Re: Selinux warning -

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 01/13/2010 12:43 PM, Bob Goodwin wrote:
> I'm not sure what this means or how to react to it. I noticed it for the 
> first time after an update a little while ago although it also refers to 
> an earlier episode. This is the first time I saw it though.
> 
> Advise appreciated.
> 
> Bob
> 
> 
>     Summary:
> 
>     SELinux is preventing /usr/sbin/abrtd (deleted) "write" access on
>     /etc/abrt.
> 
>     Detailed Description:
> 
>     [abrtd has a permissive type (abrt_t). This access was not denied.]
> 
>     SELinux denied access requested by abrtd. It is not expected that
>     this access is
>     required by abrtd and this access may signal an intrusion attempt.
>     It is also
>     possible that the specific version or configuration of the
>     application is
>     causing it to require additional access.
> 
>     Allowing Access:
> 
>     You can generate a local policy module to allow this access - see FAQ
>     (http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Please
>     file a bug
>     report.
> 
>     Additional Information:
> 
>     Source Context                system_u:system_r:abrt_t:s0-s0:c0.c1023
>     Target Context                system_u:object_r:abrt_etc_t:s0
>     Target Objects                /etc/abrt [ dir ]
>     Source                        abrtd
>     Source Path                   /usr/sbin/abrtd (deleted)
>     Port <Unknown>
>     Host                          box6
>     Source RPM Packages
>     Target RPM Packages           abrt-1.0.3-1.fc12
>     Policy RPM                    selinux-policy-3.6.32-66.fc12
>     Selinux Enabled               True
>     Policy Type                   targeted
>     Enforcing Mode                Enforcing
>     Plugin Name                   catchall
>     Host Name                     box6
>     Platform                      Linux box6 2.6.31.9-174.fc12.x86_64 #1
>     SMP Mon Dec
>                                    21 05:33:33 UTC 2009 x86_64 x86_64
>     Alert Count                   3
>     First Seen                    Wed 13 Jan 2010 10:04:23 AM EST
>     Last Seen                     Wed 13 Jan 2010 10:04:23 AM EST
>     Local ID                      5b2d146c-4a5b-4d4b-bd2b-17df8e2837a5
>     Line Numbers
> 
>     Raw Audit Messages
> 
>     node=box6 type=AVC msg=audit(1263395063.649:71): avc:  denied  {
>     write } for  pid=1458 comm="abrtd" name="abrt" dev=dm-2 ino=24239
>     scontext=system_u:system_r:abrt_t:s0-s0:c0.c1023
>     tcontext=system_u:object_r:abrt_etc_t:s0 tclass=dir
> 
>     node=box6 type=AVC msg=audit(1263395063.649:71): avc:  denied  {
>     add_name } for  pid=1458 comm="abrtd" name="pyhook.conf"
>     scontext=system_u:system_r:abrt_t:s0-s0:c0.c1023
>     tcontext=system_u:object_r:abrt_etc_t:s0 tclass=dir
> 
>     node=box6 type=AVC msg=audit(1263395063.649:71): avc:  denied  {
>     create } for  pid=1458 comm="abrtd" name="pyhook.conf"
>     scontext=system_u:system_r:abrt_t:s0-s0:c0.c1023
>     tcontext=system_u:object_r:abrt_etc_t:s0 tclass=file
> 
>     node=box6 type=SYSCALL msg=audit(1263395063.649:71): arch=c000003e
>     syscall=2 success=yes exit=9 a0=7f7549437625 a1=241 a2=1b6 a3=0
>     items=0 ppid=1 pid=1458 auid=4294967295 uid=0 gid=0 euid=0 suid=0
>     fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="abrtd"
>     exe=2F7573722F7362696E2F6162727464202864656C6574656429
>     subj=system_u:system_r:abrt_t:s0-s0:c0.c1023 key=(null)
> 
> 
> 
> 
>     .
> 
I believe there is a new abrt package available that does not do this any longer.

yum -y update abrt\* --enablerepo=updates-testing


-- 
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines

[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux