Bug 866018 - SELinux is preventing /usr/bin/python2.7 from using the 'sys_nice' capabilities.
SELinux is preventing /usr/bin/python2.7 from using the 'sys_nice' capabilities.
Status: CLOSED NEXTRELEASE
Product: Fedora
Classification: Fedora
Component: selinux-policy (Show other bugs)
17
i686 Unspecified
unspecified Severity unspecified
: ---
: ---
Assigned To: Miroslav Grepl
Fedora Extras Quality Assurance
abrt_hash:bd3b38ebe782ef8c7f30248ade4...
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2012-10-13 06:24 EDT by Mikhail
Modified: 2012-10-25 11:04 EDT (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2012-10-17 02:57:20 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
File: type (9 bytes, text/plain)
2012-10-13 06:24 EDT, Mikhail
no flags Details
File: hashmarkername (14 bytes, text/plain)
2012-10-13 06:24 EDT, Mikhail
no flags Details

  None (edit)
Description Mikhail 2012-10-13 06:24:44 EDT
Additional info:
libreport version: 2.0.16
kernel:         3.6.1-1.fc17.i686
Comment 1 Mikhail 2012-10-13 06:24:47 EDT
Created attachment 626462 [details]
File: type
Comment 2 Mikhail 2012-10-13 06:24:49 EDT
Created attachment 626463 [details]
File: hashmarkername
Comment 3 Miroslav Grepl 2012-10-15 05:51:29 EDT
Could you attach AVC msgs which you are getting?
Comment 4 Mikhail 2012-10-15 16:22:53 EDT
#  grep denied /var/log/audit/audit.log | grep -e php
type=AVC msg=audit(1350079879.724:662): avc:  denied  { read } for  pid=25503 comm="php-fpm" name="meminfo" dev="proc" ino=4026532026 scontext=system_u:system_r:phpfpm_t:s0 tcontext=system_u:object_r:proc_t:s0 tclass=file
type=AVC msg=audit(1350079879.724:662): avc:  denied  { open } for  pid=25503 comm="php-fpm" path="/proc/meminfo" dev="proc" ino=4026532026 scontext=system_u:system_r:phpfpm_t:s0 tcontext=system_u:object_r:proc_t:s0 tclass=file
type=AVC msg=audit(1350079879.724:663): avc:  denied  { getattr } for  pid=25503 comm="php-fpm" path="/proc/meminfo" dev="proc" ino=4026532026 scontext=system_u:system_r:phpfpm_t:s0 tcontext=system_u:object_r:proc_t:s0 tclass=file
Comment 5 Miroslav Grepl 2012-10-17 02:57:20 EDT
How did you get it on F17. I guess you have local policy  for this.

kernel_read_system_state(phpfpm_t)

will fix it.
Comment 6 Mikhail 2012-10-17 03:02:18 EDT
hmmmm very strange I use F18

Note You need to log in before you can comment on or make changes to this bug.