avc - f15
Miroslav Grepl
mgrepl at redhat.com
Wed Jul 13 14:45:20 UTC 2011
On 07/13/2011 11:32 AM, Genes MailLists wrote:
> I started getting this today:
>
> (F15 + rawhide(3.0 kernel, procps)
>
>
> ELinux is preventing /usr/libexec/abrt-hook-ccpp from using the
> dac_override capability.
>
> ***** Plugin dac_override (91.4 confidence) suggests
> ***********************
>
> If you want to help identify if domain needs this access or you have a
> file with the wrong permissions on your system
> Then turn on full auditing to get path information about the offending
> file and generate the error again.
> Do
>
> Turn on full auditing
> # auditctl -w /etc/shadow -p w
> Try to recreate AVC. Then execute
> # ausearch -m avc -ts recent
> If you see PATH record check ownership/permissions on file, and fix it,
> otherwise report as a bugzilla.
>
> ***** Plugin catchall (9.59 confidence) suggests
> ***************************
>
> If you believe that abrt-hook-ccpp should have the dac_override
> capability by default.
> Then you should report this as a bug.
> You can generate a local policy module to allow this access.
> Do
> allow this access for now by executing:
> # grep abrt-hook-ccpp /var/log/audit/audit.log | audit2allow -M mypol
> # semodule -i mypol.pp
>
> Additional Information:
> Source Context system_u:system_r:abrt_helper_t:s0
> Target Context system_u:system_r:abrt_helper_t:s0
> Target Objects Unknown [ capability ]
> Source abrt-hook-ccpp
> Source Path /usr/libexec/abrt-hook-ccpp
> Port<Unknown>
> Host lap3.prv.sapience.com
> Source RPM Packages abrt-addon-ccpp-2.0.3-1.fc15
> Target RPM Packages
> Policy RPM selinux-policy-3.9.16-32.fc15
> Selinux Enabled True
> Policy Type targeted
> Enforcing Mode Permissive
> Host Name lap3.prv.sapience.com
> Platform Linux lap3.prv.sapience.com
> 3.0-0.rc7.git0.1.fc16.x86_64 #1 SMP Tue Jul 12
> 12:57:40 UTC 2011 x86_64 x86_64
> Alert Count 7
> First Seen Sun 10 Jul 2011 12:38:18 PM EDT
> Last Seen Wed 13 Jul 2011 07:28:22 AM EDT
> Local ID 6ad9b5e6-ea7d-45ac-900f-7cac78bb5a0a
>
> Raw Audit Messages
> type=AVC msg=audit(1310556502.342:162): avc: denied { dac_override }
> for pid=25068 comm="abrt-hook-ccpp" capability=1
> scontext=system_u:system_r:abrt_helper_t:s0
> tcontext=system_u:system_r:abrt_helper_t:s0 tclass=capability
>
>
> type=SYSCALL msg=audit(1310556502.342:162): arch=x86_64 syscall=unlink
> success=yes exit=0 a0=7fffc48cf140 a1=eed700 a2=fcfc a3=fffffffffffffff0
> items=0 ppid=23033 pid=25068 auid=4294967295 uid=0 gid=0 euid=0 suid=0
> fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295
> comm=abrt-hook-ccpp exe=/usr/libexec/abrt-hook-ccpp
> subj=system_u:system_r:abrt_helper_t:s0 key=(null)
>
> Hash: abrt-hook-ccpp,abrt_helper_t,abrt_helper_t,capability,dac_override
>
> --
> selinux mailing list
> selinux at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/selinux
Hi,
could you test it with the latest F15 policy which is available from koji
http://koji.fedoraproject.org/koji/buildinfo?buildID=252337
More information about the selinux
mailing list