SELinux is preventing pyzor from getattr access on the file /usr/bin/rpm

Tom Rivers tom at impact-crater.com
Tue Sep 1 13:07:45 UTC 2015 

On 9/1/2015 01:35, Miroslav Grepl wrote:
>
> It will be a library call and it would require more debugging. Basically
> I would also try to run it in permissive mode
>
> # semanage permissive -a spamc_t
>
> to see if you can get more AVCs.


Thanks for the reply.  I did as you directed and got a new AVC in 
addition to the one I identified previously:

SELinux is preventing pyzor from open access on the file 
/var/lib/rpm/Packages.

*****  Plugin catchall (100. confidence) suggests **************************

If you believe that pyzor should be allowed open access on the Packages 
file by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# grep pyzor /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp


Additional Information:
Source Context                system_u:system_r:spamc_t:s0
Target Context system_u:object_r:rpm_var_lib_t:s0
Target Objects                /var/lib/rpm/Packages [ file ]
Source                        pyzor
Source Path                   pyzor
Port                          <Unknown>
Host                          impact-crater.com
Source RPM Packages
Target RPM Packages           rpm-4.12.0.1-7.fc21.x86_64
Policy RPM selinux-policy-3.13.1-105.20.fc21.noarch
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Enforcing
Host Name                     impact-crater.com
Platform                      Linux impact-crater.com 
4.1.5-100.fc21.x86_64 #1
                               SMP Tue Aug 11 00:24:23 UTC 2015 x86_64 
x86_64
Alert Count                   1
First Seen                    2015-09-01 09:01:22 EDT
Last Seen                     2015-09-01 09:01:22 EDT
Local ID cd8cd6d0-38a1-40df-b4ea-34ab2020625a

Raw Audit Messages
type=AVC msg=audit(1441112482.875:16788): avc:  denied  { open } for  
pid=22386 comm="pyzor" path="/var/lib/rpm/Packages" dev="dm-1" 
ino=2103007 scontext=system_u:system_r:spamc_t:s0 
tcontext=system_u:object_r:rpm_var_lib_t:s0 tclass=file permissive=1

Hash: pyzor,spamc_t,rpm_var_lib_t,file,open


I will continue to monitor the logs to see if anything else occurs.


Tom

More information about the selinux mailing list