oops on reboot

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

I don't reboot my machine very often (about once per month after a "yum
update") but each time I do I now get the following AVC:

=============8<=========================================================
SELinux is preventing /usr/bin/abrt-dump-oops from syslog_read access on
the system Unknown.

*****  Plugin catchall (100. confidence) suggests
***************************

If you believe that abrt-dump-oops should be allowed syslog_read access
on the Unknown system by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# grep abrt-dump-oops /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp

Additional Information:
Source Context                system_u:system_r:abrt_helper_t:s0
Target Context                system_u:system_r:kernel_t:s0
Target Objects                Unknown [ system ]
Source                        abrt-dump-oops
Source Path                   /usr/bin/abrt-dump-oops
Port                          <Unknown>
Host                          example.com
Source RPM Packages           abrt-addon-kerneloops-2.0.3-1.fc15
Target RPM Packages           
Policy RPM                    selinux-policy-3.9.16-34.fc15
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Enforcing
Host Name                     example.com
Platform                      Linux troodos.org.uk
2.6.38.8-35.fc15.i686.PAE #1
                              SMP Wed Jul 6 14:29:06 UTC 2011 i686 i686
Alert Count                   3
First Seen                    Tue Jul 19 10:22:00 2011
Last Seen                     Thu Jul 21 11:34:47 2011
Local ID                      9591fda1-fb84-4cd0-841e-650d306152f4

Raw Audit Messages
type=AVC msg=audit(1311244487.906:41): avc:  denied  { syslog_read } for
pid=1440 comm="abrt-dump-oops"
scontext=system_u:system_r:abrt_helper_t:s0
tcontext=system_u:system_r:kernel_t:s0 tclass=system


type=SYSCALL msg=audit(1311244487.906:41): arch=i386 syscall=syslog
success=no exit=EACCES a0=3 a1=90d70a8 a2=3fff a3=0 items=0 ppid=1
pid=1440 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0
fsgid=0 tty=(none) ses=4294967295 comm=abrt-dump-oops
exe=/usr/bin/abrt-dump-oops subj=system_u:system_r:abrt_helper_t:s0
key=(null)

Hash: abrt-dump-oops,abrt_helper_t,kernel_t,system,syslog_read

audit2allow

#============= abrt_helper_t ==============
allow abrt_helper_t kernel_t:system syslog_read;

audit2allow -R

#============= abrt_helper_t ==============
allow abrt_helper_t kernel_t:system syslog_read;
=============8<=========================================================

Should I allow it?

Thanks in advance

Mark

Attachment: signature.asc
Description: This is a digitally signed message part

--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux
[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux