Getting "[abrt] (null): SELinux is preventing /usr/bin/updatedb from 'getattr' accesses on the directory ."

Solution Verified - Updated -

Issue

  • Getting "[abrt] (null): SELinux is preventing /usr/bin/updatedb from getattr accesses on the directory."
comment:        This happens whenever updatedb runs, which must be set as a cron job that comes with RHEL 7 as a default.
hashmarkername: setroubleshoot
kernel:         3.10.0-123.20.1.el7.x86_64
last_occurrence: 1425408652
time:           Tue 03 Mar 2015 12:50:52 PM CST

description:
:SELinux is preventing /usr/bin/updatedb from 'getattr' accesses on the directory .
:
:*****  Plugin catchall (100. confidence) suggests   **************************
:
:If you believe that updatedb should be allowed getattr access on the  directory by default.
:Then you should report this as a bug.
:You can generate a local policy module to allow this access.
:Do
:allow this access for now by executing:
:# grep updatedb /var/log/audit/audit.log | audit2allow -M mypol
:# semodule -i mypol.pp
:
:Additional Information:
:Source Context                system_u:system_r:locate_t:s0-s0:c0.c1023
:Target Context                unconfined_u:object_r:chrome_sandbox_t:s0
:Target Objects                 [ dir ]
:Source                        updatedb
:Source Path                   /usr/bin/updatedb
:Port                          <Unknown>
:Host                          (removed)
:Source RPM Packages           mlocate-0.26-5.el7.x86_64
:Target RPM Packages           
:Policy RPM                    selinux-policy-3.12.1-153.el7_0.13.noarch
:Selinux Enabled               True
:Policy Type                   targeted
:Enforcing Mode                Enforcing
:Host Name                     (removed)
:Platform                      Linux (removed) 3.10.0-123.20.1.el7.x86_64 #1 SMP
:                              Wed Jan 21 09:45:55 EST 2015 x86_64 x86_64
:Alert Count                   74
:First Seen                    2014-09-24 08:49:02 CDT
:Last Seen                     2015-03-03 12:48:02 CST
:Local ID                      b66cea43-3b12-47b3-b3e2-5824ec8fc21c
:
:Raw Audit Messages
:type=AVC msg=audit(1425408482.679:284): avc:  denied  { getattr } for  pid=8496 comm="updatedb" path="/etc/opt/chrome" dev="dm-1" ino=202275607 scontext=system_u:system_r:locate_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:chrome_sandbox_t:s0 tclass=dir
:
:
:type=SYSCALL msg=audit(1425408482.679:284): arch=x86_64 syscall=lstat success=no exit=EACCES a0=7f9d50f98899 a1=7fff911e7fd0 a2=7fff911e7fd0 a3=7f9d505348e0 items=0 ppid=8490 pid=8496 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=6 comm=updatedb exe=/usr/bin/updatedb subj=system_u:system_r:locate_t:s0-s0:c0.c1023 key=(null)
:
:Hash: updatedb,locate_t,chrome_sandbox_t,dir,getattr

Environment

  • Red Hat Enterprise Linux 7
  • selinux-policy-3.12.1-153.el7_0.13.noarch

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content