Description of problem: Version-Release number of selected component (if applicable): filesystem-2.4.44-1.fc16.x86_64 How reproducible: Selinux alert appears without other symptoms. Steps to Reproduce: Unknown Actual results: Selinux alerts Expected results: No alerts Additional info Attempting to automaticallreport to Bugzilla gave: "--- Running report_Bugzilla --- Logging into Bugzilla at https://bugzilla.redhat.com Checking for duplicates fatal: XML-RPC(0): (null) (exited with 1) " . SETroubleshoot Details Windows contains: "SELinux is preventing /usr/bin/python2.7 from write access on the directory /. ***** Plugin catchall (100. confidence) suggests *************************** If you believe that python2.7 should be allowed write access on the directory by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # grep xm /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context system_u:system_r:virsh_t:s0 Target Context system_u:object_r:root_t:s0 Target Objects / [ dir ] Source xm Source Path /usr/bin/python2.7 Port <Unknown> Host toshlocalhost.localdomain Source RPM Packages python-2.7.3-1.fc16.x86_64 Target RPM Packages filesystem-2.4.44-1.fc16.x86_64 Policy RPM selinux-policy-3.10.0-86.fc16.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name toshlocalhost.localdomain Platform Linux toshlocalhost.localdomain 3.3.7-1.fc16.x86_64 #1 SMP Tue May 22 13:59:39 UTC 2012 x86_64 x86_64 Alert Count 1 First Seen Mon 28 May 2012 08:14:49 AM EDT Last Seen Mon 28 May 2012 08:14:49 AM EDT Local ID 6a49a0fd-c78e-47b8-8abd-e6c3dde3cd73 Raw Audit Messages type=AVC msg=audit(1338207289.817:54): avc: denied { write } for pid=969 comm="xm" name="/" dev="sda9" ino=2 scontext=system_u:system_r:virsh_t:s0 tcontext=system_u:object_r:root_t:s0 tclass=dir type=SYSCALL msg=audit(1338207289.817:54): arch=x86_64 syscall=open success=no exit=EACCES a0=14ecef0 a1=200c2 a2=180 a3=20 items=0 ppid=964 pid=969 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=xm exe=/usr/bin/python2.7 subj=system_u:system_r:virsh_t:s0 key=(null) Hash: xm,virsh_t,root_t,dir,write audit2allow #============= virsh_t ============== #!!!! The source type 'virsh_t' can write to a 'dir' of the following types: # xend_var_lib_t, virt_etc_t, xenfs_t, virt_etc_rw_t, virt_image_type, ssh_home_t allow virsh_t root_t:dir write; audit2allow -R #============= virsh_t ============== #!!!! The source type 'virsh_t' can write to a 'dir' of the following types: # xend_var_lib_t, virt_etc_t, xenfs_t, virt_etc_rw_t, virt_image_type, ssh_home_t allow virsh_t root_t:dir write; "
Tried to assign "xm" as a component, as per bug 81528, but xm is not available as a component name.
What were you doing to trigger this?
Starting ABRT, aftter seeing its icon at the bottom of my LXDE screen
(In reply to comment #3) > Starting ABRT, aftter seeing its icon at the bottom of my LXDE screen abrt is just reporting the error. I was wondering what you were doing to cause the error in the first place. It will be something to do with attempting to run a virtual server.
The message appears in my /var/log/messages file, which is posted at https://bugzilla.redhat.com/attachment.cgi?id=634114 as an attachment to bug 857458. So I'm not doing special AFAIK.
xen-4.1.3-5.fc16 has been submitted as an update for Fedora 16. https://admin.fedoraproject.org/updates/xen-4.1.3-5.fc16
xen-4.1.3-5.fc16 has some selinux related fixes that were in packages for later fedora versions that I think might help your problem.
Package xen-4.1.3-5.fc16: * should fix your issue, * was pushed to the Fedora 16 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing xen-4.1.3-5.fc16' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2012-18967/xen-4.1.3-5.fc16 then log in and leave karma (feedback).
Still getting messages. I have installed: xen-doc-4.1.3-4.fc16.x86_64 xen-licenses-4.1.3-4.fc16.x86_64 netxen-firmware-4.0.534-4.fc15.noarch xen-hypervisor-4.1.3-4.fc16.x86_64 xen-runtime-4.1.3-5.fc16.x86_64 xen-libs-4.1.3-5.fc16.x86_64 xen-4.1.3-5.fc16.x86_64 I get three selinux messages at bootup. Here they are: ================================= message 1 ============================= SELinux is preventing /usr/bin/python2.7 from write access on the directory /. ***** Plugin catchall (100. confidence) suggests *************************** If you believe that python2.7 should be allowed write access on the directory by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # grep xm /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context system_u:system_r:virsh_t:s0 Target Context system_u:object_r:root_t:s0 Target Objects / [ dir ] Source xm Source Path /usr/bin/python2.7 Port <Unknown> Host toshlocalhost.localdomain Source RPM Packages python-2.7.3-4.fc16.x86_64 Target RPM Packages filesystem-2.4.44-1.fc16.x86_64 Policy RPM selinux-policy-3.10.0-96.fc16.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name toshlocalhost.localdomain Platform Linux toshlocalhost.localdomain 3.6.6-1.fc16.x86_64 #1 SMP Mon Nov 5 16:56:43 UTC 2012 x86_64 x86_64 Alert Count 1 First Seen Mon 26 Nov 2012 05:13:17 PM EST Last Seen Mon 26 Nov 2012 05:13:17 PM EST Local ID 125fa22c-82e7-4465-9af0-fc3bae1bad5c Raw Audit Messages type=AVC msg=audit(1353967997.738:52): avc: denied { write } for pid=1012 comm="xm" name="/" dev="sda9" ino=2 scontext=system_u:system_r:virsh_t:s0 tcontext=system_u:object_r:root_t:s0 tclass=dir type=SYSCALL msg=audit(1353967997.738:52): arch=x86_64 syscall=open success=no exit=EACCES a0=1ee6c50 a1=200c2 a2=180 a3=20 items=0 ppid=1011 pid=1012 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=xm exe=/usr/bin/python2.7 subj=system_u:system_r:virsh_t:s0 key=(null) Hash: xm,virsh_t,root_t,dir,write audit2allow #============= virsh_t ============== #!!!! The source type 'virsh_t' can write to a 'dir' of the following types: # ssh_home_t, xend_var_lib_t, xenfs_t, virt_etc_t, virt_etc_rw_t, virt_image_type allow virsh_t root_t:dir write; audit2allow -R #============= virsh_t ============== #!!!! The source type 'virsh_t' can write to a 'dir' of the following types: # ssh_home_t, xend_var_lib_t, xenfs_t, virt_etc_t, virt_etc_rw_t, virt_image_type allow virsh_t root_t:dir write; ========================================= message 2 ===================== SELinux is preventing /usr/bin/python2.7 from write access on the directory /var/tmp. ***** Plugin catchall (100. confidence) suggests *************************** If you believe that python2.7 should be allowed write access on the tmp directory by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # grep xm /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context system_u:system_r:virsh_t:s0 Target Context system_u:object_r:tmp_t:s0 Target Objects /var/tmp [ dir ] Source xm Source Path /usr/bin/python2.7 Port <Unknown> Host toshlocalhost.localdomain Source RPM Packages python-2.7.3-4.fc16.x86_64 Target RPM Packages filesystem-2.4.44-1.fc16.x86_64 Policy RPM selinux-policy-3.10.0-96.fc16.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name toshlocalhost.localdomain Platform Linux toshlocalhost.localdomain 3.6.6-1.fc16.x86_64 #1 SMP Mon Nov 5 16:56:43 UTC 2012 x86_64 x86_64 Alert Count 3 First Seen Mon 26 Nov 2012 05:13:17 PM EST Last Seen Mon 26 Nov 2012 05:13:17 PM EST Local ID b73a6b84-7837-4cbe-b95b-e0ec61ef3814 Raw Audit Messages type=AVC msg=audit(1353967997.737:51): avc: denied { write } for pid=1012 comm="xm" name="tmp" dev="sda9" ino=1044516 scontext=system_u:system_r:virsh_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=dir type=SYSCALL msg=audit(1353967997.737:51): arch=x86_64 syscall=open success=no exit=EACCES a0=1ee6c50 a1=200c2 a2=180 a3=20 items=0 ppid=1011 pid=1012 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=xm exe=/usr/bin/python2.7 subj=system_u:system_r:virsh_t:s0 key=(null) Hash: xm,virsh_t,tmp_t,dir,write audit2allow #============= virsh_t ============== #!!!! The source type 'virsh_t' can write to a 'dir' of the following types: # ssh_home_t, xend_var_lib_t, xenfs_t, virt_etc_t, virt_etc_rw_t, virt_image_type allow virsh_t tmp_t:dir write; audit2allow -R #============= virsh_t ============== #!!!! The source type 'virsh_t' can write to a 'dir' of the following types: # ssh_home_t, xend_var_lib_t, xenfs_t, virt_etc_t, virt_etc_rw_t, virt_image_type allow virsh_t tmp_t:dir write; ============================== message 3 =============================== SELinux is preventing /usr/bin/python2.7 from write access on the directory /var/log/xen. ***** Plugin catchall (100. confidence) suggests *************************** If you believe that python2.7 should be allowed write access on the xen directory by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # grep xm /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context system_u:system_r:virsh_t:s0 Target Context system_u:object_r:xend_var_log_t:s0 Target Objects /var/log/xen [ dir ] Source xm Source Path /usr/bin/python2.7 Port <Unknown> Host toshlocalhost.localdomain Source RPM Packages python-2.7.3-4.fc16.x86_64 Target RPM Packages xen-runtime-4.1.3-5.fc16.x86_64 Policy RPM selinux-policy-3.10.0-96.fc16.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name toshlocalhost.localdomain Platform Linux toshlocalhost.localdomain 3.6.6-1.fc16.x86_64 #1 SMP Mon Nov 5 16:56:43 UTC 2012 x86_64 x86_64 Alert Count 1 First Seen Mon 26 Nov 2012 05:13:17 PM EST Last Seen Mon 26 Nov 2012 05:13:17 PM EST Local ID 6c1f18b7-e3b4-46e2-ac46-f40bdd7ea3c9 Raw Audit Messages type=AVC msg=audit(1353967997.682:48): avc: denied { write } for pid=1012 comm="xm" name="xen" dev="sda9" ino=391854 scontext=system_u:system_r:virsh_t:s0 tcontext=system_u:object_r:xend_var_log_t:s0 tclass=dir type=SYSCALL msg=audit(1353967997.682:48): arch=x86_64 syscall=open success=no exit=EACCES a0=1ec0f80 a1=441 a2=1b6 a3=238 items=0 ppid=1011 pid=1012 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=xm exe=/usr/bin/python2.7 subj=system_u:system_r:virsh_t:s0 key=(null) Hash: xm,virsh_t,xend_var_log_t,dir,write audit2allow #============= virsh_t ============== #!!!! The source type 'virsh_t' can write to a 'dir' of the following types: # ssh_home_t, xend_var_lib_t, xenfs_t, virt_etc_t, virt_etc_rw_t, virt_image_type allow virsh_t xend_var_log_t:dir write; audit2allow -R #============= virsh_t ============== #!!!! The source type 'virsh_t' can write to a 'dir' of the following types: # ssh_home_t, xend_var_lib_t, xenfs_t, virt_etc_t, virt_etc_rw_t, virt_image_type allow virsh_t xend_var_log_t:dir write; ===================== end of messages ======================================
Just rebooted with kernel-3.6.7-4.fc16.x86_64 . Still seeing messages. No ABRT is occurring.
xen-4.1.3-5.fc16 has been pushed to the Fedora 16 stable repository. If problems still persist, please make note of it in this bug report.
Sounds like there's still issues, setting back to NEW.
This message is a reminder that Fedora 16 is nearing its end of life. Approximately 4 (four) weeks from now Fedora will stop maintaining and issuing updates for Fedora 16. It is Fedora's policy to close all bug reports from releases that are no longer maintained. At that time this bug will be closed as WONTFIX if it remains open with a Fedora 'version' of '16'. Package Maintainer: If you wish for this bug to remain open because you plan to fix it in a currently maintained version, simply change the 'version' to a later Fedora version prior to Fedora 16's end of life. Bug Reporter: Thank you for reporting this issue and we are sorry that we may not be able to fix it before Fedora 16 is end of life. If you would still like to see this bug fixed and are able to reproduce it against a later version of Fedora, you are encouraged to click on "Clone This Bug" and open it against that version of Fedora. Although we aim to fix as many bugs as possible during every release's lifetime, sometimes those efforts are overtaken by events. Often a more recent Fedora release includes newer upstream software that fixes bugs or makes them obsolete. The process we are following is described here: http://fedoraproject.org/wiki/BugZappers/HouseKeeping
Peter, as mentioned above, F16 is about to become unsupported. If you can still reproduce selinux issues with F18, please open a new bug to track them.