SELinux AVCDenials for abrt-hook-ccpp

asked 2016-09-07 02:54:23 -0600

zelphir gravatar image

updated 2016-09-13 05:47:42 -0600

For some time now I get the SELinux AVCDenials with the following details, which as far as I can tell are always the same:

SELinux is preventing abrt-hook-ccpp from getattr access on the file file.

*****  Plugin catchall (100. confidence) suggests   **************************

If you believe that abrt-hook-ccpp should be allowed getattr access on the file file by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
allow this access for now by executing:
# grep abrt-hook-ccpp /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp

Additional Information:
Source Context                system_u:system_r:abrt_dump_oops_t:s0
Target Context                system_u:object_r:nsfs_t:s0
Target Objects                file [ file ]
Source                        abrt-hook-ccpp
Source Path                   abrt-hook-ccpp
Port                          <Unknown>
Host                          localhost.localdomain
Source RPM Packages           
Target RPM Packages           
Policy RPM                    selinux-policy-3.13.1-128.28.fc22.noarch
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Enforcing
Host Name                     localhost.localdomain
Platform                      Linux localhost.localdomain 4.4.14-200.fc22.x86_64
                              #1 SMP Fri Jun 24 21:19:33 UTC 2016 x86_64 x86_64
Alert Count                   32
First Seen                    2016-08-03 21:03:13 CEST
Last Seen                     2016-09-07 09:47:18 CEST
Local ID                      95fdf7fc-65cb-49e3-81af-385443d74a46

Raw Audit Messages
type=AVC msg=audit(1473234438.254:643): avc:  denied  { getattr } for  pid=5364 comm="abrt-hook-ccpp" path="ipc:[4026531839]" dev="nsfs" ino=4026531839 scontext=system_u:system_r:abrt_dump_oops_t:s0 tcontext=system_u:object_r:nsfs_t:s0 tclass=file permissive=0

Hash: abrt-hook-ccpp,abrt_dump_oops_t,nsfs_t,file,getattr

What can I do?

System giving me these popups for AVCDenial makes me feel like something isn't right in my system, which is annoying.

OS: Fedora 22, 64Bit

I don't really know what other info I should provide, because I couldn't figure out a pattern for the AVCDenials yet. However, it's almost always about that abrt-hook-ccpp.

Q: When did it happen?


  • shortly after starting the Atom editor, when I right-clicked a file and chose to open with the Atom editor
  • (if I notice more, I'll add here)
edit retag flag offensive close merge delete


do sudo fixfiles onboot;reboot to relabel your system. If that doesn't work, let's assume the problem has been addressed in a current, supported version of Fedora.

randomuser gravatar imagerandomuser ( 2016-09-07 12:58:28 -0600 )edit

@randomuser Unfortunately it did not help. I'll probably update at some point.

zelphir gravatar imagezelphir ( 2016-09-14 03:57:50 -0600 )edit