selinux January 2007

selinux@lists.fedoraproject.org

38 participants
45 discussions

pidof -c fails under FC6/strict
by Ted Rule 19 Jan '07

19 Jan '07

There appears to be a generic problem with "pidof -c" under SELinux enforcing which has the side-effect of confusing some of the init.d scripts. In particular, the following services - at least - fail to shut down or report status cleanly: acpid hidd vsftpd smartd autofs mcstrans syslog-ng ( but not syslogd .. ) The common feature is that these daemons lack a corresponding /var/run/<daemonname>.pid; in the case of syslog-ng, of course, the real pid has the "wrong" name. During shutdown, /etc/init.d/functions:killproc() searches for the pidfile, and if it fails to find one, it searches for a pid with a matching exec name via the __pids_pidof() function. ... # Output PIDs of matching processes, found using pidof __pids_pidof() { pidof -c -o $$ -o $PPID -o %PPID -x "$1" || \ pidof -c -o $$ -o $PPID -o %PPID -x "${1##*/}" } ... When invoked in SELinux permissive, all is well, and the correct pid is located, but under enforcing, ( selinux-policy-strict-2.4.6-27 in my case), "pidof -c" returns a null string. This in turn, causes killproc to assume that the service is dead. FWIW, FC4/strict/enforcing is Ok where pidof has a -c option, whilst RHEL4 doesn't appear to have a -c option to pidof anyway. The latest pidof appears to use readlink() to compare the value of /proc/<pid>/exe for any matching pids - older pidof's used stat(). Needless to say, logs don't show any AVC's when I try to run the rogue pidof calls. By way of example, one can read the basic process list from sysadm_t, and then show that pidof -c -x fails where pidof -x works. Similarly, I've used run_init to emulate the behaviour of the boot scripts running pidof: [root@topaz ~]# ps axZ | grep smartd system_u:system_r:fsdaemon_t 2871 ? S 0:00 /usr/sbin/smartd -q never staff_u:sysadm_r:sysadm_t 3375 pts/0 R+ 0:00 grep smartd [root@topaz ~]# [root@topaz ~]# pidof -x /usr/sbin/smartd 2871 [root@topaz ~]# pidof -x smartd 2871 [root@topaz ~]# [root@topaz ~]# pidof -c -x /usr/sbin/smartd [root@topaz ~]# pidof -c -x smartd [root@topaz ~]# run_init pidof -c -x /usr/sbin/smartd Authenticating root. Password: [root@topaz ~]# [root@topaz ~]# run_init pidof -x /usr/sbin/smartd Authenticating root. Password: 2871 [root@topaz ~]# As a variant on these tests, I've tried to directly ls and readlink the exe in question; ls fails to read the symlink and errors, whilst readlink silently returns with a null. [root@topaz ~]# ls -ldZ /proc/2871/exe ls: cannot read symbolic link /proc/2871/exe: Permission denied lrwxrwxrwx root root system_u:system_r:fsdaemon_t /proc/2871/exe [root@topaz ~]# run_init ls -ldZ /proc/2871/exe Authenticating root. Password: lrwxrwxrwx root root system_u:system_r:fsdaemon_t /proc/2871/exe [root@topaz ~]# [root@topaz ~]# run_init ls -lZ /proc/2871/exe Authenticating root. Password: ls: /proc/2871/exe: Permission denied [root@topaz ~]# readlink /proc/2871/exec [root@topaz ~]# [root@topaz ~]# run_init readlink /proc/2871/exec Authenticating root. Password: [root@topaz ~]# As a workround for the present, I've simply removed the -c option from /etc/init.d/functions:__pids_pidof() I'm currently running: selinux-policy-strict-2.4.6-27.fc6 kernel-2.6.18-1.2869 SysVinit-2.86-14 Should this be logged as a bug under SELinux policy or SysVinit? Does this bug affect targeted policy as well? Is there some simple extra permission which could be granted to initrc_t and sysadm_t which would let them perform readlink /proc/<pid>/exe, and hence pidof -c ? -- Ted Rule Director, Layer3 Systems Ltd W: http://www.layer3.co.uk/

3 3

Another syslog issue (disable_syslogd_trans interaction)
by Steve Friedman 17 Jan '07

17 Jan '07

Another problem that I just discovered with syslog is, with syslogd_disable_trans=1, /dev/log is labelled device_t and not dev_log_t (thus breaking a number of other apps). I discovered this with syslog-ng, but suspect that it will be the same with syslog. (This was BZ'ed as 222195.) Steve Friedman

1 0

Trouble with syslogd and named
by Harley Race 17 Jan '07

17 Jan '07

I am using the bind-chroot package in FC6 and am tying to get named in the chroot to log queries and named activity to /var/log/named/named.log (outside of the chroot) via a logging device in the chroot /dev/log. Selinux is preventing syslogd from creating the device and genereating the following errors: type=AVC msg=audit(1168359275.971:7): avc: denied { search } for pid=1587 comm="syslogd" name="named" dev=dm-3 ino=10704673 scontext=system_u:system_r:syslogd_t:s0 tcontext=system_u:object_r:name d_zone_t:s0 tclass=dir type=SYSCALL msg=audit(1168359275.971:7): arch=40000003 syscall=10 success=no exit=-13 a0=bfcacf08 a1=1b6 a2=c1e120 a3=bfcab31c items=0 ppid=1586 pid=1587 auid=4294967295 uid=0 gid=0 euid=0 suid=0 f suid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="syslogd" exe="/sbin/syslogd" subj=system_u:system_r:syslogd_t:s0 key=(null) type=AVC msg=audit(1168359275.995:8): avc: denied { search } for pid=1587 comm="syslogd" name="named" dev=dm-3 ino=10704673 scontext=system_u:system_r:syslogd_t:s0 tcontext=system_u:object_r:name d_zone_t:s0 tclass=dir type=SYSCALL msg=audit(1168359275.995:8): arch=40000003 syscall=102 success=no exit=-13 a0=2 a1=bfca8ec0 a2=c1e120 a3=bfcab31c items=0 ppid=1586 pid=1587 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fs uid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="syslogd" exe="/sbin/syslogd" subj=system_u:system_r:syslogd_t:s0 key=(null) I suppose I could use audit2allow to allow this, but am wondering why the policy was changed from FC4 to disable this. ____________________________________________________________________________________ The fish are biting. Get more visitors on your site using Yahoo! Search Marketing. http://searchmarketing.yahoo.com/arp/sponsoredsearch_v2.php

3 7

sparc64 kernel won't boot with selinux enabled
by Tom Callaway 16 Jan '07

16 Jan '07

I'm working on Aurora, which is a rebuild of Fedora Core for SPARC. Lately, I've been testing with selinux enabled on the targeted policy, but I haven't gotten very far. When I try to boot on a sparc64, I get the following (copied by hand, apologies for any typos, I tried to be accurate): EXT3-fs: mounted filesystem with ordered data mode. audit(1168807648.026:2): enforcing=1 old_enforcing=0 auid=4294967295 security: 3 users, 6 roles, 1584 types, 172 bools, 1 sens, 1024 cats security: 59 classes, 49650 rules security: class dccp_socket not defined in policy security: permission dccp_recv in class node not defined in policy security: permission dccp_send in class node not defined in policy security: permission dccp_recv in class netif not defined in policy security: permission dccp_send in class netif not defined in policy SELinux: Completing initialization SELinux: Setting up existing superblocks. SELinux: initialized (dev dm-0, type ext3), uses xattr SELinux: initialized (dev tmpfs, type tmpfs), uses transition SIDs SELinux: initialized (dev usbfs, type usbfs), uses genfs_contexts SELinux: initialized (dev selinuxfs, type selinuxfs), uses genfs_contexts SELinux: initialized (dev mqueue, type mqueue), uses transition SIDs SELinux: initialized (dev hugetlbfs, type hugetlbfs), uses genfs_contexts SELinux: initialized (dev devpts, type devpts), uses transition SIDs SELinux: initialized (dev eventpollfs, type eventpollfs), uses task SIDs SELinux: initialized (dev inotifyfs, type inotifyfs), uses genfs_contexts SELinux: initialized (dev tmpfs, type tmpfs), uses transition SIDs SELinux: initialized (dev futexfs, type futexfs), uses genfs_contexts SELinux: initialized (dev pipefs, type pipefs), uses task SIDs SELinux: initialized (dev sockfs, type sockfs), uses task SIDs SELinux: initialized (dev proc, type proc), uses genfs_contexts SELinux: initialized (dev bdev, type bdev), uses genfs_contexts SELinux: initialized (dev rootfs, type rootfs), uses genfs_contexts SELinux: initialized (dev sysfs, type sysfs), uses genfs_contexts audit(1168807652.930:3): policy loaded auid=4294967295 audit(1168807653.174:4): avc: denied { execmem } for pid=1 comm="init" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process ...And there it sits, as init is denied. :) I found this thread (http://www.redhat.com/archives/fedora-selinux-list/2005-April/msg00037.html) while looking through google for other cases of this error message, and I looked through bugzilla 149819. The sparc64 kernel has CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE=1, and I tried booting with "checkreqprot=0", but it does not change the result. Booting with selinux=permissive works fine. I booted as selinux=permissive and ran fixfiles relabel, but again, no change seen. Here are the relevant versions of packages which I have installed: kernel-2.6.19-1.2906.al3.4.sparc64.rpm libselinux-1.33.4-2.al3.sparc.rpm libsemanage-1.9.2-1.al3.sparc.rpm libsepol-1.15.3-1.al3.sparc.rpm checkpolicy-1.33.1-2.al3.sparc.rpm policycoreutils-1.33.12-2.al3.sparc.rpm selinux-policy-2.4.6-21.al3.noarch.rpm For obvious reasons (Aurora, like Fedora, enables selinux by default), I'd like to get this fixed. Any ideas where I should go from here? Thanks in advance, ~spot

3 2

Oddity in evolution.if in selinux-policy-devel-2.4.6-23.fc6.noarch.rpm
by Ted Rule 15 Jan '07

15 Jan '07

The recently released devel rpm, selinux-policy-devel-2.4.6-23.fc6.noarch.rpm, appears to contain an odd 'corruption' in the evolution.if file, viz: /usr/share/selinux/devel/include/apps/evolution.if The end of the interface file contains this set of allow statements: allow staff_evolution_alarm_t staff_t:fifo_file { getattr write }; allow staff_evolution_alarm_t staff_t:unix_stream_socket connectto; allow staff_evolution_alarm_t staff_tmp_t:dir { add_name getattr search setattr write }; allow staff_evolution_alarm_t staff_tmp_t:file { getattr lock read write }; allow staff_evolution_alarm_t staff_tmp_t:sock_file { create write }; allow staff_evolution_alarm_t tmp_t:dir read; allow staff_evolution_exchange_t staff_t:fd use; allow staff_evolution_exchange_t staff_t:fifo_file { getattr write }; allow staff_evolution_exchange_t staff_tmp_t:dir { add_name getattr search setattr write }; allow staff_evolution_exchange_t staff_tmp_t:file { getattr lock read write }; allow staff_evolution_exchange_t staff_tmp_t:sock_file { create write }; allow staff_evolution_server_t staff_t:fifo_file { getattr write }; allow staff_evolution_server_t staff_t:unix_stream_socket connectto; allow staff_evolution_server_t staff_tmp_t:dir { add_name getattr search setattr write }; allow staff_evolution_server_t staff_tmp_t:file { getattr lock read write }; allow staff_evolution_server_t staff_tmp_t:sock_file { create write }; allow staff_evolution_server_t tmp_t:dir { getattr read search }; allow staff_evolution_t default_t:lnk_file read; I had previously downloaded the .23 rpm from the testing area, but I only noticed this today whilst I was trying to build a module to rebuild my anacron module tweak against the .23 policy, and got this error message: [root selinux.local]# make localanacron.pp Compiling strict localanacron module /usr/bin/checkmodule: loading policy configuration from tmp/localanacron.tmp tmp/all_interfaces.conf:7820:ERROR 'syntax error' at token 'allow' on line 3871: allow staff_evolution_alarm_t staff_t:fifo_file { getattr write }; /usr/bin/checkmodule: error(s) encountered while parsing configuration make: *** [tmp/localanacron.mod] Error 1 [root@topaz selinux.local]# [root ~]# The error message corresponds to the first rogue line in the interface file; once I'd commented out all the lines, my new module compiled Ok. I checked for any other rogue 'allow' lines in the other interface definitions, but this appears to be the only set of oddities. I made a cursory check elsewhere, and the 2.4.6-21.fc7 policy-devel appears to have the same corruption, whilst the previous stable fc6 rpm, 2.4.6-17.fc6, doesn't. I've also created BZ #222548 containing these notes. -- Ted Rule Director, Layer3 Systems Ltd W: http://www.layer3.co.uk/

2 2

[Fwd: Re: sparc64 kernel won't boot with selinux enabled]
by Karl MacMillan 15 Jan '07

15 Jan '07

[Forwarding to the correct list this time] Tom 'spot' Callaway wrote: > I'm working on Aurora, which is a rebuild of Fedora Core for SPARC. > Lately, I've been testing with selinux enabled on the targeted policy, > but I haven't gotten very far. When I try to boot on a sparc64, I get > the following (copied by hand, apologies for any typos, I tried to be > accurate): > [CC'ing selinux list] > EXT3-fs: mounted filesystem with ordered data mode. > audit(1168807648.026:2): enforcing=1 old_enforcing=0 auid=4294967295 > security: 3 users, 6 roles, 1584 types, 172 bools, 1 sens, 1024 cats > security: 59 classes, 49650 rules > security: class dccp_socket not defined in policy > security: permission dccp_recv in class node not defined in policy > security: permission dccp_send in class node not defined in policy > security: permission dccp_recv in class netif not defined in policy > security: permission dccp_send in class netif not defined in policy Seems that there is a mismatch between your policy and the kernel. > SELinux: Completing initialization > SELinux: Setting up existing superblocks. > SELinux: initialized (dev dm-0, type ext3), uses xattr > SELinux: initialized (dev tmpfs, type tmpfs), uses transition SIDs > SELinux: initialized (dev usbfs, type usbfs), uses genfs_contexts > SELinux: initialized (dev selinuxfs, type selinuxfs), uses > genfs_contexts > SELinux: initialized (dev mqueue, type mqueue), uses transition SIDs > SELinux: initialized (dev hugetlbfs, type hugetlbfs), uses > genfs_contexts > SELinux: initialized (dev devpts, type devpts), uses transition SIDs > SELinux: initialized (dev eventpollfs, type eventpollfs), uses task SIDs > SELinux: initialized (dev inotifyfs, type inotifyfs), uses > genfs_contexts > SELinux: initialized (dev tmpfs, type tmpfs), uses transition SIDs > SELinux: initialized (dev futexfs, type futexfs), uses genfs_contexts > SELinux: initialized (dev pipefs, type pipefs), uses task SIDs > SELinux: initialized (dev sockfs, type sockfs), uses task SIDs > SELinux: initialized (dev proc, type proc), uses genfs_contexts > SELinux: initialized (dev bdev, type bdev), uses genfs_contexts > SELinux: initialized (dev rootfs, type rootfs), uses genfs_contexts > SELinux: initialized (dev sysfs, type sysfs), uses genfs_contexts > audit(1168807652.930:3): policy loaded auid=4294967295 > audit(1168807653.174:4): avc: denied { execmem } for pid=1 > comm="init" scontext=system_u:system_r:kernel_t:s0 > tcontext=system_u:system_r:kernel_t:s0 tclass=process > > ...And there it sits, as init is denied. :) > Init requiring execmem is surprising to say the least - it certainly doesn't on i386. Are you seeing a lot of execmem denials in the logs? I don't really know what is going on, but there is likely a kernel or compiler / toolchain issue causing overly broad execmem requests. As a work around you can do (after booting into permissive): setsebool -P allow_execmem=1 The next reboot will allow this globally and you may get farther in permissive. You can also change this default in the policy packages. Karl -- fedora-selinux-list mailing list fedora-selinux-list(a)redhat.com https://www.redhat.com/mailman/listinfo/fedora-selinux-list

1 0

FlashPlayer 9 Beta refuses to process some Flash content with SELinux enforcing
by Temlakos 15 Jan '07

15 Jan '07

Everyone: Has anyone noticed SELinux to refuse permissions to the Flash Player plug-in (or standalone)? And while I'm on the subject: How might I clear one particular application to do something weird, without having to grant such clearance to every such application? For example: VideoLAN Client needs permission to make its memory stack executable. How can I grant such permission to vlc alone and not across the board? Temlakos

2 1

Postgres directory context
by James Young 15 Jan '07

15 Jan '07

Does selinux check context on the whole directory hierarchy when making a decision about permission to enter a directory? That is, when I try to access /home/Data/pgsql, will it check the context on /home, then /home/Data, and then on /home/Data/pgsql? Or will it only check the context on /home/Data/pgsql? I want to put a Postgres database in a /home/Data/pgsql/data directory, but the initrc script will not run it there. I can run it as the postgres user. The contexts mirror the /var/lib/pgsql/data directory: user_u:object_r:postgres_db_t. The context of /home/Data/pgsql is system_u:object_r:var_lib_t. It does run fine with initrc in /var/lib/pgsql. When I leave the pgstartup.log in /var/lib/pgsql, I see the errors below. It doesn't matter whether the database is already initialized or not. The contexts for the /home/Data/pgsql directory are listed below as well. /home/Data is system_u:object_r:user_home_dir_t. I don't see anything in /var/log/audit/audit.log, but I think dontaudit rules may be in effect. Does Fedora use the reference policy from Tresys exactly? If not, where can I find the source policy for Fedora. All I can find are the if files. Finally, are there any better references for selinux. Everything I've read seems dated. Thanks, Jim Young pgstartup.log: ------------------------- could not change directory to "/home/Data/pgsql" initdb: could not access directory "/home/Data/pgsql/data": Permission denied The files belonging to this database system will be owned by user "postgres". This user must also own the server process. The database cluster will be initialized with locale en_US.UTF-8. The default database encoding has accordingly been set to UTF8. postmaster cannot access the server configuration file "/home/Data/pgsql/data/postgresql.conf": Permission denied could not change directory to "/home/Data/pgsql" initdb: could not access directory "/home/Data/pgsql/data": Permission denied The files belonging to this database system will be owned by user "postgres". This user must also own the server process. The database cluster will be initialized with locale en_US.UTF-8. The default database encoding has accordingly been set to UTF8. postmaster cannot access the server configuration file "/home/Data/pgsql/data/postgresql.conf": Permission denied ----------- directory contexts: ------------------------------- ls -Zd /home/Data/pgsql drwx------ postgres postgres system_u:object_r:var_lib_t /home/Data/pgsql ls -Z /home/Data/pgsql drwx------ postgres postgres system_u:object_r:var_lib_t backups drwx------ postgres postgres system_u:object_r:postgresql_db_t data -rw------- postgres postgres system_u:object_r:postgresql_log_t pgstartup.log ls -Z /home/Data/pgsql/data drwx------ postgres postgres user_u:object_r:postgresql_db_t base drwx------ postgres postgres user_u:object_r:postgresql_db_t global drwx------ postgres postgres user_u:object_r:postgresql_db_t pg_clog -rw------- postgres postgres user_u:object_r:postgresql_db_t pg_hba.conf -rw------- postgres postgres user_u:object_r:postgresql_db_t pg_ident.conf drwx------ postgres postgres user_u:object_r:postgresql_db_t pg_log drwx------ postgres postgres user_u:object_r:postgresql_db_t pg_multixact drwx------ postgres postgres user_u:object_r:postgresql_db_t pg_subtrans drwx------ postgres postgres user_u:object_r:postgresql_db_t pg_tblspc drwx------ postgres postgres user_u:object_r:postgresql_db_t pg_twophase -rw------- postgres postgres user_u:object_r:postgresql_db_t PG_VERSION drwx------ postgres postgres user_u:object_r:postgresql_db_t pg_xlog -rw------- postgres postgres user_u:object_r:postgresql_db_t postgresql.conf -rw------- postgres postgres user_u:object_r:postgresql_db_t postmaster.opts

2 2

Access attempts
by mantaray_1 12 Jan '07

12 Jan '07

I was hoping someone could help me to understand what might be happening to trigger the access attempts I am blocking with my policy which are listed below. They only seem to appear when I am logged in to the "Blackboard" program at the university I attend. I have already taken several steps to limit what my browser can do, and I do not understand how it can trigger such attempts. ********************** ********************** Jan 11 15:39:17 schoolhost kernel: audit(1168555157.756:587): avc: denied { rawip_send } for saddr=192.168.0.2 src=60945 daddr=129.219.10.40 dest=443 netif=eth0 scontext=system_u:system_r:kernel_t:s15:c0.c255 tcontext=system_u:object_r:netif_eth0_t:s0-s15:c0.c255 tclass=netif Jan 11 15:39:17 schoolhost kernel: audit(1168555157.992:588): avc: denied { rawip_send } for saddr=192.168.0.2 src=60945 daddr=129.219.10.40 dest=443 netif=eth0 scontext=system_u:system_r:kernel_t:s15:c0.c255 tcontext=system_u:object_r:netif_eth0_t:s0-s15:c0.c255 tclass=netif Jan 11 15:39:18 schoolhost kernel: audit(1168555158.212:590): avc: denied { rawip_send } for saddr=192.168.0.2 src=45910 daddr=129.219.10.30 dest=443 netif=eth0 scontext=system_u:system_r:kernel_t:s15:c0.c255 tcontext=system_u:object_r:netif_eth0_t:s0-s15:c0.c255 tclass=netif Jan 11 15:39:19 schoolhost kernel: audit(1168555159.433:600): avc: denied { rawip_send } for pid=2465 comm="X" saddr=192.168.0.2 src=60945 daddr=129.219.10.40 dest=443 netif=eth0 scontext=system_u:system_r:kernel_t:s15:c0.c255 tcontext=system_u:object_r:netif_eth0_t:s0-s15:c0.c255 tclass=netif ********************** ********************** Thanks in advance, Ken.

1 0

more setroubleshoot troubles ;)
by Tom London 11 Jan '07

11 Jan '07

Running latest rawhide, targeted enforcing. Installing latest python-libs (fixes execstack issue in _ctypes.so) other packages, and rebooting, I get the following AVCs: type=AVC msg=audit(1167943082.579:7): avc: denied { execute } for pid=2331 comm="sh" name="ldconfig" dev=dm-0 ino=11337788 scontext=system_u:system_r:setroubleshootd_t:s0 tcontext=system_u:object_r:ldconfig_exec_t:s0 tclass=file type=SYSCALL msg=audit(1167943082.579:7): arch=40000003 syscall=11 success=no exit=-13 a0=91d4dd8 a1=91d4e58 a2=91d4330 a3=0 items=0 ppid=2330 pid=2331 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sh" exe="/bin/bash" subj=system_u:system_r:setroubleshootd_t:s0 key=(null) type=AVC msg=audit(1167943082.646:8): avc: denied { getattr } for pid=2331 comm="sh" name="ldconfig" dev=dm-0 ino=11337788 scontext=system_u:system_r:setroubleshootd_t:s0 tcontext=system_u:object_r:ldconfig_exec_t:s0 tclass=file type=SYSCALL msg=audit(1167943082.646:8): arch=40000003 syscall=195 success=no exit=-13 a0=91d4dd8 a1=bfcbee10 a2=47818ff4 a3=0 items=0 ppid=2330 pid=2331 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sh" exe="/bin/bash" subj=system_u:system_r:setroubleshootd_t:s0 key=(null) type=AVC_PATH msg=audit(1167943082.646:8): path="/sbin/ldconfig" type=AVC msg=audit(1167943082.647:9): avc: denied { getattr } for pid=2331 comm="sh" name="ldconfig" dev=dm-0 ino=11337788 scontext=system_u:system_r:setroubleshootd_t:s0 tcontext=system_u:object_r:ldconfig_exec_t:s0 tclass=file type=SYSCALL msg=audit(1167943082.647:9): arch=40000003 syscall=195 success=no exit=-13 a0=91d4dd8 a1=bfcbed30 a2=47818ff4 a3=91d4dd8 items=0 ppid=2330 pid=2331 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sh" exe="/bin/bash" subj=system_u:system_r:setroubleshootd_t:s0 key=(null) type=AVC_PATH msg=audit(1167943082.647:9): path="/sbin/ldconfig" type=AVC msg=audit(1167943082.756:10): avc: denied { execute_no_trans } for pid=2340 comm="ldd" name="ld-2.5.90.so" dev=dm-0 ino=7209012 scontext=system_u:system_r:setroubleshootd_t:s0 tcontext=system_u:object_r:ld_so_t:s0 tclass=file type=SYSCALL msg=audit(1167943082.756:10): arch=40000003 syscall=11 success=no exit=-13 a0=8196308 a1=8196988 a2=819cd48 a3=40 items=0 ppid=2339 pid=2340 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="ldd" exe="/bin/bash" subj=system_u:system_r:setroubleshootd_t:s0 key=(null) type=AVC_PATH msg=audit(1167943082.756:10): path="/lib/ld-2.5.90.so" type=AVC msg=audit(1167943082.758:11): avc: denied { write } for pid=2253 comm="setroubleshootd" name="tmp" dev=dm-0 ino=2686977 scontext=system_u:system_r:setroubleshootd_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=dir type=SYSCALL msg=audit(1167943082.758:11): arch=40000003 syscall=5 success=no exit=-13 a0=88b4970 a1=280c2 a2=180 a3=280c2 items=0 ppid=1 pid=2253 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="setroubleshootd" exe="/usr/bin/python" subj=system_u:system_r:setroubleshootd_t:s0 key=(null) type=AVC msg=audit(1167943082.759:12): avc: denied { write } for pid=2253 comm="setroubleshootd" name="tmp" dev=dm-0 ino=65540 scontext=system_u:system_r:setroubleshootd_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=dir type=SYSCALL msg=audit(1167943082.759:12): arch=40000003 syscall=5 success=no exit=-13 a0=8921b50 a1=280c2 a2=180 a3=280c2 items=0 ppid=1 pid=2253 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="setroubleshootd" exe="/usr/bin/python" subj=system_u:system_r:setroubleshootd_t:s0 key=(null) type=AVC msg=audit(1167943082.759:13): avc: denied { write } for pid=2253 comm="setroubleshootd" name="tmp" dev=dm-0 ino=65540 scontext=system_u:system_r:setroubleshootd_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=dir type=SYSCALL msg=audit(1167943082.759:13): arch=40000003 syscall=5 success=no exit=-13 a0=8921b50 a1=280c2 a2=180 a3=280c2 items=0 ppid=1 pid=2253 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="setroubleshootd" exe="/usr/bin/python" subj=system_u:system_r:setroubleshootd_t:s0 key=(null) type=AVC msg=audit(1167943082.760:14): avc: denied { unlink } for pid=2253 comm="setroubleshootd" name="Yp9cip" dev=dm-0 ino=164238 scontext=system_u:system_r:setroubleshootd_t:s0 tcontext=system_u:object_r:root_t:s0 tclass=file type=SYSCALL msg=audit(1167943082.760:14): arch=40000003 syscall=10 success=no exit=-13 a0=88c80c0 a1=1 a2=ae50b4 a3=874f1b0 items=0 ppid=1 pid=2253 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="setroubleshootd" exe="/usr/bin/python" subj=system_u:system_r:setroubleshootd_t:s0 key=(null) type=AVC msg=audit(1167943082.765:15): avc: denied { execute } for pid=2342 comm="sh" name="ldconfig" dev=dm-0 ino=11337788 scontext=system_u:system_r:setroubleshootd_t:s0 tcontext=system_u:object_r:ldconfig_exec_t:s0 tclass=file type=SYSCALL msg=audit(1167943082.765:15): arch=40000003 syscall=11 success=no exit=-13 a0=8bd4dd8 a1=8bd4e58 a2=8bd4330 a3=0 items=0 ppid=2341 pid=2342 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sh" exe="/bin/bash" subj=system_u:system_r:setroubleshootd_t:s0 key=(null) type=AVC msg=audit(1167943082.765:16): avc: denied { getattr } for pid=2342 comm="sh" name="ldconfig" dev=dm-0 ino=11337788 scontext=system_u:system_r:setroubleshootd_t:s0 tcontext=system_u:object_r:ldconfig_exec_t:s0 tclass=file type=SYSCALL msg=audit(1167943082.765:16): arch=40000003 syscall=195 success=no exit=-13 a0=8bd4dd8 a1=bfa425c0 a2=47818ff4 a3=0 items=0 ppid=2341 pid=2342 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sh" exe="/bin/bash" subj=system_u:system_r:setroubleshootd_t:s0 key=(null) type=AVC_PATH msg=audit(1167943082.765:16): path="/sbin/ldconfig" type=AVC msg=audit(1167943082.766:17): avc: denied { getattr } for pid=2342 comm="sh" name="ldconfig" dev=dm-0 ino=11337788 scontext=system_u:system_r:setroubleshootd_t:s0 tcontext=system_u:object_r:ldconfig_exec_t:s0 tclass=file type=SYSCALL msg=audit(1167943082.766:17): arch=40000003 syscall=195 success=no exit=-13 a0=8bd4dd8 a1=bfa424e0 a2=47818ff4 a3=8bd4dd8 items=0 ppid=2341 pid=2342 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sh" exe="/bin/bash" subj=system_u:system_r:setroubleshootd_t:s0 key=(null) type=AVC_PATH msg=audit(1167943082.766:17): path="/sbin/ldconfig" type=AVC msg=audit(1167943082.782:18): avc: denied { execute_no_trans } for pid=2345 comm="ldd" name="ld-2.5.90.so" dev=dm-0 ino=7209012 scontext=system_u:system_r:setroubleshootd_t:s0 tcontext=system_u:object_r:ld_so_t:s0 tclass=file type=SYSCALL msg=audit(1167943082.782:18): arch=40000003 syscall=11 success=no exit=-13 a0=84f4308 a1=84f4988 a2=84fad48 a3=40 items=0 ppid=2344 pid=2345 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="ldd" exe="/bin/bash" subj=system_u:system_r:setroubleshootd_t:s0 key=(null) type=AVC_PATH msg=audit(1167943082.782:18): path="/lib/ld-2.5.90.so" type=AVC msg=audit(1167943082.784:19): avc: denied { write } for pid=2253 comm="setroubleshootd" name="tmp" dev=dm-0 ino=2686977 scontext=system_u:system_r:setroubleshootd_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=dir type=SYSCALL msg=audit(1167943082.784:19): arch=40000003 syscall=5 success=no exit=-13 a0=88c9600 a1=280c2 a2=180 a3=280c2 items=0 ppid=1 pid=2253 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="setroubleshootd" exe="/usr/bin/python" subj=system_u:system_r:setroubleshootd_t:s0 key=(null) type=AVC msg=audit(1167943082.785:20): avc: denied { write } for pid=2253 comm="setroubleshootd" name="tmp" dev=dm-0 ino=65540 scontext=system_u:system_r:setroubleshootd_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=dir type=SYSCALL msg=audit(1167943082.785:20): arch=40000003 syscall=5 success=no exit=-13 a0=8921b50 a1=280c2 a2=180 a3=280c2 items=0 ppid=1 pid=2253 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="setroubleshootd" exe="/usr/bin/python" subj=system_u:system_r:setroubleshootd_t:s0 key=(null) type=AVC msg=audit(1167943082.786:21): avc: denied { write } for pid=2253 comm="setroubleshootd" name="tmp" dev=dm-0 ino=65540 scontext=system_u:system_r:setroubleshootd_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=dir type=SYSCALL msg=audit(1167943082.786:21): arch=40000003 syscall=5 success=no exit=-13 a0=8921b50 a1=280c2 a2=180 a3=280c2 items=0 ppid=1 pid=2253 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="setroubleshootd" exe="/usr/bin/python" subj=system_u:system_r:setroubleshootd_t:s0 key=(null) type=AVC msg=audit(1167943082.787:22): avc: denied { unlink } for pid=2253 comm="setroubleshootd" name="PRdzmq" dev=dm-0 ino=164259 scontext=system_u:system_r:setroubleshootd_t:s0 tcontext=system_u:object_r:root_t:s0 tclass=file type=SYSCALL msg=audit(1167943082.787:22): arch=40000003 syscall=10 success=no exit=-13 a0=88d22a0 a1=1 a2=ae50b4 a3=874f1b0 items=0 ppid=1 pid=2253 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="setroubleshootd" exe="/usr/bin/python" subj=system_u:system_r:setroubleshootd_t:s0 key=(null) tom -- Tom London

2 5

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

selinux January 2007