Note: This bug is displayed in read-only format because
the product is no longer active in Red Hat Bugzilla.
RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
There are many AVC denials dealing with sosreport run inside of abrt. This is one example. Complete /var/log/audit/audit.log is attached as well.
SELinux is preventing /usr/bin/python from create access on the lnk_file S13rpcbind.
***** Plugin catchall (100. confidence) suggests ***************************
If you believe that python should be allowed create access on the S13rpcbind lnk_file by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# grep sosreport /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp
Additional Information:
Kontext zdroje system_u:system_r:sosreport_t:s0-s0:c0.c1023
Kontext cíle system_u:object_r:abrt_var_cache_t:s0
Objekty cíle S13rpcbind [ lnk_file ]
Zdroj sosreport
Cesta zdroje /usr/bin/python
Port <Neznámé>
Počítač mitmanek.ceplovi.cz
RPM balíčky zdroje
RPM balíčky cíle
RPM politiky selinux-policy-3.7.19-120.el6
Selinux povolen True
Typ politiky targeted
Vynucovací režim Enforcing
Název počítače mitmanek.ceplovi.cz
Platforma Linux mitmanek.ceplovi.cz 2.6.32-214.el6.x86_64 #1
SMP Tue Oct 25 19:48:00 EDT 2011 x86_64 x86_64
Počet upozornění 906
Poprvé viděno Po 31. říjen 2011, 19:25:48 CET
Naposledy viděno Po 31. říjen 2011, 21:02:58 CET
Místní ID f2200e26-ddb5-4089-9a21-8df74ca988e2
Původní zprávy auditu
type=AVC msg=audit(1320091378.624:14553): avc: denied { create } for pid=14798 comm="sosreport" name="S13rpcbind" scontext=system_u:system_r:sosreport_t:s0-s0:c0.c1023 tcontext=system_u:object_r:abrt_var_cache_t:s0 tclass=lnk_file
Hash: sosreport,sosreport_t,abrt_var_cache_t,lnk_file,create
audit2allow
#============= sosreport_t ==============
allow sosreport_t abrt_var_cache_t:lnk_file create;
audit2allow -R
#============= sosreport_t ==============
allow sosreport_t abrt_var_cache_t:lnk_file create;
There are many AVC denials dealing with sosreport run inside of abrt. This is one example. Complete /var/log/audit/audit.log is attached as well. SELinux is preventing /usr/bin/python from create access on the lnk_file S13rpcbind. ***** Plugin catchall (100. confidence) suggests *************************** If you believe that python should be allowed create access on the S13rpcbind lnk_file by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # grep sosreport /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Kontext zdroje system_u:system_r:sosreport_t:s0-s0:c0.c1023 Kontext cíle system_u:object_r:abrt_var_cache_t:s0 Objekty cíle S13rpcbind [ lnk_file ] Zdroj sosreport Cesta zdroje /usr/bin/python Port <Neznámé> Počítač mitmanek.ceplovi.cz RPM balíčky zdroje RPM balíčky cíle RPM politiky selinux-policy-3.7.19-120.el6 Selinux povolen True Typ politiky targeted Vynucovací režim Enforcing Název počítače mitmanek.ceplovi.cz Platforma Linux mitmanek.ceplovi.cz 2.6.32-214.el6.x86_64 #1 SMP Tue Oct 25 19:48:00 EDT 2011 x86_64 x86_64 Počet upozornění 906 Poprvé viděno Po 31. říjen 2011, 19:25:48 CET Naposledy viděno Po 31. říjen 2011, 21:02:58 CET Místní ID f2200e26-ddb5-4089-9a21-8df74ca988e2 Původní zprávy auditu type=AVC msg=audit(1320091378.624:14553): avc: denied { create } for pid=14798 comm="sosreport" name="S13rpcbind" scontext=system_u:system_r:sosreport_t:s0-s0:c0.c1023 tcontext=system_u:object_r:abrt_var_cache_t:s0 tclass=lnk_file Hash: sosreport,sosreport_t,abrt_var_cache_t,lnk_file,create audit2allow #============= sosreport_t ============== allow sosreport_t abrt_var_cache_t:lnk_file create; audit2allow -R #============= sosreport_t ============== allow sosreport_t abrt_var_cache_t:lnk_file create;