[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

BZ 533427



I previously posted this to the selinux list but the suggestion was made that 
I might get a better (quicker) response on this list.

https://bugzilla.redhat.com/show_bug.cgi?id=533427 was first reported 6 
November and on 6 November Dan Walsh reported that the problem was fixed in 
selinux-policy-3.6.32-42.fc12.noarch

WHERE IS selinux-policy-3.6.32-42.fc12.noarch ????

Today is 18 November.  This update (or a later/more-recent version) has not 
appeared in either updates or updates-testing for F12.

selinux-policy-3.6.32-46.fc12 is currently "queued for updates-testing but has 
yet to be added.

The problem in https://bugzilla.redhat.com/show_bug.cgi?id=533427 impacts the 
abrt package's ability to function properly.  The abrt package is a really 
good new feature in Fedora 12 and should help resolve problems more quickly 
since it provides a lot more information than many users include in the 
handcrafted reports (myself included).

Dan Walsh has pointed out that:
>abrt_t is a permissive domain.

>node=(removed) type=SYSCALL msg=audit(1257529975.949:596): arch=40000003
>syscall=39 success=yes exit=0 a0=9779660 a1=1ed a2=38f6868 a3=9259050 items=0
>ppid=17113 pid=17114 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0
>fsgid=0 tty=(none) ses=2 comm="yum" exe="/usr/bin/python"
>subj=unconfined_u:system_r:abrt_t:s0 key=(null)

>If you look at the AVC you will see success=yes.  Which indicates that the 
>AVC did not block anything. So if abrt is not working properly for some 
>reason, it is not SELinux causing the problem.

SO the lack of the selinux update may not be the problem with abrt's inability 
to get debuginfo packages so that it can generate a meaningful backtrace.

I do believe that it has been a bit long in getting an update out for selinux-
policy.

Gene


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]