On 01/13/2010 12:43 PM, Bob Goodwin wrote: > I'm not sure what this means or how to react to it. I noticed it for the > first time after an update a little while ago although it also refers to > an earlier episode. This is the first time I saw it though. > > Advise appreciated. > > Bob > > > Summary: > > SELinux is preventing /usr/sbin/abrtd (deleted) "write" access on > /etc/abrt. > > Detailed Description: > > [abrtd has a permissive type (abrt_t). This access was not denied.] > > SELinux denied access requested by abrtd. It is not expected that > this access is > required by abrtd and this access may signal an intrusion attempt. > It is also > possible that the specific version or configuration of the > application is > causing it to require additional access. > > Allowing Access: > > You can generate a local policy module to allow this access - see FAQ > (http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Please > file a bug > report. > > Additional Information: > > Source Context system_u:system_r:abrt_t:s0-s0:c0.c1023 > Target Context system_u:object_r:abrt_etc_t:s0 > Target Objects /etc/abrt [ dir ] > Source abrtd > Source Path /usr/sbin/abrtd (deleted) > Port <Unknown> > Host box6 > Source RPM Packages > Target RPM Packages abrt-1.0.3-1.fc12 > Policy RPM selinux-policy-3.6.32-66.fc12 > Selinux Enabled True > Policy Type targeted > Enforcing Mode Enforcing > Plugin Name catchall > Host Name box6 > Platform Linux box6 2.6.31.9-174.fc12.x86_64 #1 > SMP Mon Dec > 21 05:33:33 UTC 2009 x86_64 x86_64 > Alert Count 3 > First Seen Wed 13 Jan 2010 10:04:23 AM EST > Last Seen Wed 13 Jan 2010 10:04:23 AM EST > Local ID 5b2d146c-4a5b-4d4b-bd2b-17df8e2837a5 > Line Numbers > > Raw Audit Messages > > node=box6 type=AVC msg=audit(1263395063.649:71): avc: denied { > write } for pid=1458 comm="abrtd" name="abrt" dev=dm-2 ino=24239 > scontext=system_u:system_r:abrt_t:s0-s0:c0.c1023 > tcontext=system_u:object_r:abrt_etc_t:s0 tclass=dir > > node=box6 type=AVC msg=audit(1263395063.649:71): avc: denied { > add_name } for pid=1458 comm="abrtd" name="pyhook.conf" > scontext=system_u:system_r:abrt_t:s0-s0:c0.c1023 > tcontext=system_u:object_r:abrt_etc_t:s0 tclass=dir > > node=box6 type=AVC msg=audit(1263395063.649:71): avc: denied { > create } for pid=1458 comm="abrtd" name="pyhook.conf" > scontext=system_u:system_r:abrt_t:s0-s0:c0.c1023 > tcontext=system_u:object_r:abrt_etc_t:s0 tclass=file > > node=box6 type=SYSCALL msg=audit(1263395063.649:71): arch=c000003e > syscall=2 success=yes exit=9 a0=7f7549437625 a1=241 a2=1b6 a3=0 > items=0 ppid=1 pid=1458 auid=4294967295 uid=0 gid=0 euid=0 suid=0 > fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="abrtd" > exe=2F7573722F7362696E2F6162727464202864656C6574656429 > subj=system_u:system_r:abrt_t:s0-s0:c0.c1023 key=(null) > > > > > . > I believe there is a new abrt package available that does not do this any longer. yum -y update abrt\* --enablerepo=updates-testing -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
