I am getting this error on my CentOS 7 desktop. Following is the detailed log.
SELinux is preventing /usr/sbin/abrtd from create access on the lnk_file .lock.
***** Plugin catchall (100. confidence) suggests **************************
If you believe that abrtd should be allowed create access on the .lock lnk_file by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# ausearch -c 'abrtd' --raw | audit2allow -M my-abrtd
# semodule -i my-abrtd.pp
Additional Information:
Source Context system_u:system_r:abrt_t:s0-s0:c0.c1023
Target Context system_u:object_r:var_spool_t:s0
Target Objects .lock [ lnk_file ]
Source abrtd
Source Path /usr/sbin/abrtd
Port <Unknown>
Host bilesh.intra.2pirad.com
Source RPM Packages abrt-dbus-2.1.11-48.el7.centos.x86_64
Target RPM Packages
Policy RPM selinux-policy-3.13.1-166.el7_4.7.noarch
Selinux Enabled True
Policy Type targeted
Enforcing Mode Enforcing
Host Name bilesh.intra.2pirad.com
Platform Linux bilesh.intra.2pirad.com
3.10.0-693.17.1.el7.x86_64 #1 SMP Thu Jan 25
20:13:58 UTC 2018 x86_64 x86_64
Alert Count 249
First Seen 2018-02-05 10:18:25 IST
Last Seen 2018-03-09 10:57:07 IST
Local ID 912e2a18-e121-4ff5-b14f-13862b277958
Raw Audit Messages
type=AVC msg=audit(1520573227.768:410): avc: denied { create } for pid=4784 comm="abrt-dbus" name=".lock" scontext=system_u:system_r:abrt_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_spool_t:s0 tclass=lnk_file
type=SYSCALL msg=audit(1520573227.768:410): arch=x86_64 syscall=symlinkat success=no exit=EACCES a0=7ffd63ccc850 a1=6 a2=7fe935f0a9d2 a3=0 items=0 ppid=1 pid=4784 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=abrt-dbus exe=/usr/sbin/abrt-dbus subj=system_u:system_r:abrt_t:s0-s0:c0.c1023 key=(null)
Hash: abrtd,abrt_t,var_spool_t,lnk_file,create
As suggested, I tried executing the following command but it also didn't work.
sudo ausearch -c 'abrtd' --raw | audit2allow -M my-abrtd
returns the following error
could not write output file: [Errno 13] Permission denied: 'my-abrtd.te'
I'm in need of guidance.
Update #1
As pointed out by garethTheRed, the piped command doesn't have permission.
You are running
ausearchas root with sudo, but you are piping that toaudit2allowwhich won't be running as root. That tries to write to the current directory as your regular user, who doesn't have write access to it.
Following are the commands I ran.
$ sudo ausearch -c 'abrtd' --raw | sudo audit2allow -M my-abrtd
$ sudo semodule -i my-abrtd.pp
But this didn't solve the issue. I'm still getting the same error.
ausearchas root with sudo, but you are piping that toaudit2allowwhich won't be running as root. That tries to write to the current directory as your regular user, who doesn't have write access to it. – garethTheRed Mar 09 '18 at 07:24/var/run/abrt/(where abrtd tries to create.lockfile). You can check the security labels usingls -Zd /var/run/abrtand apply the default contexts usingrestorecon. If this helps, I can write a more detailed answer. – sebasth Mar 09 '18 at 09:47ls -Zd /var/run/abrtand this is what I get as a responsedrwxr-xr-x. root root system_u:object_r:abrt_var_run_t:s0 /var/run/abrt. Not sure what to make of it. – Bilesh Ganguly Mar 09 '18 at 12:55var_spool_t, might be worthwhile to check the security labels in/var/spool/as well. The default policy labels are documented in abrt_selinux manpage, and should be the ones applied byrestorecon. – sebasth Mar 09 '18 at 17:28ls -Zd /var/spoolwhich yieldeddrwxr-xr-x. root root system_u:object_r:var_spool_t:s0 /var/spool. So, the label isvar_spool_tit seems, right? – Bilesh Ganguly Mar 13 '18 at 05:33