Description of problem: SELinux is preventing /usr/bin/bash from 'read' accesses on the file meminfo. ***** Plugin catchall (100. confidence) suggests *************************** If cree que de manera predeterminada, bash debería permitir acceso read sobre meminfo file. Then debería reportar esto como un error. Puede generar un módulo de política local para permitir este acceso. Do permita el acceso momentáneamente executando: # grep sh /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context system_u:system_r:nrpe_t:s0 Target Context system_u:object_r:proc_t:s0 Target Objects meminfo [ file ] Source sh Source Path /usr/bin/bash Port <Desconocido> Host (removed) Source RPM Packages bash-4.2.45-1.fc19.x86_64 Target RPM Packages Policy RPM selinux-policy-3.12.1-54.fc19.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 3.9.6-301.fc19.x86_64 #1 SMP Mon Jun 17 14:26:26 UTC 2013 x86_64 x86_64 Alert Count 310 First Seen 2013-07-01 15:09:07 CEST Last Seen 2013-07-01 22:09:42 CEST Local ID c6190c11-c441-458b-b065-406752624207 Raw Audit Messages type=AVC msg=audit(1372709382.673:3691): avc: denied { read } for pid=11107 comm="sh" name="meminfo" dev="proc" ino=4026532029 scontext=system_u:system_r:nrpe_t:s0 tcontext=system_u:object_r:proc_t:s0 tclass=file type=SYSCALL msg=audit(1372709382.673:3691): arch=x86_64 syscall=open success=no exit=EACCES a0=321517bae7 a1=80000 a2=1b6 a3=0 items=0 ppid=11106 pid=11107 auid=4294967295 uid=981 gid=976 euid=981 suid=981 fsuid=981 egid=976 sgid=976 fsgid=976 ses=4294967295 tty=(none) comm=sh exe=/usr/bin/bash subj=system_u:system_r:nrpe_t:s0 key=(null) Hash: sh,nrpe_t,proc_t,file,read Additional info: reporter: libreport-2.1.5 hashmarkername: setroubleshoot kernel: 3.9.6-301.fc19.x86_64 type: libreport
commit 81227b7be797b70321c19cfc40f7af0920b8a192 Author: Miroslav Grepl <mgrepl> Date: Tue Jul 2 09:54:02 2013 +0200 Allow nrpe to read meminfo
selinux-policy-3.12.1-59.fc19 has been submitted as an update for Fedora 19. https://admin.fedoraproject.org/updates/selinux-policy-3.12.1-59.fc19
Package selinux-policy-3.12.1-59.fc19: * should fix your issue, * was pushed to the Fedora 19 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing selinux-policy-3.12.1-59.fc19' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2013-12373/selinux-policy-3.12.1-59.fc19 then log in and leave karma (feedback).
selinux-policy-3.12.1-59.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report.