oops on reboot

Arthur Dent misc.lists at blueyonder.co.uk
Thu Jul 21 18:26:31 UTC 2011 

I don't reboot my machine very often (about once per month after a "yum
update") but each time I do I now get the following AVC:

=============8<=========================================================
SELinux is preventing /usr/bin/abrt-dump-oops from syslog_read access on
the system Unknown.

*****  Plugin catchall (100. confidence) suggests
***************************

If you believe that abrt-dump-oops should be allowed syslog_read access
on the Unknown system by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# grep abrt-dump-oops /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp

Additional Information:
Source Context                system_u:system_r:abrt_helper_t:s0
Target Context                system_u:system_r:kernel_t:s0
Target Objects                Unknown [ system ]
Source                        abrt-dump-oops
Source Path                   /usr/bin/abrt-dump-oops
Port                          <Unknown>
Host                          example.com
Source RPM Packages           abrt-addon-kerneloops-2.0.3-1.fc15
Target RPM Packages           
Policy RPM                    selinux-policy-3.9.16-34.fc15
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Enforcing
Host Name                     example.com
Platform                      Linux troodos.org.uk
2.6.38.8-35.fc15.i686.PAE #1
                              SMP Wed Jul 6 14:29:06 UTC 2011 i686 i686
Alert Count                   3
First Seen                    Tue Jul 19 10:22:00 2011
Last Seen                     Thu Jul 21 11:34:47 2011
Local ID                      9591fda1-fb84-4cd0-841e-650d306152f4

Raw Audit Messages
type=AVC msg=audit(1311244487.906:41): avc:  denied  { syslog_read } for
pid=1440 comm="abrt-dump-oops"
scontext=system_u:system_r:abrt_helper_t:s0
tcontext=system_u:system_r:kernel_t:s0 tclass=system


type=SYSCALL msg=audit(1311244487.906:41): arch=i386 syscall=syslog
success=no exit=EACCES a0=3 a1=90d70a8 a2=3fff a3=0 items=0 ppid=1
pid=1440 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0
fsgid=0 tty=(none) ses=4294967295 comm=abrt-dump-oops
exe=/usr/bin/abrt-dump-oops subj=system_u:system_r:abrt_helper_t:s0
key=(null)

Hash: abrt-dump-oops,abrt_helper_t,kernel_t,system,syslog_read

audit2allow

#============= abrt_helper_t ==============
allow abrt_helper_t kernel_t:system syslog_read;

audit2allow -R

#============= abrt_helper_t ==============
allow abrt_helper_t kernel_t:system syslog_read;
=============8<=========================================================

Should I allow it?

Thanks in advance

Mark

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part
Url : http://lists.fedoraproject.org/pipermail/selinux/attachments/20110721/d3f29bbd/attachment-0001.bin

More information about the selinux mailing list