Why SELinux is preventing /usr/bin/python2.7 from 'write' accesses on the repository file ?
Issue
SELinux
is preventing/usr/bin/python2.7
fromwrite
accesses on therepository
file.
description:
:SELinux is preventing /usr/bin/python2.7 from 'write' accesses on the file /etc/yum.repos.d/redhat.repo.
:
:***** Plugin catchall_labels (83.8 confidence) suggests *******************
:
:If you want to allow python2.7 to have write access on the redhat.repo file
:Then you need to change the label on /etc/yum.repos.d/redhat.repo
:Do
:# semanage fcontext -a -t FILE_TYPE '/etc/yum.repos.d/redhat.repo'
:where FILE_TYPE is one of the following: afs_cache_t, cert_t, initrc_tmp_t, puppet_tmp_t, rhsmcertd_lock_t, rhsmcertd_log_t, rhsmcertd_var_lib_t, rhsmcertd_var_run_t, system_conf_t, user_cron_spool_t, var_lock_t.
:Then execute:
:restorecon -v '/etc/yum.repos.d/redhat.repo'
:
:
:***** Plugin catchall (17.1 confidence) suggests **************************
:
:If you believe that python2.7 should be allowed write access on the redhat.repo file by default.
:Then you should report this as a bug.
:You can generate a local policy module to allow this access.
:Do
:allow this access for now by executing:
:# grep rhsmcertd-worke /var/log/audit/audit.log | audit2allow -M mypol
:# semodule -i mypol.pp
:
:Additional Information:
:Source Context system_u:system_r:rhsmcertd_t:s0
:Target Context system_u:object_r:etc_t:s0
:Target Objects /etc/yum.repos.d/redhat.repo [ file ]
:Source rhsmcertd-worke
:Source Path /usr/bin/python2.7
:Port <Unknown>
:Host (removed)
:Source RPM Packages python-2.7.5-14.el7.x86_64
:Target RPM Packages subscription-manager-1.10.10-1.el7.x86_64
:Policy RPM selinux-policy-3.12.1-120.el7.noarch
:Selinux Enabled True
:Policy Type targeted
:Enforcing Mode Enforcing
:Host Name (removed)
:Platform Linux (removed) 3.10.0-78.el7.x86_64 #1 SMP Tue
: Jan 21 17:56:28 EST 2014 x86_64 x86_64
:Alert Count 3
:First Seen 2014-02-05 04:11:38 CST
:Last Seen 2014-02-05 16:44:12 CST
:Local ID 905eda28-866d-4380-8b69-1f1550ef18e5
:
:Raw Audit Messages
:type=AVC msg=audit(1391640252.79:434): avc: denied { write } for pid=2788 comm="rhsmcertd-worke" name="redhat.repo" dev="dm-0" ino=37275482 scontext=system_u:system_r:rhsmcertd_t:s0 tcontext=system_u:object_r:etc_t:s0 tclass=file
:
:
:type=SYSCALL msg=audit(1391640252.79:434): arch=x86_64 syscall=open success=no exit=EACCES a0=21e7e70 a1=241 a2=1b6 a3=0 items=0 ppid=1461 pid=2788 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=rhsmcertd-worke exe=/usr/bin/python2.7 subj=system_u:system_r:rhsmcertd_t:s0 key=(null)
:
:Hash: rhsmcertd-worke,rhsmcertd_t,etc_t,file,write
Environment
- Red Hat Enterprise Linux 7 RC
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.