First Last Prev Next    This bug is not in your last search results.
Bug 800348 - SELinux is preventing /usr/bin/ps from using the 'sys_ptrace' capabilities.
SELinux is preventing /usr/bin/ps from using the 'sys_ptrace' capabilities.
Status: CLOSED CURRENTRELEASE
Product: Fedora
Classification: Fedora
Component: selinux-policy (Show other bugs)
17
x86_64 Unspecified
unspecified Severity unspecified
: ---
: ---
Assigned To: Miroslav Grepl
Fedora Extras Quality Assurance
abrt_hash:90b65e2cb94df4f4fe8322cf503...
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2012-03-06 06:28 EST by Patryk Zawadzki
Modified: 2012-03-06 13:59 EST (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2012-03-06 13:59:06 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

  None (edit)
Description Patryk Zawadzki 2012-03-06 06:28:11 EST 
libreport version: 2.0.8
executable:     /usr/bin/python
hashmarkername: setroubleshoot
kernel:         3.2.8-3.fc16.x86_64
reason:         SELinux is preventing /usr/bin/ps from using the 'sys_ptrace' capabilities.
time:           wto, 6 mar 2012, 12:27:56

description:
:SELinux is preventing /usr/bin/ps from using the 'sys_ptrace' capabilities.
:
:*****  Plugin catchall (100. confidence) suggests  ***************************
:
:If jeśli ps powinno mieć domyślnie możliwość sys_ptrace.
:Then proszę to zgłosić jako błąd.
:Można utworzyć lokalny moduł polityki, aby umożliwić ten dostęp.
:Do
:można tymczasowo zezwolić na ten dostęp wykonując polecenia:
:# grep ps /var/log/audit/audit.log | audit2allow -M mojapolityka
:# semodule -i mojapolityka.pp
:
:Additional Information:
:Source Context                system_u:system_r:ksmtuned_t:s0
:Target Context                system_u:system_r:ksmtuned_t:s0
:Target Objects                 [ capability ]
:Source                        ps
:Source Path                   /usr/bin/ps
:Port                          <Nieznane>
:Host                          (removed)
:Source RPM Packages           procps-3.2.8-26.20110302git.fc17.x86_64
:Target RPM Packages           
:Policy RPM                    selinux-policy-3.10.0-95.fc17.noarch
:Selinux Enabled               True
:Policy Type                   targeted
:Enforcing Mode                Enforcing
:Host Name                     (removed)
:Platform                      Linux (removed) 3.2.8-3.fc16.x86_64
:                              #1 SMP Tue Feb 28 21:48:17 UTC 2012 x86_64 x86_64
:Alert Count                   15212
:First Seen                    nie, 4 mar 2012, 12:07:59
:Last Seen                     wto, 6 mar 2012, 12:27:13
:Local ID                      5c469428-3119-4b66-932f-53627a3921ee
:
:Raw Audit Messages
:type=AVC msg=audit(1331033233.583:454): avc:  denied  { sys_ptrace } for  pid=3268 comm="ps" capability=19  scontext=system_u:system_r:ksmtuned_t:s0 tcontext=system_u:system_r:ksmtuned_t:s0 tclass=capability
:
:
:type=SYSCALL msg=audit(1331033233.583:454): arch=x86_64 syscall=read success=yes exit=196 a0=6 a1=3af9221140 a2=3ff a3=3af900c7d9 items=0 ppid=3267 pid=3268 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=ps exe=/usr/bin/ps subj=system_u:system_r:ksmtuned_t:s0 key=(null)
:
:Hash: ps,ksmtuned_t,ksmtuned_t,capability,sys_ptrace
:
:audit2allowunable to open /sys/fs/selinux/policy:  Permission denied
:
:
:audit2allow -Runable to open /sys/fs/selinux/policy:  Permission denied
:
:
Comment 1 Patryk Zawadzki 2012-03-06 11:40:47 EST 
I believe the problem is related to using an F16 kernel.

Have not yet experienced the sys_ptrace flood since upgrading to kernel-3.3.0-0.rc6.git0.2.fc17.x86_64
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.