SELinux is preventing /usr/libexec/abrt-hook-ccpp from using the sys_ptrace capabilit

[KBerger]

This is the "alert" I've received from SElinux Alert Browser after closing "rythmbox" application that opened my CreativeZen mediaplayer:

Code:

SELinux is preventing /usr/libexec/abrt-hook-ccpp from using the sys_ptrace capability

in dmesg it has:

Code:

rhythmbox[2727]: segfault at 3473580 ip 0000000003473580 sp 00007fffd8523d58 error 15

Then it gives me a funny suggestions:

Code:

If you believe that abrt-hook-ccpp should have the sys_ptrace capability by default.
Then you should report this as a bug.

I actually have no idea whether or not I really NEED this "abrt-hook-ccpp" thing on my computer, but it was installed by default in my Fedora 15 installation. So my first and last guess is, those guys who included it into the default installation (hope they visit this forum from time to time ) should also know better, whether or not

Code:

 abrt-hook-ccpp should have the sys_ptrace capability by default

My humble understanding of what's going on suggests that it was the rhythmbox crash which provoked some action by abrt-hook-ccpp. Perhaps the thing wanted to ptrace the system calls in order to create a bug report. In that case I don't see why it should NOT have "the sys_ptrace capability by default". Or othewise why do I need this another piece of software on my computer when it is not allowed to do its job???
...While I'm deeply impressed with how SELinux stands on guard of my security and all that, there is a funny feeling that SELinux should be installed along with some default policies that would allow reasonable "freedom" for average computer usage. Or when installing abrt-hook-ccpp it should add a corresponding exception to these policies.

With all due respect,
Kostya

[kayvan]

I am getting the same issue here. Latest Fedora 15, updated.

"You should report this as a bug.
You can generate a local policy module to allow this access.
Allow this access for now by executing:
# grep abrt-hook-ccpp /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp"

What is the correct solution?

Thanks.

[David Batson]

Quote:

Originally Posted by kayvan

I am getting the same issue here. Latest Fedora 15, updated.

"You should report this as a bug.
You can generate a local policy module to allow this access.
Allow this access for now by executing:
# grep abrt-hook-ccpp /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp"

What is the correct solution?

Thanks.

1) Report as a bug at Fedora Bugzilla: https://bugzilla.redhat.com/enter_bu...product=Fedora

2) Start Terminal and log in as root. I always type su - {that's su[SPACE][HYPHEN] press ENTER} then type root's password {press ENTER}. You will see root's prompt #.
3) Type in grep abrt-hook-ccpp /var/log/audit/audit.log | audit2allow -M mypol {ENTER}.
4) Type in semodule -i mypol.pp" {ENTER}.
5) May have to logout/login or even reboot for changes to take effect - not sure.

6) Likely a future update of SELinux or another rpm will fix this (more likely if a bug report is filed).

[Redagadir]

maybe you should disable the abrt facility...