BZ 533427
Gene Czarcinski
gene at czarc.net
Wed Nov 18 22:53:39 UTC 2009
I previously posted this to the selinux list but the suggestion was made that
I might get a better (quicker) response on this list.
https://bugzilla.redhat.com/show_bug.cgi?id=533427 was first reported 6
November and on 6 November Dan Walsh reported that the problem was fixed in
selinux-policy-3.6.32-42.fc12.noarch
WHERE IS selinux-policy-3.6.32-42.fc12.noarch ????
Today is 18 November. This update (or a later/more-recent version) has not
appeared in either updates or updates-testing for F12.
selinux-policy-3.6.32-46.fc12 is currently "queued for updates-testing but has
yet to be added.
The problem in https://bugzilla.redhat.com/show_bug.cgi?id=533427 impacts the
abrt package's ability to function properly. The abrt package is a really
good new feature in Fedora 12 and should help resolve problems more quickly
since it provides a lot more information than many users include in the
handcrafted reports (myself included).
Dan Walsh has pointed out that:
>abrt_t is a permissive domain.
>node=(removed) type=SYSCALL msg=audit(1257529975.949:596): arch=40000003
>syscall=39 success=yes exit=0 a0=9779660 a1=1ed a2=38f6868 a3=9259050 items=0
>ppid=17113 pid=17114 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0
>fsgid=0 tty=(none) ses=2 comm="yum" exe="/usr/bin/python"
>subj=unconfined_u:system_r:abrt_t:s0 key=(null)
>If you look at the AVC you will see success=yes. Which indicates that the
>AVC did not block anything. So if abrt is not working properly for some
>reason, it is not SELinux causing the problem.
SO the lack of the selinux update may not be the problem with abrt's inability
to get debuginfo packages so that it can generate a meaningful backtrace.
I do believe that it has been a bit long in getting an update out for selinux-
policy.
Gene
More information about the fedora-test-list
mailing list