Getting "[abrt] (null): SELinux is preventing /usr/bin/updatedb from 'getattr' accesses on the directory ."
Issue
- Getting "[abrt] (null):
SELinuxis preventing /usr/bin/updatedb fromgetattraccesses on the directory."
comment: This happens whenever updatedb runs, which must be set as a cron job that comes with RHEL 7 as a default.
hashmarkername: setroubleshoot
kernel: 3.10.0-123.20.1.el7.x86_64
last_occurrence: 1425408652
time: Tue 03 Mar 2015 12:50:52 PM CST
description:
:SELinux is preventing /usr/bin/updatedb from 'getattr' accesses on the directory .
:
:***** Plugin catchall (100. confidence) suggests **************************
:
:If you believe that updatedb should be allowed getattr access on the directory by default.
:Then you should report this as a bug.
:You can generate a local policy module to allow this access.
:Do
:allow this access for now by executing:
:# grep updatedb /var/log/audit/audit.log | audit2allow -M mypol
:# semodule -i mypol.pp
:
:Additional Information:
:Source Context system_u:system_r:locate_t:s0-s0:c0.c1023
:Target Context unconfined_u:object_r:chrome_sandbox_t:s0
:Target Objects [ dir ]
:Source updatedb
:Source Path /usr/bin/updatedb
:Port <Unknown>
:Host (removed)
:Source RPM Packages mlocate-0.26-5.el7.x86_64
:Target RPM Packages
:Policy RPM selinux-policy-3.12.1-153.el7_0.13.noarch
:Selinux Enabled True
:Policy Type targeted
:Enforcing Mode Enforcing
:Host Name (removed)
:Platform Linux (removed) 3.10.0-123.20.1.el7.x86_64 #1 SMP
: Wed Jan 21 09:45:55 EST 2015 x86_64 x86_64
:Alert Count 74
:First Seen 2014-09-24 08:49:02 CDT
:Last Seen 2015-03-03 12:48:02 CST
:Local ID b66cea43-3b12-47b3-b3e2-5824ec8fc21c
:
:Raw Audit Messages
:type=AVC msg=audit(1425408482.679:284): avc: denied { getattr } for pid=8496 comm="updatedb" path="/etc/opt/chrome" dev="dm-1" ino=202275607 scontext=system_u:system_r:locate_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:chrome_sandbox_t:s0 tclass=dir
:
:
:type=SYSCALL msg=audit(1425408482.679:284): arch=x86_64 syscall=lstat success=no exit=EACCES a0=7f9d50f98899 a1=7fff911e7fd0 a2=7fff911e7fd0 a3=7f9d505348e0 items=0 ppid=8490 pid=8496 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=6 comm=updatedb exe=/usr/bin/updatedb subj=system_u:system_r:locate_t:s0-s0:c0.c1023 key=(null)
:
:Hash: updatedb,locate_t,chrome_sandbox_t,dir,getattr
Environment
- Red Hat Enterprise Linux 7
- selinux-policy-3.12.1-153.el7_0.13.noarch
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.
Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.
