I previously posted this to the selinux list but the suggestion was made that
I might get a better (quicker) response on this list.
https://bugzilla.redhat.com/show_bug.cgi?id=533427 was first reported 6
November and on 6 November Dan Walsh reported that the problem was fixed in
selinux-policy-3.6.32-42.fc12.noarch
WHERE IS selinux-policy-3.6.32-42.fc12.noarch ????
Today is 18 November. This update (or a later/more-recent version) has not
appeared in either updates or updates-testing for F12.
selinux-policy-3.6.32-46.fc12 is currently "queued for updates-testing but has
yet to be added.
The problem in
https://bugzilla.redhat.com/show_bug.cgi?id=533427 impacts the
abrt package's ability to function properly. The abrt package is a really
good new feature in Fedora 12 and should help resolve problems more quickly
since it provides a lot more information than many users include in the
handcrafted reports (myself included).
Dan Walsh has pointed out that:
abrt_t is a permissive domain.
node=(removed) type=SYSCALL msg=audit(1257529975.949:596):
arch=40000003
syscall=39 success=yes exit=0 a0=9779660 a1=1ed a2=38f6868 a3=9259050 items=0
ppid=17113 pid=17114 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0
fsgid=0 tty=(none) ses=2 comm="yum" exe="/usr/bin/python"
subj=unconfined_u:system_r:abrt_t:s0 key=(null)
If you look at the AVC you will see success=yes. Which indicates that
the
AVC did not block anything. So if abrt is not working properly for some
reason, it is not SELinux causing the problem.
SO the lack of the selinux update may not be the problem with abrt's inability
to get debuginfo packages so that it can generate a meaningful backtrace.
I do believe that it has been a bit long in getting an update out for selinux-
policy.
Gene