This is the "alert" I've received from SElinux Alert Browser after closing "rythmbox" application that opened my CreativeZen mediaplayer:
SELinux is preventing /usr/libexec/abrt-hook-ccpp from using the sys_ptrace capability
in dmesg it has:
rhythmbox: segfault at 3473580 ip 0000000003473580 sp 00007fffd8523d58 error 15
Then it gives me a funny suggestions:
If you believe that abrt-hook-ccpp should have the sys_ptrace capability by default.
Then you should report this as a bug.
I actually have no idea whether or not I really NEED this "abrt-hook-ccpp" thing on my computer, but it was installed by default in my Fedora 15 installation. So my first and last guess is, those guys who included it into the default installation (hope they visit this forum from time to time
) should also know better, whether or not
abrt-hook-ccpp should have the sys_ptrace capability by default
My humble understanding of what's going on suggests that it was the rhythmbox crash which provoked some action by abrt-hook-ccpp. Perhaps the thing wanted to ptrace the system calls in order to create a bug report. In that case I don't see why it should NOT have "the sys_ptrace capability by default". Or othewise why do I need this another piece of software on my computer when it is not allowed to do its job???
...While I'm deeply impressed with how SELinux stands on guard of my security and all that, there is a funny feeling that SELinux should be installed along with some default policies that would allow reasonable "freedom" for average computer usage. Or when installing abrt-hook-ccpp it should add a corresponding exception to these policies.
With all due respect,