On 11/7/19 1:02 AM, linux guy wrote:
It froze again this morning. I received this SELinux error:
SELinux is preventing abrt-action-sav from write access on the file /var/lib/rpm/.dbenv.lock.
I can't say I ever recall a selinux error being associated with a freeze as you described in
your initial post.
However, you should have....
[egreshko@meimei rpm]$ ls -dZ /var/lib/rpm/
system_u:object_r:rpm_var_lib_t:s0 /var/lib/rpm/
[egreshko@meimei rpm]$ ls -dZ /var/lib/rpm/.dbenv.lock
system_u:object_r:rpm_var_lib_t:s0 /var/lib/rpm/.dbenv.lock
If that is wrong you should do as shown in the report.
/sbin/restorecon -v /var/lib/rpm/.dbenv.lock
Also make sure that the time on the report matches the time of the freeze/crash.
***** Plugin restorecon (99.5 confidence) suggests ************************
If you want to fix the label.
/var/lib/rpm/.dbenv.lock default label should be rpm_var_lib_t.
Then you can run restorecon. The access attempt may have been stopped due to insufficient permissions to access a parent directory in which case try to change the following command accordingly.
Do
# /sbin/restorecon -v /var/lib/rpm/.dbenv.lock
***** Plugin catchall (1.49 confidence) suggests **************************
If you believe that abrt-action-sav should be allowed write access on the .dbenv.lock file by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# ausearch -c 'abrt-action-sav' --raw | audit2allow -M my-abrtactionsav
# semodule -X 300 -i my-abrtactionsav.pp
Additional Information:
Source Context system_u:system_r:abrt_t:s0-s0:c0.c1023
Target Context unconfined_u:object_r:var_lib_t:s0
Target Objects /var/lib/rpm/.dbenv.lock [ file ]
Source abrt-action-sav
Source Path abrt-action-sav
Port <Unknown>
Host Brix
Source RPM Packages
Target RPM Packages
Policy RPM <Unknown>
Selinux Enabled True
Policy Type targeted
Enforcing Mode Enforcing
Host Name Brix
Platform Linux Brix 5.3.8-300.fc31.x86_64 #1 SMP Tue Oct 29
14:28:41 UTC 2019 x86_64 x86_64
Alert Count 6
First Seen 2019-11-06 09:37:13 MST
Last Seen 2019-11-06 09:55:33 MST
Local ID be5595a9-b33a-40ba-97ba-e4f44ed86d80
Raw Audit Messages
type=AVC msg=audit(1573059333.330:273): avc: denied { write } for pid=1710 comm="abrt-action-sav" name=".dbenv.lock" dev="dm-0" ino=1835076 scontext=system_u:system_r:abrt_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:var_lib_t:s0 tclass=file permissive=0
Hash: abrt-action-sav,abrt_t,var_lib_t,file,write
_______________________________________________
users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx
--
The key to getting good answers is to ask good questions.
_______________________________________________
users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx
