Dear all, after being unable to update to latest since end of December and updating successfully, I see the following alerts. I try to submit reports but abrt? is crashing :( Thanks for any pointers/advice/suggestions in advance, Regards, Antonio Summary: SELinux is preventing /usr/sbin/abrtd (deleted) "write" access on /etc/abrt. Detailed Description: [abrtd has a permissive type (abrt_t). This access was not denied.] SELinux denied access requested by abrtd. It is not expected that this access is required by abrtd and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Allowing Access: You can generate a local policy module to allow this access - see FAQ (http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Please file a bug report. Additional Information: Source Context system_u:system_r:abrt_t:s0-s0:c0.c1023 Target Context system_u:object_r:abrt_etc_t:s0 Target Objects /etc/abrt [ dir ] Source abrtd Source Path /usr/sbin/abrtd (deleted) Port <Unknown> Host (removed) Source RPM Packages Target RPM Packages abrt-1.0.2-1.fc13 Policy RPM selinux-policy-3.7.7-2.fc13 Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Plugin Name catchall Host Name (removed) Platform Linux (removed) 2.6.32-7.fc13.x86_64 #1 SMP Wed Dec 9 10:51:00 EST 2009 x86_64 x86_64 Alert Count 3 First Seen Fri 15 Jan 2010 05:16:23 PM CST Last Seen Fri 15 Jan 2010 05:16:23 PM CST Local ID 384ec928-68a3-44de-99df-c72f1463e4d6 Line Numbers Raw Audit Messages node=(removed) type=AVC msg=audit(1263597383.547:63): avc: denied { write } for pid=1420 comm="abrtd" name="abrt" dev=dm-0 ino=28638 scontext=system_u:system_r:abrt_t:s0-s0:c0.c1023 tcontext=system_u:object_r:abrt_etc_t:s0 tclass=dir node=(removed) type=AVC msg=audit(1263597383.547:63): avc: denied { add_name } for pid=1420 comm="abrtd" name="pyhook.conf" scontext=system_u:system_r:abrt_t:s0-s0:c0.c1023 tcontext=system_u:object_r:abrt_etc_t:s0 tclass=dir node=(removed) type=AVC msg=audit(1263597383.547:63): avc: denied { create } for pid=1420 comm="abrtd" name="pyhook.conf" scontext=system_u:system_r:abrt_t:s0-s0:c0.c1023 tcontext=system_u:object_r:abrt_etc_t:s0 tclass=file node=(removed) type=SYSCALL msg=audit(1263597383.547:63): arch=c000003e syscall=2 success=yes exit=9 a0=7f72659b8625 a1=241 a2=1b6 a3=0 items=0 ppid=1 pid=1420 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="abrtd" exe=2F7573722F7362696E2F6162727464202864656C6574656429 subj=system_u:system_r:abrt_t:s0-s0:c0.c1023 key=(null) Summary: Detailed Description: [shutdown has a permissive type (xdm_t). This access was not denied.] SELinux denied access requested by shutdown. It is not expected that this access is required by shutdown and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Allowing Access: You can generate a local policy module to allow this access - see FAQ (http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Please file a bug report. Additional Information: Source Context system_u:system_r:xdm_t:s0-s0:c0.c1023 Target Context system_u:system_r:init_t:s0 Target Objects [ unix_stream_socket ] Source shutdown Source Path /sbin/shutdown Port <Unknown> Host n6355-ET1161-05 Source RPM Packages upstart-0.6.3-5.fc13 Target RPM Packages filesystem-2.4.31-1.fc13 Policy RPM selinux-policy-3.7.7-2.fc13 Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Plugin Name catchall Host Name n6355-ET1161-05 Platform Linux n6355-ET1161-05 2.6.32-7.fc13.x86_64 #1 SMP Wed Dec 9 10:51:00 EST 2009 x86_64 x86_64 Alert Count 1 First Seen Fri 15 Jan 2010 06:18:46 PM CST Last Seen Fri 15 Jan 2010 06:18:46 PM CST Local ID 68992789-1746-4d6e-9f9b-fb5113529442 Line Numbers Raw Audit Messages node=n6355-ET1161-05 type=AVC msg=audit(1263601126.315:74): avc: denied { connectto } for pid=23588 comm="shutdown" path=002F636F6D2F7562756E74752F75707374617274 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:system_r:init_t:s0 tclass=unix_stream_socket node=n6355-ET1161-05 type=SYSCALL msg=audit(1263601126.315:74): arch=c000003e syscall=42 success=yes exit=128 a0=3 a1=7fff661de2d0 a2=16 a3=7fff661de050 items=0 ppid=1483 pid=23588 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="shutdown" exe="/sbin/shutdown" subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 key=(null) Summary: SELinux is preventing /usr/bin/python "read" access on /var/run/abrt.pid. Detailed Description: SELinux denied access requested by SetroubleshootF. It is not expected that this access is required by SetroubleshootF and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Allowing Access: You can generate a local policy module to allow this access - see FAQ (http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Please file a bug report. Additional Information: Source Context system_u:system_r:setroubleshoot_fixit_t:s0-s0:c0. c1023 Target Context system_u:object_r:abrt_var_run_t:s0 Target Objects /var/run/abrt.pid [ file ] Source SetroubleshootF Source Path /usr/bin/python Port <Unknown> Host n6355-ET1161-05 Source RPM Packages python-2.6.4-4.fc13 Target RPM Packages Policy RPM selinux-policy-3.7.7-2.fc13 Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Plugin Name catchall Host Name n6355-ET1161-05 Platform Linux n6355-ET1161-05 2.6.32.3-21.fc13.x86_64 #1 SMP Mon Jan 11 16:53:56 UTC 2010 x86_64 x86_64 Alert Count 0 First Seen Fri 15 Jan 2010 12:23:06 PM CST Last Seen Fri 15 Jan 2010 12:23:06 PM CST Local ID 5806d5ac-edaf-4975-99eb-28b018e6379f Line Numbers Raw Audit Messages node=n6355-ET1161-05 type=AVC msg=audit(1263579786.790:22): avc: denied { read } for pid=2250 comm="SetroubleshootF" name="abrt.pid" dev=dm-0 ino=131500 scontext=system_u:system_r:setroubleshoot_fixit_t:s0-s0:c0.c1023 tcontext=system_u:object_r:abrt_var_run_t:s0 tclass=file node=n6355-ET1161-05 type=SYSCALL msg=audit(1263579786.790:22): arch=c000003e syscall=2 success=no exit=-13 a0=d44570 a1=0 a2=1b6 a3=0 items=0 ppid=2249 pid=2250 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="SetroubleshootF" exe="/usr/bin/python" subj=system_u:system_r:setroubleshoot_fixit_t:s0-s0:c0.c1023 key=(null) Summary: SELinux is preventing /usr/sbin/cupsd "read" access to /etc/cups/ppd/Cups-PDF.ppd. Detailed Description: SELinux denied access requested by cupsd. /etc/cups/ppd/Cups-PDF.ppd may be a mislabeled. /etc/cups/ppd/Cups-PDF.ppd default SELinux type is cupsd_rw_etc_t, but its current type is tmp_t. Changing this file back to the default type, may fix your problem. File contexts can be assigned to a file in the following ways. * Files created in a directory receive the file context of the parent directory by default. * The SELinux policy might override the default label inherited from the parent directory by specifying a process running in context A which creates a file in a directory labeled B will instead create the file with label C. An example of this would be the dhcp client running with the dhclient_t type and creating a file in the directory /etc. This file would normally receive the etc_t type due to parental inheritance but instead the file is labeled with the net_conf_t type because the SELinux policy specifies this. * Users can change the file context on a file using tools such as chcon, or restorecon. This file could have been mislabeled either by user error, or if an normally confined application was run under the wrong domain. However, this might also indicate a bug in SELinux because the file should not have been labeled with this type. If you believe this is a bug, please file a bug report against this package. Allowing Access: You can restore the default system context to this file by executing the restorecon command. restorecon '/etc/cups/ppd/Cups-PDF.ppd', if this file is a directory, you can recursively restore using restorecon -R '/etc/cups/ppd/Cups-PDF.ppd'. Fix Command: /sbin/restorecon '/etc/cups/ppd/Cups-PDF.ppd' Additional Information: Source Context unconfined_u:system_r:cupsd_t:s0-s0:c0.c1023 Target Context system_u:object_r:tmp_t:s0 Target Objects /etc/cups/ppd/Cups-PDF.ppd [ file ] Source cupsd Source Path /usr/sbin/cupsd Port <Unknown> Host n6355-ET1161-05 Source RPM Packages cups-1.4.2-24.fc13 Target RPM Packages Policy RPM selinux-policy-3.7.7-2.fc13 Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Plugin Name restorecon Host Name n6355-ET1161-05 Platform Linux n6355-ET1161-05 2.6.32-7.fc13.x86_64 #1 SMP Wed Dec 9 10:51:00 EST 2009 x86_64 x86_64 Alert Count 2 First Seen Mon 14 Dec 2009 09:04:50 AM CST Last Seen Fri 15 Jan 2010 05:06:08 PM CST Local ID d2a2744e-27fd-40d6-8f8b-46ef65fd1026 Line Numbers Raw Audit Messages node=n6355-ET1161-05 type=AVC msg=audit(1263596768.153:59): avc: denied { read } for pid=21527 comm="cupsd" name="Cups-PDF.ppd" dev=dm-0 ino=221456 scontext=unconfined_u:system_r:cupsd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:tmp_t:s0 tclass=file node=n6355-ET1161-05 type=SYSCALL msg=audit(1263596768.153:59): arch=c000003e syscall=2 success=no exit=-13 a0=7fffcd2267e0 a1=0 a2=0 a3=7fffcd225fc0 items=0 ppid=21526 pid=21527 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="cupsd" exe="/usr/sbin/cupsd" subj=unconfined_u:system_r:cupsd_t:s0-s0:c0.c1023 key=(null) Summary: SELinux is preventing /usr/sbin/cupsd "read" access to /etc/cups/ppd/HP-LaserJet-1200.ppd. Detailed Description: SELinux denied access requested by cupsd. /etc/cups/ppd/HP-LaserJet-1200.ppd may be a mislabeled. /etc/cups/ppd/HP-LaserJet-1200.ppd default SELinux type is cupsd_rw_etc_t, but its current type is tmp_t. Changing this file back to the default type, may fix your problem. File contexts can be assigned to a file in the following ways. * Files created in a directory receive the file context of the parent directory by default. * The SELinux policy might override the default label inherited from the parent directory by specifying a process running in context A which creates a file in a directory labeled B will instead create the file with label C. An example of this would be the dhcp client running with the dhclient_t type and creating a file in the directory /etc. This file would normally receive the etc_t type due to parental inheritance but instead the file is labeled with the net_conf_t type because the SELinux policy specifies this. * Users can change the file context on a file using tools such as chcon, or restorecon. This file could have been mislabeled either by user error, or if an normally confined application was run under the wrong domain. However, this might also indicate a bug in SELinux because the file should not have been labeled with this type. If you believe this is a bug, please file a bug report against this package. Allowing Access: You can restore the default system context to this file by executing the restorecon command. restorecon '/etc/cups/ppd/HP-LaserJet-1200.ppd', if this file is a directory, you can recursively restore using restorecon -R '/etc/cups/ppd/HP-LaserJet-1200.ppd'. Fix Command: /sbin/restorecon '/etc/cups/ppd/HP-LaserJet-1200.ppd' Additional Information: Source Context unconfined_u:system_r:cupsd_t:s0-s0:c0.c1023 Target Context system_u:object_r:tmp_t:s0 Target Objects /etc/cups/ppd/HP-LaserJet-1200.ppd [ file ] Source cupsd Source Path /usr/sbin/cupsd Port <Unknown> Host n6355-ET1161-05 Source RPM Packages cups-1.4.2-24.fc13 Target RPM Packages Policy RPM selinux-policy-3.7.7-2.fc13 Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Plugin Name restorecon Host Name n6355-ET1161-05 Platform Linux n6355-ET1161-05 2.6.32-7.fc13.x86_64 #1 SMP Wed Dec 9 10:51:00 EST 2009 x86_64 x86_64 Alert Count 2 First Seen Mon 14 Dec 2009 09:04:50 AM CST Last Seen Fri 15 Jan 2010 05:06:08 PM CST Local ID 38fbab19-5c32-404e-9d68-ca6fded185b0 Line Numbers Raw Audit Messages node=n6355-ET1161-05 type=AVC msg=audit(1263596768.222:61): avc: denied { read } for pid=21527 comm="cupsd" name="HP-LaserJet-1200.ppd" dev=dm-0 ino=104601 scontext=unconfined_u:system_r:cupsd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:tmp_t:s0 tclass=file node=n6355-ET1161-05 type=SYSCALL msg=audit(1263596768.222:61): arch=c000003e syscall=2 success=no exit=-13 a0=7fffcd2267e0 a1=0 a2=0 a3=1 items=0 ppid=21526 pid=21527 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="cupsd" exe="/usr/sbin/cupsd" subj=unconfined_u:system_r:cupsd_t:s0-s0:c0.c1023 key=(null) Thanks for helping. -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
