Additional info: libreport version: 2.0.13 kernel: 3.6.0-0.rc4.git0.1.fc18.i686 description: :SELinux is preventing /usr/bin/dmesg from 'write' accesses on the file /var/spool/abrt/oops-2012-09-06-07:49:04-1271-1/dmesg. : :***** Plugin leaks (86.2 confidence) suggests ****************************** : :If you want to ignore dmesg trying to write access the dmesg file, because you believe it should not need this access. :Then you should report this as a bug. :You can generate a local policy module to dontaudit this access. :Do :# grep /usr/bin/dmesg /var/log/audit/audit.log | audit2allow -D -M mypol :# semodule -i mypol.pp : :***** Plugin catchall (14.7 confidence) suggests *************************** : :If you believe that dmesg should be allowed write access on the dmesg file by default. :Then you should report this as a bug. :You can generate a local policy module to allow this access. :Do :allow this access for now by executing: :# grep dmesg /var/log/audit/audit.log | audit2allow -M mypol :# semodule -i mypol.pp : :Additional Information: :Source Context system_u:system_r:dmesg_t:s0-s0:c0.c1023 :Target Context system_u:object_r:abrt_var_cache_t:s0 :Target Objects /var/spool/abrt/oops-2012-09-06-07:49:04-1271-1/dm : esg [ file ] :Source dmesg :Source Path /usr/bin/dmesg :Port <Unknown> :Host (removed) :Source RPM Packages util-linux-2.22-0.1.fc18.i686 :Target RPM Packages :Policy RPM selinux-policy-3.11.1-14.fc18.noarch :Selinux Enabled True :Policy Type targeted :Enforcing Mode Enforcing :Host Name (removed) :Platform Linux (removed) 3.6.0-0.rc4.git0.1.fc18.i686 #1 : SMP Mon Sep 3 15:07:40 UTC 2012 i686 i686 :Alert Count 1 :First Seen 2012-09-06 07:49:04 IST :Last Seen 2012-09-06 07:49:04 IST :Local ID ec5bfa0c-4791-4b8a-a3fc-b925b2dd2e57 : :Raw Audit Messages :type=AVC msg=audit(1346914144.764:56): avc: denied { write } for pid=1277 comm="dmesg" path="/var/spool/abrt/oops-2012-09-06-07:49:04-1271-1/dmesg" dev="dm-2" ino=528015 scontext=system_u:system_r:dmesg_t:s0-s0:c0.c1023 tcontext=system_u:object_r:abrt_var_cache_t:s0 tclass=file : : :type=SYSCALL msg=audit(1346914144.764:56): arch=i386 syscall=execve success=yes exit=0 a0=9527b00 a1=9527b98 a2=9526a50 a3=9527b98 items=0 ppid=1275 pid=1277 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=dmesg exe=/usr/bin/dmesg subj=system_u:system_r:dmesg_t:s0-s0:c0.c1023 key=(null) : :Hash: dmesg,dmesg_t,abrt_var_cache_t,file,write : :audit2allow : :#============= dmesg_t ============== :allow dmesg_t abrt_var_cache_t:file write; : :audit2allow -R : :#============= dmesg_t ============== :allow dmesg_t abrt_var_cache_t:file write; :
Created attachment 610184 [details] File: type
Created attachment 610185 [details] File: hashmarkername
This file should be opened for append not write.
Kernel oops caused ABRT to pop up informing me of the oops, and then this AVC showed up Package: (null) Architecture: x86_64 OS Release: Fedora release 18 (Spherical Cow)
(In reply to comment #3) > This file should be opened for append not write. Why? I think what is happening here is ABRT trying to dump dmesg output to a file, so it could attach it to a report. -- Fedora Bugzappers volunteer triage team https://fedoraproject.org/wiki/BugZappers
Error occurred after "network time ON" setting Package: (null) Architecture: x86_64 OS Release: Fedora release 18 (Spherical Cow)
*** This bug has been marked as a duplicate of bug 854266 ***