Selinux warning -
Bob Goodwin
bobgoodwin at wildblue.net
Wed Jan 13 17:43:54 UTC 2010
I'm not sure what this means or how to react to it. I noticed it for the
first time after an update a little while ago although it also refers to
an earlier episode. This is the first time I saw it though.
Advise appreciated.
Bob
Summary:
SELinux is preventing /usr/sbin/abrtd (deleted) "write" access on
/etc/abrt.
Detailed Description:
[abrtd has a permissive type (abrt_t). This access was not denied.]
SELinux denied access requested by abrtd. It is not expected that
this access is
required by abrtd and this access may signal an intrusion attempt.
It is also
possible that the specific version or configuration of the
application is
causing it to require additional access.
Allowing Access:
You can generate a local policy module to allow this access - see FAQ
(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Please
file a bug
report.
Additional Information:
Source Context system_u:system_r:abrt_t:s0-s0:c0.c1023
Target Context system_u:object_r:abrt_etc_t:s0
Target Objects /etc/abrt [ dir ]
Source abrtd
Source Path /usr/sbin/abrtd (deleted)
Port <Unknown>
Host box6
Source RPM Packages
Target RPM Packages abrt-1.0.3-1.fc12
Policy RPM selinux-policy-3.6.32-66.fc12
Selinux Enabled True
Policy Type targeted
Enforcing Mode Enforcing
Plugin Name catchall
Host Name box6
Platform Linux box6 2.6.31.9-174.fc12.x86_64 #1
SMP Mon Dec
21 05:33:33 UTC 2009 x86_64 x86_64
Alert Count 3
First Seen Wed 13 Jan 2010 10:04:23 AM EST
Last Seen Wed 13 Jan 2010 10:04:23 AM EST
Local ID 5b2d146c-4a5b-4d4b-bd2b-17df8e2837a5
Line Numbers
Raw Audit Messages
node=box6 type=AVC msg=audit(1263395063.649:71): avc: denied {
write } for pid=1458 comm="abrtd" name="abrt" dev=dm-2 ino=24239
scontext=system_u:system_r:abrt_t:s0-s0:c0.c1023
tcontext=system_u:object_r:abrt_etc_t:s0 tclass=dir
node=box6 type=AVC msg=audit(1263395063.649:71): avc: denied {
add_name } for pid=1458 comm="abrtd" name="pyhook.conf"
scontext=system_u:system_r:abrt_t:s0-s0:c0.c1023
tcontext=system_u:object_r:abrt_etc_t:s0 tclass=dir
node=box6 type=AVC msg=audit(1263395063.649:71): avc: denied {
create } for pid=1458 comm="abrtd" name="pyhook.conf"
scontext=system_u:system_r:abrt_t:s0-s0:c0.c1023
tcontext=system_u:object_r:abrt_etc_t:s0 tclass=file
node=box6 type=SYSCALL msg=audit(1263395063.649:71): arch=c000003e
syscall=2 success=yes exit=9 a0=7f7549437625 a1=241 a2=1b6 a3=0
items=0 ppid=1 pid=1458 auid=4294967295 uid=0 gid=0 euid=0 suid=0
fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="abrtd"
exe=2F7573722F7362696E2F6162727464202864656C6574656429
subj=system_u:system_r:abrt_t:s0-s0:c0.c1023 key=(null)
.
More information about the users
mailing list