SELinux is preventing /usr/bin/timeout from using the 'signal' accesses on a process.
Issue
- ABRT is capturing alerts where SELinux is preventing /usr/bin/timeout from using the 'signal' accesses on a process:
:***** Plugin catchall (100. confidence) suggests **************************
:
:If you believe that timeout should be allowed signal access on processes labeled sosreport_t by default.
:Then you should report this as a bug.
:You can generate a local policy module to allow this access.
:Do
:allow this access for now by executing:
:# grep timeout /var/log/audit/audit.log | audit2allow -M mypol
:# semodule -i mypol.pp
:
:Additional Information:
:Source Context system_u:system_r:sosreport_t:s0-s0:c0.c1023
:Target Context system_u:system_r:sosreport_t:s0-s0:c0.c1023
:Target Objects [ process ]
:Source timeout
:Source Path /usr/bin/timeout
:Port <Unknown>
:Host (removed)
:Source RPM Packages coreutils-8.21-13.el7.x86_64
:Target RPM Packages
:Policy RPM selinux-policy-3.12.1-103.el7.noarch
:Selinux Enabled True
:Policy Type targeted
:Enforcing Mode Enforcing
:Host Name (removed)
:Platform Linux (removed) 3.10.0-54.0.1.el7.x86_64 #1 SMP
: Tue Nov 26 16:51:22 EST 2013 x86_64 x86_64
:Alert Count 5
:First Seen 2013-12-13 13:03:07 CET
:Last Seen 2013-12-13 13:05:03 CET
:Local ID f0b2b4f7-77b8-413f-bd27-05e7156bb83e
:
:Raw Audit Messages
:type=AVC msg=audit(1386936303.337:739): avc: denied { signal } for pid=28078 comm="timeout" scontext=system_u:system_r:sosreport_t:s0-s0:c0.c1023 tcontext=system_u:system_r:sosreport_t:s0-s0:c0.c1023 tclass=process
:
:
:type=AVC msg=audit(1386936303.337:739): avc: denied { signal } for pid=28078 comm="timeout" scontext=system_u:system_r:sosreport_t:s0-s0:c0.c1023 tcontext=system_u:system_r:sosreport_t:s0-s0:c0.c1023 tclass=process
:
:
:type=SYSCALL msg=audit(1386936303.337:739): arch=x86_64 syscall=kill success=no exit=EACCES a0=0 a1=12 a2=0 a3=8 items=0 ppid=27866 pid=28078 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=timeout exe=/usr/bin/timeout subj=system_u:system_r:sosreport_t:s0-s0:c0.c1023 key=(null)
:
:Hash: timeout,sosreport_t,sosreport_t,process,signal
Environment
- Red Hat Enterprise Linux 7 beta
- selinux-policy-3.12.1-103.el7
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.