Abort must have been executed under the pyzor context. All SELinux
is reporting what the kernel sees.
On 09/02/2015 12:46 PM, Tom Rivers
wrote:
On 9/1/2015 09:07, Tom Rivers wrote:
I will continue to monitor the logs to see if
anything else occurs.
After some additional debug work, I managed to determine that the
source of the problem was the incorrect ownership of the file
/var/lib/spamass-milter/.pyzor/servers. It was not owned by the
user under which pyzor executes and once it was properly adjusted
the error messages stopped.
The more interesting piece of this puzzle, however, is the way in
which SELinux is supposedly involved. According to one of the
people helping me on the pyzor end of this, it isn't pyzor that is
trying to access /usr/bin/rpm: he says it's abrt that is truly to
blame. Here is what he posted:
"I did some digging and have an explanation for the selinux/rpm
thing. The issue is that pyzor is backtracing and Tom
has abrt installed and running. abrt logs and optionally
auto-files bugs whenever (among other things) a distro-installed
python application backtraces. It calls rpm to see which to which
package the backtracing script belongs in order to classify it
properly. This kind of doesn't work well for confined
applications, but that's definitely not pyzor's bug."
If that is the case, then my question is this: why is SELinux
blaming pyzor for something abrt is doing?
Tom
--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux
|
--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux
