oops on reboot
Arthur Dent
misc.lists at blueyonder.co.uk
Thu Jul 21 18:26:31 UTC 2011
I don't reboot my machine very often (about once per month after a "yum
update") but each time I do I now get the following AVC:
=============8<=========================================================
SELinux is preventing /usr/bin/abrt-dump-oops from syslog_read access on
the system Unknown.
***** Plugin catchall (100. confidence) suggests
***************************
If you believe that abrt-dump-oops should be allowed syslog_read access
on the Unknown system by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# grep abrt-dump-oops /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp
Additional Information:
Source Context system_u:system_r:abrt_helper_t:s0
Target Context system_u:system_r:kernel_t:s0
Target Objects Unknown [ system ]
Source abrt-dump-oops
Source Path /usr/bin/abrt-dump-oops
Port <Unknown>
Host example.com
Source RPM Packages abrt-addon-kerneloops-2.0.3-1.fc15
Target RPM Packages
Policy RPM selinux-policy-3.9.16-34.fc15
Selinux Enabled True
Policy Type targeted
Enforcing Mode Enforcing
Host Name example.com
Platform Linux troodos.org.uk
2.6.38.8-35.fc15.i686.PAE #1
SMP Wed Jul 6 14:29:06 UTC 2011 i686 i686
Alert Count 3
First Seen Tue Jul 19 10:22:00 2011
Last Seen Thu Jul 21 11:34:47 2011
Local ID 9591fda1-fb84-4cd0-841e-650d306152f4
Raw Audit Messages
type=AVC msg=audit(1311244487.906:41): avc: denied { syslog_read } for
pid=1440 comm="abrt-dump-oops"
scontext=system_u:system_r:abrt_helper_t:s0
tcontext=system_u:system_r:kernel_t:s0 tclass=system
type=SYSCALL msg=audit(1311244487.906:41): arch=i386 syscall=syslog
success=no exit=EACCES a0=3 a1=90d70a8 a2=3fff a3=0 items=0 ppid=1
pid=1440 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0
fsgid=0 tty=(none) ses=4294967295 comm=abrt-dump-oops
exe=/usr/bin/abrt-dump-oops subj=system_u:system_r:abrt_helper_t:s0
key=(null)
Hash: abrt-dump-oops,abrt_helper_t,kernel_t,system,syslog_read
audit2allow
#============= abrt_helper_t ==============
allow abrt_helper_t kernel_t:system syslog_read;
audit2allow -R
#============= abrt_helper_t ==============
allow abrt_helper_t kernel_t:system syslog_read;
=============8<=========================================================
Should I allow it?
Thanks in advance
Mark
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part
Url : http://lists.fedoraproject.org/pipermail/selinux/attachments/20110721/d3f29bbd/attachment-0001.bin
More information about the selinux
mailing list