Why SELinux is preventing /usr/bin/python2.7 from 'write' accesses on the repository file ?

Solution Verified - Updated -

Issue

  • SELinux is preventing /usr/bin/python2.7 from write accesses on the repository file.
description:
:SELinux is preventing /usr/bin/python2.7 from 'write' accesses on the file /etc/yum.repos.d/redhat.repo.
:
:*****  Plugin catchall_labels (83.8 confidence) suggests   *******************
:
:If you want to allow python2.7 to have write access on the redhat.repo file
:Then you need to change the label on /etc/yum.repos.d/redhat.repo
:Do
:# semanage fcontext -a -t FILE_TYPE '/etc/yum.repos.d/redhat.repo'
:where FILE_TYPE is one of the following: afs_cache_t, cert_t, initrc_tmp_t, puppet_tmp_t, rhsmcertd_lock_t, rhsmcertd_log_t, rhsmcertd_var_lib_t, rhsmcertd_var_run_t, system_conf_t, user_cron_spool_t, var_lock_t. 
:Then execute: 
:restorecon -v '/etc/yum.repos.d/redhat.repo'
:
:
:*****  Plugin catchall (17.1 confidence) suggests   **************************
:
:If you believe that python2.7 should be allowed write access on the redhat.repo file by default.
:Then you should report this as a bug.
:You can generate a local policy module to allow this access.
:Do
:allow this access for now by executing:
:# grep rhsmcertd-worke /var/log/audit/audit.log | audit2allow -M mypol
:# semodule -i mypol.pp
:
:Additional Information:
:Source Context                system_u:system_r:rhsmcertd_t:s0
:Target Context                system_u:object_r:etc_t:s0
:Target Objects                /etc/yum.repos.d/redhat.repo [ file ]
:Source                        rhsmcertd-worke
:Source Path                   /usr/bin/python2.7
:Port                          <Unknown>
:Host                          (removed)
:Source RPM Packages           python-2.7.5-14.el7.x86_64
:Target RPM Packages           subscription-manager-1.10.10-1.el7.x86_64
:Policy RPM                    selinux-policy-3.12.1-120.el7.noarch
:Selinux Enabled               True
:Policy Type                   targeted
:Enforcing Mode                Enforcing
:Host Name                     (removed)
:Platform                      Linux (removed) 3.10.0-78.el7.x86_64 #1 SMP Tue
:                              Jan 21 17:56:28 EST 2014 x86_64 x86_64
:Alert Count                   3
:First Seen                    2014-02-05 04:11:38 CST
:Last Seen                     2014-02-05 16:44:12 CST
:Local ID                      905eda28-866d-4380-8b69-1f1550ef18e5
:
:Raw Audit Messages
:type=AVC msg=audit(1391640252.79:434): avc:  denied  { write } for  pid=2788 comm="rhsmcertd-worke" name="redhat.repo" dev="dm-0" ino=37275482 scontext=system_u:system_r:rhsmcertd_t:s0 tcontext=system_u:object_r:etc_t:s0 tclass=file
:
:
:type=SYSCALL msg=audit(1391640252.79:434): arch=x86_64 syscall=open success=no exit=EACCES a0=21e7e70 a1=241 a2=1b6 a3=0 items=0 ppid=1461 pid=2788 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=rhsmcertd-worke exe=/usr/bin/python2.7 subj=system_u:system_r:rhsmcertd_t:s0 key=(null)
:
:Hash: rhsmcertd-worke,rhsmcertd_t,etc_t,file,write

Environment

  • Red Hat Enterprise Linux 7 RC

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content