[abrt] (null): SELinux is preventing /usr/bin/gconftool-2 from 'execute' accesses on the file /usr/lib64/libORBit-2.so.0.1.0.
Issue
- Following
abrt
messages are displayed frequently.
executable: /usr/bin/python
hashmarkername: setroubleshoot
kernel: 2.6.32-431.3.1.el6.x86_64
last_occurrence: 1393277950
time: Mon 24 Feb 2014 04:39:10 PM EST
description:
:SELinux is preventing /usr/bin/gconftool-2 from 'execute' accesses on the file /usr/lib64/libORBit-2.so.0.1.0.
:
:***** Plugin restorecon (94.8 confidence) suggests *************************
:
:If you want to fix the label.
:/usr/lib64/libORBit-2.so.0.1.0 default label should be lib_t.
:Then you can run restorecon.
:Do
:# /sbin/restorecon -v /usr/lib64/libORBit-2.so.0.1.0
:
:***** Plugin catchall_labels (5.21 confidence) suggests ********************
:
:If you want to allow gconftool-2 to have execute access on the libORBit-2.so.0.1.0 file
:Then you need to change the label on /usr/lib64/libORBit-2.so.0.1.0
:Do
:# semanage fcontext -a -t FILE_TYPE '/usr/lib64/libORBit-2.so.0.1.0'
:where FILE_TYPE is one of the following: alsa_exec_t, consoletype_exec_t, xdm_exec_t, lib_t, policykit_auth_exec_t, ld_so_t, abrt_helper_exec_t, bin_t, pam_console_exec_t, lib_t, xserver_exec_t, etc_t, textrel_shlib_t, dbusd_exec_t, loadkeys_exec_t, plymouth_exec_t, ssh_agent_exec_t, mount_exec_t, shell_exec_t, rpm_exec_t, pulseaudio_exec_t, oddjob_mkhomedir_exec_t, pam_exec_t, fusermount_exec_t, updpwd_exec_t, chkpwd_exec_t, hostname_exec_t, init_exec_t, shutdown_exec_t, prelink_exec_t, setfiles_exec_t, xsession_exec_t, namespace_init_exec_t, nfs_t, bin_t, shell_exec_t.
:Then execute:
:restorecon -v '/usr/lib64/libORBit-2.so.0.1.0'
:
:
:***** Plugin catchall (1.44 confidence) suggests ***************************
:
:If you believe that gconftool-2 should be allowed execute access on the libORBit-2.so.0.1.0 file by default.
:Then you should report this as a bug.
:You can generate a local policy module to allow this access.
:Do
:allow this access for now by executing:
:# grep gconftool-2 /var/log/audit/audit.log | audit2allow -M mypol
:# semodule -i mypol.pp
:
:Additional Information:
:Source Context system_u:system_r:xdm_t:s0-s0:c0.c1023
:Target Context system_u:object_r:usr_t:s0
:Target Objects /usr/lib64/libORBit-2.so.0.1.0 [ file ]
:Source gconftool-2
:Source Path /usr/bin/gconftool-2
:Port <Unknown>
:Host (removed)
:Source RPM Packages gnome-session-2.28.0-18.el6.x86_64
:Target RPM Packages ORBit2-2.14.17-3.2.el6_3.x86_64
:Policy RPM selinux-policy-3.7.19-231.el6.noarch
:Selinux Enabled True
:Policy Type targeted
:Enforcing Mode Permissive
:Host Name (removed)
:Platform Linux (removed) 2.6.32-431.3.1.el6.x86_64 #1 SMP Fri
: Dec 13 06:58:20 EST 2013 x86_64 x86_64
:Alert Count 52
:First Seen Sat 25 Jan 2014 12:12:41 AM EST
:Last Seen Sun 23 Feb 2014 05:02:06 PM EST
:Local ID 0578e8f9-32bd-4e10-8d98-cd0b7edb7c72
:
:Raw Audit Messages
:type=AVC msg=audit(1393192926.37:33869): avc: denied { execute } for pid=19754 comm="gnome-session" path="/usr/lib64/libORBit-2.so.0.1.0" dev=dm-11 ino=1058994 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:usr_t:s0 tclass=file
:
:
:type=SYSCALL msg=audit(1393192926.37:33869): arch=x86_64 syscall=mmap success=yes exit=899678208 a0=3335a00000 a1=26fb88 a2=5 a3=802 items=0 ppid=19669 pid=19754 auid=4294967295 uid=42 gid=42 euid=42 suid=42 fsuid=42 egid=42 sgid=42 fsgid=42 tty=(none) ses=4294967295 comm=gnome-session exe=/usr/bin/gnome-session subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 key=(null)
:
:Hash: gconftool-2,xdm_t,usr_t,file,execute
:
:audit2allow
:
:#============= xdm_t ==============
:
:#!!!! This avc is allowed in the current policy
:allow xdm_t usr_t:file execute;
:
:audit2allow -R
:
:#============= xdm_t ==============
:
:#!!!! This avc is allowed in the current policy
:allow xdm_t usr_t:file execute;
:
Environment
- Red Hat Enterprise Linux 6.5
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.