Description of problem: SELinux is preventing /usr/sbin/abrtd from 'read' accesses on the directory abrt. ***** Plugin catchall (100. confidence) suggests *************************** If you believe that abrtd should be allowed read access on the abrt directory by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # grep abrtd /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context system_u:system_r:abrt_t:s0-s0:c0.c1023 Target Context system_u:object_r:initrc_tmp_t:s0 Target Objects abrt [ dir ] Source abrtd Source Path /usr/sbin/abrtd Port <Unknown> Host (removed) Source RPM Packages abrt-dbus-2.1.2-2.fc18.x86_64 Target RPM Packages Policy RPM selinux-policy-3.11.1-87.fc18.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 3.8.4-202.fc18.x86_64 #1 SMP Thu Mar 21 17:02:20 UTC 2013 x86_64 x86_64 Alert Count 5 First Seen 2013-03-31 18:05:27 IST Last Seen 2013-04-01 05:58:53 IST Local ID bf3ff375-a0f8-40b8-8ba6-2db7644c98db Raw Audit Messages type=AVC msg=audit(1364776133.599:391): avc: denied { read } for pid=5988 comm="abrt-dbus" name="abrt" dev="dm-1" ino=400812 scontext=system_u:system_r:abrt_t:s0-s0:c0.c1023 tcontext=system_u:object_r:initrc_tmp_t:s0 tclass=dir type=SYSCALL msg=audit(1364776133.599:391): arch=x86_64 syscall=openat success=no exit=EACCES a0=ffffffffffffff9c a1=104a690 a2=90800 a3=0 items=0 ppid=1 pid=5988 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 ses=4294967295 tty=(none) comm=abrt-dbus exe=/usr/sbin/abrt-dbus subj=system_u:system_r:abrt_t:s0-s0:c0.c1023 key=(null) Hash: abrtd,abrt_t,initrc_tmp_t,dir,read audit2allow #============= abrt_t ============== allow abrt_t initrc_tmp_t:dir read; audit2allow -R require { type initrc_tmp_t; type abrt_t; class dir read; } #============= abrt_t ============== allow abrt_t initrc_tmp_t:dir read; Additional info: hashmarkername: setroubleshoot kernel: 3.8.4-202.fc18.x86_64 type: libreport
Why is abrt writing to /tmp?
This seems like the same problem as #928986.
Yes, /var/tmp/abrt is mislabeled.
Can we just get rid of it. I see files in it that seem easily guessable, and if a user could get abrt to write to it then bad things can happen.
*** Bug 946916 has been marked as a duplicate of this bug. ***
(In reply to comment #4) > Can we just get rid of it. > > I see files in it that seem easily guessable, and if a user could get abrt > to write to it then bad things can happen. No, we can't, it's where abrt saves it's data now. It doesn't follow symlinks when accessing this directories, so it should be safe.
https://bugzilla.redhat.com/show_bug.cgi?id=910955#c1
Description of problem: Occured after clean fc18 install Additional info: hashmarkername: setroubleshoot kernel: 3.8.6-203.fc18.x86_64 type: libreport
Description of problem: Clean install. Additional info: hashmarkername: setroubleshoot kernel: 3.8.11-200.fc18.x86_64 type: libreport
Description of problem: fresh installed F18 system, running the ABRT GUI for the first time gives an AVC error on the abrt spool directory Additional info: hashmarkername: setroubleshoot kernel: 3.8.11-200.fc18.i686.PAE type: libreport
*** Bug 967155 has been marked as a duplicate of this bug. ***
Description of problem: Logged in following boot Additional info: reporter: libreport-2.1.4 hashmarkername: setroubleshoot kernel: 3.9.4-200.fc18.x86_64 type: libreport
Description of problem: Logged into gmail via firefox... Don't see how that might be connected... Additional info: reporter: libreport-2.1.4 hashmarkername: setroubleshoot kernel: 3.9.4-200.fc18.x86_64 type: libreport
I think I must be learn more Linux for understand that... Whatever.. thanks
Marta restorecon -R -v /var/tmp/ And your problem will go away.
(In reply to Daniel Walsh from comment #15) > Marta > > restorecon -R -v /var/tmp/ > > And your problem will go away. Thank you so much :) I learn now... but I'm only use in level user... I need more knowledges... Thankssss!!!
-> NOTABUG