oops on reboot

Daniel J Walsh dwalsh at redhat.com
Thu Jul 21 19:40:09 UTC 2011 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 07/21/2011 02:26 PM, Arthur Dent wrote:
> I don't reboot my machine very often (about once per month after a
> "yum update") but each time I do I now get the following AVC:
> 
> =============8<=========================================================
>
> 
SELinux is preventing /usr/bin/abrt-dump-oops from syslog_read access on
> the system Unknown.
> 
> *****  Plugin catchall (100. confidence) suggests 
> ***************************
> 
> If you believe that abrt-dump-oops should be allowed syslog_read
> access on the Unknown system by default. Then you should report this
> as a bug. You can generate a local policy module to allow this
> access. Do allow this access for now by executing: # grep
> abrt-dump-oops /var/log/audit/audit.log | audit2allow -M mypol #
> semodule -i mypol.pp
> 
> Additional Information: Source Context
> system_u:system_r:abrt_helper_t:s0 Target Context
> system_u:system_r:kernel_t:s0 Target Objects                Unknown [
> system ] Source                        abrt-dump-oops Source Path
> /usr/bin/abrt-dump-oops Port                          <Unknown> Host
> example.com Source RPM Packages
> abrt-addon-kerneloops-2.0.3-1.fc15 Target RPM Packages Policy RPM
> selinux-policy-3.9.16-34.fc15 Selinux Enabled               True 
> Policy Type                   targeted Enforcing Mode
> Enforcing Host Name                     example.com Platform
> Linux troodos.org.uk 2.6.38.8-35.fc15.i686.PAE #1 SMP Wed Jul 6
> 14:29:06 UTC 2011 i686 i686 Alert Count                   3 First
> Seen                    Tue Jul 19 10:22:00 2011 Last Seen
> Thu Jul 21 11:34:47 2011 Local ID
> 9591fda1-fb84-4cd0-841e-650d306152f4
> 
> Raw Audit Messages type=AVC msg=audit(1311244487.906:41): avc:
> denied  { syslog_read } for pid=1440 comm="abrt-dump-oops" 
> scontext=system_u:system_r:abrt_helper_t:s0 
> tcontext=system_u:system_r:kernel_t:s0 tclass=system
> 
> 
> type=SYSCALL msg=audit(1311244487.906:41): arch=i386 syscall=syslog 
> success=no exit=EACCES a0=3 a1=90d70a8 a2=3fff a3=0 items=0 ppid=1 
> pid=1440 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
> sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=abrt-dump-oops 
> exe=/usr/bin/abrt-dump-oops subj=system_u:system_r:abrt_helper_t:s0 
> key=(null)
> 
> Hash: abrt-dump-oops,abrt_helper_t,kernel_t,system,syslog_read
> 
> audit2allow
> 
> #============= abrt_helper_t ============== allow abrt_helper_t
> kernel_t:system syslog_read;
> 
> audit2allow -R
> 
> #============= abrt_helper_t ============== allow abrt_helper_t
> kernel_t:system syslog_read; 
> =============8<=========================================================
>
>  Should I allow it?
> 
> Thanks in advance
> 
> Mark
> 
> 
> 
> 
> -- selinux mailing list selinux at lists.fedoraproject.org 
> https://admin.fedoraproject.org/mailman/listinfo/selinux

Please report a bugzilla.

Miroslav I guess we need to back port the abrt policy from F16
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk4ogJkACgkQrlYvE4MpobNInwCg2Jdr+eVNRu8UM6N2EX/dLjxL
07UAmQEzS+x0HVy03bKio9eRijEhGePG
=vgT/
-----END PGP SIGNATURE-----

More information about the selinux mailing list