Abrt captures SELinux alert regarding write access on file "entitlement_status.json" or write' accesses on the directory rhsm
Issue
-
While executing Subscription manager, Selinux alert is seen on the logs
-
SELinux is preventing /usr/bin/python2.7 from 'write' accesses on the file entitlement_status.json
- [abrt] (null): SELinux is preventing /usr/bin/python2.7 from 'write' accesses on the file entitlement_status.json
:Additional Information:
:Source Context system_u:system_r:sosreport_t:s0-s0:c0.c1023
:Target Context unconfined_u:object_r:rhsmcertd_var_lib_t:s0
:Target Objects entitlement_status.json [ file ]
:Source subscription-ma
:Source Path /usr/bin/python2.7
:Port <Unknown>
:Host (removed)
:Source RPM Packages python-2.7.5-10.el7.x86_64
:Target RPM Packages
:Policy RPM selinux-policy-3.12.1-103.el7.noarch
:Selinux Enabled True
:Policy Type targeted
:Enforcing Mode Enforcing
:Host Name (removed)
:Platform Linux (removed) 3.10.0-54.0.1.el7.x86_64 #1 SMP
: Tue Nov 26 16:51:22 EST 2013 x86_64 x86_64
:Alert Count 27
:First Seen 2014-01-19 15:58:23 EST
:Last Seen 2014-01-19 16:11:30 EST
:Local ID f2e4c3be-cbe4-4259-91eb-45b020a200c6
:
:Raw Audit Messages
:type=AVC msg=audit(1390165890.448:640): avc: denied { write } for pid=6216 comm="subscription-ma" name="entitlement_status.json" dev="sda3" ino=209806138 scontext=system_u:system_r:sosreport_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:rhsmcertd_var_lib_t:s0 tclass=file
:
:
:type=SYSCALL msg=audit(1390165890.448:640): arch=x86_64 syscall=open success=no exit=EACCES a0=7fadd00010f0 a1=242 a2=1b6 a3=0 items=0 ppid=6174 pid=6216 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=subscription-ma exe=/usr/bin/python2.7 subj=system_u:system_r:sosreport_t:s0-s0:c0.c1023 key=(null)
:
:Hash: subscription-ma,sosreport_t,rhsmcertd_var_lib_t,file,write
- SELinux is preventing /usr/bin/python2.7 from 'write' accesses on the directory rhsm.
- [abrt] : SELinux is preventing /usr/bin/python2.7 from 'write' accesses on the directory rhsm
Additional Information:
:Source Context system_u:system_r:sosreport_t:s0-s0:c0.c1023
:Target Context system_u:object_r:rhsmcertd_var_run_t:s0
:Target Objects rhsm [ dir ]
:Source yum
:Source Path /usr/bin/python2.7
:Port <Unknown>
:Host (removed)
:Source RPM Packages python-2.7.5-10.el7.x86_64
:Target RPM Packages
:Policy RPM selinux-policy-3.12.1-103.el7.noarch
:Selinux Enabled True
:Policy Type targeted
:Enforcing Mode Enforcing
:Host Name (removed)
:Platform Linux (removed) 3.10.0-54.0.1.el7.x86_64 #1 SMP
: Tue Nov 26 16:51:22 EST 2013 x86_64 x86_64
:Alert Count 4
:First Seen 2013-12-22 14:36:32 EST
:Last Seen 2013-12-22 14:37:22 EST
:Local ID d14247e9-a202-4526-8c28-871eb4469a33
:
:Raw Audit Messages
:type=AVC msg=audit(1387741042.280:607): avc: denied { write } for pid=23792 comm="yum" name="rhsm" dev="tmpfs" ino=13299 scontext=system_u:system_r:sosreport_t:s0-s0:c0.c1023 tcontext=system_u:object_r:rhsmcertd_var_run_t:s0 tclass=dir
:
:
:type=SYSCALL msg=audit(1387741042.280:607): arch=x86_64 syscall=open success=no exit=EACCES a0=2314b00 a1=241 a2=1b6 a3=0 items=0 ppid=23791 pid=23792 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=yum exe=/usr/bin/python2.7 subj=system_u:system_r:sosreport_t:s0-s0:c0.c1023 key=(null)
:
:Hash: yum,sosreport_t,rhsmcertd_var_run_t,dir,write
Environment
- Red Hat Enterprise Linux 7 Beta
- Selinux Policy 3.12.1-105.el7
- Selinux-policy-3.12.1-103.el7
- ABRT-2.1.x-x.el7 [Automatic Bug Reporting Tool]
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.