Abort must have been executed under the pyzor context. All SELinux is
reporting what the kernel sees.
On 09/02/2015 12:46 PM, Tom Rivers wrote:
On 9/1/2015 09:07, Tom Rivers wrote:
> I will continue to monitor the logs to see if anything else occurs.
After some additional debug work, I managed to determine that the
source of the problem was the incorrect ownership of the file
/var/lib/spamass-milter/.pyzor/servers. It was not owned by the user
under which pyzor executes and once it was properly adjusted the error
messages stopped.
The more interesting piece of this puzzle, however, is the way in
which SELinux is supposedly involved. According to one of the people
helping me on the pyzor end of this, it isn't pyzor that is trying to
access /usr/bin/rpm: he says it's abrt that is truly to blame. Here
is what he posted:
"I did some digging and have an explanation for the selinux/rpm thing.
The issue is that pyzor is backtracing /and/ Tom has abrt installed
and running. abrt logs and optionally auto-files bugs whenever (among
other things) a distro-installed python application backtraces. It
calls rpm to see which to which package the backtracing script belongs
in order to classify it properly. This kind of doesn't work well for
confined applications, but that's definitely not pyzor's bug."
If that is the case, then my question is this: why is SELinux blaming
pyzor for something abrt is doing?
Tom
--
selinux mailing list
selinux(a)lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux