866018 – SELinux is preventing /usr/bin/python2.7 from using the 'sys_nice' capabilities.

Bug 866018 - SELinux is preventing /usr/bin/python2.7 from using the 'sys_nice' capabilities.

Summary: SELinux is preventing /usr/bin/python2.7 from using the 'sys_nice' capabilities.

Keywords:
Status:	CLOSED NEXTRELEASE
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	selinux-policy
Sub Component:
Version:	17
Hardware:	i686
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Assignee:	Miroslav Grepl
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:	abrt_hash:bd3b38ebe782ef8c7f30248ade4...
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2012-10-13 10:24 UTC by Mikhail
Modified:	2012-10-25 15:04 UTC (History)
CC List:	4 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2012-10-17 06:57:20 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)
File: type (9 bytes, text/plain) 2012-10-13 10:24 UTC, Mikhail	no flags	Details
File: hashmarkername (14 bytes, text/plain) 2012-10-13 10:24 UTC, Mikhail	no flags	Details
View All

Description Mikhail 2012-10-13 10:24:44 UTC

Additional info:
libreport version: 2.0.16
kernel:         3.6.1-1.fc17.i686

Comment 1 Mikhail 2012-10-13 10:24:47 UTC

Created attachment 626462 [details]
File: type

Comment 2 Mikhail 2012-10-13 10:24:49 UTC

Created attachment 626463 [details]
File: hashmarkername

Comment 3 Miroslav Grepl 2012-10-15 09:51:29 UTC

Could you attach AVC msgs which you are getting?

Comment 4 Mikhail 2012-10-15 20:22:53 UTC

#  grep denied /var/log/audit/audit.log | grep -e php
type=AVC msg=audit(1350079879.724:662): avc:  denied  { read } for  pid=25503 comm="php-fpm" name="meminfo" dev="proc" ino=4026532026 scontext=system_u:system_r:phpfpm_t:s0 tcontext=system_u:object_r:proc_t:s0 tclass=file
type=AVC msg=audit(1350079879.724:662): avc:  denied  { open } for  pid=25503 comm="php-fpm" path="/proc/meminfo" dev="proc" ino=4026532026 scontext=system_u:system_r:phpfpm_t:s0 tcontext=system_u:object_r:proc_t:s0 tclass=file
type=AVC msg=audit(1350079879.724:663): avc:  denied  { getattr } for  pid=25503 comm="php-fpm" path="/proc/meminfo" dev="proc" ino=4026532026 scontext=system_u:system_r:phpfpm_t:s0 tcontext=system_u:object_r:proc_t:s0 tclass=file

Comment 5 Miroslav Grepl 2012-10-17 06:57:20 UTC

How did you get it on F17. I guess you have local policy  for this.

kernel_read_system_state(phpfpm_t)

will fix it.

Comment 6 Mikhail 2012-10-17 07:02:18 UTC

hmmmm very strange I use F18

Note You need to log in before you can comment on or make changes to this bug.