SELinux is preventing /usr/bin/timeout from using the 'signal' accesses on a process.

Solution Unverified - Updated -

Issue

  • ABRT is capturing alerts where SELinux is preventing /usr/bin/timeout from using the 'signal' accesses on a process:
:*****  Plugin catchall (100. confidence) suggests   **************************
:
:If you believe that timeout should be allowed signal access on processes labeled sosreport_t by default.
:Then you should report this as a bug.
:You can generate a local policy module to allow this access.
:Do
:allow this access for now by executing:
:# grep timeout /var/log/audit/audit.log | audit2allow -M mypol
:# semodule -i mypol.pp
:
:Additional Information:
:Source Context                system_u:system_r:sosreport_t:s0-s0:c0.c1023
:Target Context                system_u:system_r:sosreport_t:s0-s0:c0.c1023
:Target Objects                 [ process ]
:Source                        timeout
:Source Path                   /usr/bin/timeout
:Port                          <Unknown>
:Host                          (removed)
:Source RPM Packages           coreutils-8.21-13.el7.x86_64
:Target RPM Packages           
:Policy RPM                    selinux-policy-3.12.1-103.el7.noarch
:Selinux Enabled               True
:Policy Type                   targeted
:Enforcing Mode                Enforcing
:Host Name                     (removed)
:Platform                      Linux (removed) 3.10.0-54.0.1.el7.x86_64 #1 SMP
:                              Tue Nov 26 16:51:22 EST 2013 x86_64 x86_64
:Alert Count                   5
:First Seen                    2013-12-13 13:03:07 CET
:Last Seen                     2013-12-13 13:05:03 CET
:Local ID                      f0b2b4f7-77b8-413f-bd27-05e7156bb83e
:
:Raw Audit Messages
:type=AVC msg=audit(1386936303.337:739): avc:  denied  { signal } for  pid=28078 comm="timeout" scontext=system_u:system_r:sosreport_t:s0-s0:c0.c1023 tcontext=system_u:system_r:sosreport_t:s0-s0:c0.c1023 tclass=process
:
:
:type=AVC msg=audit(1386936303.337:739): avc:  denied  { signal } for  pid=28078 comm="timeout" scontext=system_u:system_r:sosreport_t:s0-s0:c0.c1023 tcontext=system_u:system_r:sosreport_t:s0-s0:c0.c1023 tclass=process
:
:
:type=SYSCALL msg=audit(1386936303.337:739): arch=x86_64 syscall=kill success=no exit=EACCES a0=0 a1=12 a2=0 a3=8 items=0 ppid=27866 pid=28078 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=timeout exe=/usr/bin/timeout subj=system_u:system_r:sosreport_t:s0-s0:c0.c1023 key=(null)
:
:Hash: timeout,sosreport_t,sosreport_t,process,signal

Environment

  • Red Hat Enterprise Linux 7 beta
  • selinux-policy-3.12.1-103.el7

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content