Abrt captures SELinux alert regarding write access on file "entitlement_status.json" or write' accesses on the directory rhsm
Issue
-
While executing Subscription manager, Selinux alert is seen on the logs
-
SELinux is preventing /usr/bin/python2.7 from 'write' accesses on the file entitlement_status.json
- [abrt] (null): SELinux is preventing /usr/bin/python2.7 from 'write' accesses on the file entitlement_status.json
:Additional Information:
:Source Context system_u:system_r:sosreport_t:s0-s0:c0.c1023
:Target Context unconfined_u:object_r:rhsmcertd_var_lib_t:s0
:Target Objects entitlement_status.json [ file ]
:Source subscription-ma
:Source Path /usr/bin/python2.7
:Port <Unknown>
:Host (removed)
:Source RPM Packages python-2.7.5-10.el7.x86_64
:Target RPM Packages
:Policy RPM selinux-policy-3.12.1-103.el7.noarch
:Selinux Enabled True
:Policy Type targeted
:Enforcing Mode Enforcing
:Host Name (removed)
:Platform Linux (removed) 3.10.0-54.0.1.el7.x86_64 #1 SMP
: Tue Nov 26 16:51:22 EST 2013 x86_64 x86_64
:Alert Count 27
:First Seen 2014-01-19 15:58:23 EST
:Last Seen 2014-01-19 16:11:30 EST
:Local ID f2e4c3be-cbe4-4259-91eb-45b020a200c6
:
:Raw Audit Messages
:type=AVC msg=audit(1390165890.448:640): avc: denied { write } for pid=6216 comm="subscription-ma" name="entitlement_status.json" dev="sda3" ino=209806138 scontext=system_u:system_r:sosreport_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:rhsmcertd_var_lib_t:s0 tclass=file
:
:
:type=SYSCALL msg=audit(1390165890.448:640): arch=x86_64 syscall=open success=no exit=EACCES a0=7fadd00010f0 a1=242 a2=1b6 a3=0 items=0 ppid=6174 pid=6216 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=subscription-ma exe=/usr/bin/python2.7 subj=system_u:system_r:sosreport_t:s0-s0:c0.c1023 key=(null)
:
:Hash: subscription-ma,sosreport_t,rhsmcertd_var_lib_t,file,write
- SELinux is preventing /usr/bin/python2.7 from 'write' accesses on the directory rhsm.
- [abrt] : SELinux is preventing /usr/bin/python2.7 from 'write' accesses on the directory rhsm
Additional Information:
:Source Context system_u:system_r:sosreport_t:s0-s0:c0.c1023
:Target Context system_u:object_r:rhsmcertd_var_run_t:s0
:Target Objects rhsm [ dir ]
:Source yum
:Source Path /usr/bin/python2.7
:Port <Unknown>
:Host (removed)
:Source RPM Packages python-2.7.5-10.el7.x86_64
:Target RPM Packages
:Policy RPM selinux-policy-3.12.1-103.el7.noarch
:Selinux Enabled True
:Policy Type targeted
:Enforcing Mode Enforcing
:Host Name (removed)
:Platform Linux (removed) 3.10.0-54.0.1.el7.x86_64 #1 SMP
: Tue Nov 26 16:51:22 EST 2013 x86_64 x86_64
:Alert Count 4
:First Seen 2013-12-22 14:36:32 EST
:Last Seen 2013-12-22 14:37:22 EST
:Local ID d14247e9-a202-4526-8c28-871eb4469a33
:
:Raw Audit Messages
:type=AVC msg=audit(1387741042.280:607): avc: denied { write } for pid=23792 comm="yum" name="rhsm" dev="tmpfs" ino=13299 scontext=system_u:system_r:sosreport_t:s0-s0:c0.c1023 tcontext=system_u:object_r:rhsmcertd_var_run_t:s0 tclass=dir
:
:
:type=SYSCALL msg=audit(1387741042.280:607): arch=x86_64 syscall=open success=no exit=EACCES a0=2314b00 a1=241 a2=1b6 a3=0 items=0 ppid=23791 pid=23792 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=yum exe=/usr/bin/python2.7 subj=system_u:system_r:sosreport_t:s0-s0:c0.c1023 key=(null)
:
:Hash: yum,sosreport_t,rhsmcertd_var_run_t,dir,write
Environment
- Red Hat Enterprise Linux 7 Beta
- Selinux Policy 3.12.1-105.el7
- Selinux-policy-3.12.1-103.el7
- ABRT-2.1.x-x.el7 [Automatic Bug Reporting Tool]
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.
Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.
