[abrt] (null): SELinux is preventing /usr/bin/gconftool-2 from 'execute' accesses on the file /usr/lib64/libORBit-2.so.0.1.0.

Solution Unverified - Updated -


  • Following abrt messages are displayed frequently.
executable:     /usr/bin/python
hashmarkername: setroubleshoot
kernel:         2.6.32-431.3.1.el6.x86_64
last_occurrence: 1393277950
time:           Mon 24 Feb 2014 04:39:10 PM EST

:SELinux is preventing /usr/bin/gconftool-2 from 'execute' accesses on the file /usr/lib64/libORBit-2.so.0.1.0.
:*****  Plugin restorecon (94.8 confidence) suggests  *************************
:If you want to fix the label. 
:/usr/lib64/libORBit-2.so.0.1.0 default label should be lib_t.
:Then you can run restorecon.
:# /sbin/restorecon -v /usr/lib64/libORBit-2.so.0.1.0
:*****  Plugin catchall_labels (5.21 confidence) suggests  ********************
:If you want to allow gconftool-2 to have execute access on the libORBit-2.so.0.1.0 file
:Then you need to change the label on /usr/lib64/libORBit-2.so.0.1.0
:# semanage fcontext -a -t FILE_TYPE '/usr/lib64/libORBit-2.so.0.1.0'
:where FILE_TYPE is one of the following: alsa_exec_t, consoletype_exec_t, xdm_exec_t, lib_t, policykit_auth_exec_t, ld_so_t, abrt_helper_exec_t, bin_t, pam_console_exec_t, lib_t, xserver_exec_t, etc_t, textrel_shlib_t, dbusd_exec_t, loadkeys_exec_t, plymouth_exec_t, ssh_agent_exec_t, mount_exec_t, shell_exec_t, rpm_exec_t, pulseaudio_exec_t, oddjob_mkhomedir_exec_t, pam_exec_t, fusermount_exec_t, updpwd_exec_t, chkpwd_exec_t, hostname_exec_t, init_exec_t, shutdown_exec_t, prelink_exec_t, setfiles_exec_t, xsession_exec_t, namespace_init_exec_t, nfs_t, bin_t, shell_exec_t. 
:Then execute: 
:restorecon -v '/usr/lib64/libORBit-2.so.0.1.0'
:*****  Plugin catchall (1.44 confidence) suggests  ***************************
:If you believe that gconftool-2 should be allowed execute access on the libORBit-2.so.0.1.0 file by default.
:Then you should report this as a bug.
:You can generate a local policy module to allow this access.
:allow this access for now by executing:
:# grep gconftool-2 /var/log/audit/audit.log | audit2allow -M mypol
:# semodule -i mypol.pp
:Additional Information:
:Source Context                system_u:system_r:xdm_t:s0-s0:c0.c1023
:Target Context                system_u:object_r:usr_t:s0
:Target Objects                /usr/lib64/libORBit-2.so.0.1.0 [ file ]
:Source                        gconftool-2
:Source Path                   /usr/bin/gconftool-2
:Port                          <Unknown>
:Host                          (removed)
:Source RPM Packages           gnome-session-2.28.0-18.el6.x86_64
:Target RPM Packages           ORBit2-2.14.17-3.2.el6_3.x86_64
:Policy RPM                    selinux-policy-3.7.19-231.el6.noarch
:Selinux Enabled               True
:Policy Type                   targeted
:Enforcing Mode                Permissive
:Host Name                     (removed)
:Platform                      Linux (removed) 2.6.32-431.3.1.el6.x86_64 #1 SMP Fri
:                              Dec 13 06:58:20 EST 2013 x86_64 x86_64
:Alert Count                   52
:First Seen                    Sat 25 Jan 2014 12:12:41 AM EST
:Last Seen                     Sun 23 Feb 2014 05:02:06 PM EST
:Local ID                      0578e8f9-32bd-4e10-8d98-cd0b7edb7c72
:Raw Audit Messages
:type=AVC msg=audit(1393192926.37:33869): avc:  denied  { execute } for  pid=19754 comm="gnome-session" path="/usr/lib64/libORBit-2.so.0.1.0" dev=dm-11 ino=1058994 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:usr_t:s0 tclass=file
:type=SYSCALL msg=audit(1393192926.37:33869): arch=x86_64 syscall=mmap success=yes exit=899678208 a0=3335a00000 a1=26fb88 a2=5 a3=802 items=0 ppid=19669 pid=19754 auid=4294967295 uid=42 gid=42 euid=42 suid=42 fsuid=42 egid=42 sgid=42 fsgid=42 tty=(none) ses=4294967295 comm=gnome-session exe=/usr/bin/gnome-session subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 key=(null)
:Hash: gconftool-2,xdm_t,usr_t,file,execute
:#============= xdm_t ==============
:#!!!! This avc is allowed in the current policy
:allow xdm_t usr_t:file execute;
:audit2allow -R
:#============= xdm_t ==============
:#!!!! This avc is allowed in the current policy
:allow xdm_t usr_t:file execute;


  • Red Hat Enterprise Linux 6.5

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content