin/python from create access on the lnk_file S13rpcbind.
Summary: SELinux is preventing /usr/bin/python from create access on the lnk_file S13r...
Keywords:
Status: CLOSED DUPLICATE of bug 748338
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: selinux-policy
Version: 6.2
Hardware: All
OS: Linux
unspecified
unspecified
Target Milestone: rc
: ---
Assignee: Miroslav Grepl
QA Contact: BaseOS QE Security Team
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2011-11-01 08:55 UTC by Matěj Cepl
Modified: 2011-11-07 08:08 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2011-11-01 11:21:03 UTC
Target Upstream Version:

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Matěj Cepl 2011-11-01 08:55:50 UTC 
There are many AVC denials dealing with sosreport run inside of abrt. This is one example. Complete /var/log/audit/audit.log is attached as well.

SELinux is preventing /usr/bin/python from create access on the lnk_file S13rpcbind.

*****  Plugin catchall (100. confidence) suggests  ***************************

If you believe that python should be allowed create access on the S13rpcbind lnk_file by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# grep sosreport /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp

Additional Information:
Kontext zdroje                system_u:system_r:sosreport_t:s0-s0:c0.c1023
Kontext cíle                  system_u:object_r:abrt_var_cache_t:s0
Objekty cíle                  S13rpcbind [ lnk_file ]
Zdroj                         sosreport
Cesta zdroje                  /usr/bin/python
Port                          <Neznámé>
Počítač                       mitmanek.ceplovi.cz
RPM balíčky zdroje            
RPM balíčky cíle              
RPM politiky                  selinux-policy-3.7.19-120.el6
Selinux povolen               True
Typ politiky                  targeted
Vynucovací režim              Enforcing
Název počítače                mitmanek.ceplovi.cz
Platforma                     Linux mitmanek.ceplovi.cz 2.6.32-214.el6.x86_64 #1
                              SMP Tue Oct 25 19:48:00 EDT 2011 x86_64 x86_64
Počet upozornění              906
Poprvé viděno                 Po 31. říjen 2011, 19:25:48 CET
Naposledy viděno              Po 31. říjen 2011, 21:02:58 CET
Místní ID                     f2200e26-ddb5-4089-9a21-8df74ca988e2

Původní zprávy auditu
type=AVC msg=audit(1320091378.624:14553): avc:  denied  { create } for  pid=14798 comm="sosreport" name="S13rpcbind" scontext=system_u:system_r:sosreport_t:s0-s0:c0.c1023 tcontext=system_u:object_r:abrt_var_cache_t:s0 tclass=lnk_file


Hash: sosreport,sosreport_t,abrt_var_cache_t,lnk_file,create

audit2allow

#============= sosreport_t ==============
allow sosreport_t abrt_var_cache_t:lnk_file create;

audit2allow -R

#============= sosreport_t ==============
allow sosreport_t abrt_var_cache_t:lnk_file create;
Comment 2 Milos Malik 2011-11-01 10:23:41 UTC 
There is no audit.log attached.
Comment 3 Miroslav Grepl 2011-11-01 11:21:03 UTC 

*** This bug has been marked as a duplicate of bug 748338 ***
Note You need to log in before you can comment on or make changes to this bug.