Why SELinux is preventing /usr/bin/python2.7 from 'write' accesses on the repository file ?
Issue
SELinuxis preventing/usr/bin/python2.7fromwriteaccesses on therepositoryfile.
description:
:SELinux is preventing /usr/bin/python2.7 from 'write' accesses on the file /etc/yum.repos.d/redhat.repo.
:
:***** Plugin catchall_labels (83.8 confidence) suggests *******************
:
:If you want to allow python2.7 to have write access on the redhat.repo file
:Then you need to change the label on /etc/yum.repos.d/redhat.repo
:Do
:# semanage fcontext -a -t FILE_TYPE '/etc/yum.repos.d/redhat.repo'
:where FILE_TYPE is one of the following: afs_cache_t, cert_t, initrc_tmp_t, puppet_tmp_t, rhsmcertd_lock_t, rhsmcertd_log_t, rhsmcertd_var_lib_t, rhsmcertd_var_run_t, system_conf_t, user_cron_spool_t, var_lock_t.
:Then execute:
:restorecon -v '/etc/yum.repos.d/redhat.repo'
:
:
:***** Plugin catchall (17.1 confidence) suggests **************************
:
:If you believe that python2.7 should be allowed write access on the redhat.repo file by default.
:Then you should report this as a bug.
:You can generate a local policy module to allow this access.
:Do
:allow this access for now by executing:
:# grep rhsmcertd-worke /var/log/audit/audit.log | audit2allow -M mypol
:# semodule -i mypol.pp
:
:Additional Information:
:Source Context system_u:system_r:rhsmcertd_t:s0
:Target Context system_u:object_r:etc_t:s0
:Target Objects /etc/yum.repos.d/redhat.repo [ file ]
:Source rhsmcertd-worke
:Source Path /usr/bin/python2.7
:Port <Unknown>
:Host (removed)
:Source RPM Packages python-2.7.5-14.el7.x86_64
:Target RPM Packages subscription-manager-1.10.10-1.el7.x86_64
:Policy RPM selinux-policy-3.12.1-120.el7.noarch
:Selinux Enabled True
:Policy Type targeted
:Enforcing Mode Enforcing
:Host Name (removed)
:Platform Linux (removed) 3.10.0-78.el7.x86_64 #1 SMP Tue
: Jan 21 17:56:28 EST 2014 x86_64 x86_64
:Alert Count 3
:First Seen 2014-02-05 04:11:38 CST
:Last Seen 2014-02-05 16:44:12 CST
:Local ID 905eda28-866d-4380-8b69-1f1550ef18e5
:
:Raw Audit Messages
:type=AVC msg=audit(1391640252.79:434): avc: denied { write } for pid=2788 comm="rhsmcertd-worke" name="redhat.repo" dev="dm-0" ino=37275482 scontext=system_u:system_r:rhsmcertd_t:s0 tcontext=system_u:object_r:etc_t:s0 tclass=file
:
:
:type=SYSCALL msg=audit(1391640252.79:434): arch=x86_64 syscall=open success=no exit=EACCES a0=21e7e70 a1=241 a2=1b6 a3=0 items=0 ppid=1461 pid=2788 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=rhsmcertd-worke exe=/usr/bin/python2.7 subj=system_u:system_r:rhsmcertd_t:s0 key=(null)
:
:Hash: rhsmcertd-worke,rhsmcertd_t,etc_t,file,write
Environment
- Red Hat Enterprise Linux 7 RC
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.
Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.
