What severity would this SELinux denial have for the latest kernel?
Antonio Olivares
olivares14031 at yahoo.com
Thu Jan 3 23:37:00 UTC 2008
--- Jim Cornette <fct-cornette at insight.rr.com> wrote:
> I updated the kernel after installing the latest
> mkinitrd package and
> some errors were reported when pup finished. I also
> got the attsched
> SELinux error.
> The other SELinux error with xdm_var_lib_t was
> already mentioned in an
> earlier post.
>
> Jim
>
>
> kernel - 2.6.24-0.133.rc6.git8.fc9.i686
> WARNING: Couldn't open directory
>
/tmp/initrd.dY3159/lib/modules/2.6.24-0.133.rc6.git8.fc9:
> Permission denied
> FATAL: Could not open
>
/tmp/initrd.dY3159/lib/modules/2.6.24-0.133.rc6.git8.fc9/modules.dep.temp
>
> for writing: Permission denied
>
> --
> If life is a stage, I want some better lighting.
> >
> Summary
>
> SELinux is preventing the depmod(/sbin/depmod) from
> using potentially mislabeled
> files ().
> Detailed Description
>
> SELinux has denied depmod(/sbin/depmod) access to
> potentially mislabeled file(s)
> (<Unknown>). This means that SELinux will not allow
> depmod(/sbin/depmod) to use
> these files. It is common for users to edit files in
> their home directory or tmp
> directories and then move (mv) them to system
> directories. The problem is that
> the files end up with the wrong file context which
> confined applications are not
> allowed to access.
> Allowing Access
>
> If you want depmod(/sbin/depmod) to access this
> files, you need to relabel them
> using restorecon -v <Unknown>. You might want to
> relabel the entire directory
> using restorecon -R -v <Unknown>.Additional
> Information
>
> Source Context
> system_u:system_r:depmod_t
> Target Context
> system_u:object_r:tmp_t
> Target Objects None [ dir ]
> Source depmod(/sbin/depmod)
> Port <Unknown>
> Host HP-JCF7
> Source RPM Packages
> Target RPM Packages
> Policy RPM
> selinux-policy-3.2.5-7.fc9
> Selinux Enabled True
> Policy Type targeted
> MLS Enabled True
> Enforcing Mode Enforcing
> Plugin Name home_tmp_bad_labels
> Host Name HP-JCF7
> Platform Linux HP-JCF7
> 2.6.23.8-63.fc8 #1 SMP Wed Nov 21
> 18:51:08 EST 2007 i686
> athlon
> Alert Count 2
> First Seen Thu 03 Jan 2008
> 05:47:20 PM EST
> Last Seen Thu 03 Jan 2008
> 05:47:20 PM EST
> Local ID
> bf1d6609-37f4-42b1-bd2c-75c64deca263
> Line Numbers
>
> Raw Audit Messages
>
> host=HP-JCF7 type=AVC msg=audit(1199400440.555:34):
> avc: denied { search } for pid=5198 comm="depmod"
> name="tmp" dev=sda6 ino=260097
> scontext=system_u:system_r:depmod_t:s0
> tcontext=system_u:object_r:tmp_t:s0 tclass=dir
>
> host=HP-JCF7 type=SYSCALL
> msg=audit(1199400440.555:34): arch=40000003
> syscall=5 success=no exit=-13 a0=bf866ab0 a1=241
> a2=1b6 a3=9c68480 items=0 ppid=2957 pid=5198
> auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
> sgid=0 fsgid=0 tty=(none) comm="depmod"
> exe="/sbin/depmod"
> subj=system_u:system_r:depmod_t:s0 key=(null)
>
>
> > --
> fedora-test-list mailing list
> fedora-test-list at redhat.com
> To unsubscribe:
>
https://www.redhat.com/mailman/listinfo/fedora-test-list
Jim,
at least you have it installed, on my machine it
failed :(
/sbin/new-kernel-pkg: line 254: /sbin/depmod:
Permission denied
nash received SIGSEGV! Backtrace (11):
/sbin/nash[0x805315a]
[0x130440]
/lib/libglib-2.0.so.0[0x1991a3]
/usr/lib/libbdevid.so.6.0.24(bdevid_module_unload_all+0x31)[0x5cee37]
/usr/lib/libbdevid.so.6.0.24(bdevid_destroy+0x2d)[0x5ce57c]
/usr/lib/libnash.so.6.0.24[0x5ac198]
/usr/lib/libnash.so.6.0.24(nash_vitals_destroy_probes+0x3f)[0x5ac810]
/usr/lib/libnash.so.6.0.24(_nashFreeContext+0x1c)[0x59cfd6]
/sbin/nash[0x80536f4]
/lib/libc.so.6(__libc_start_main+0xe0)[0x33f4a0]
/sbin/nash[0x804ae71]
^[[B error:
%post(kernel-2.6.24-0.133.rc6.git8.fc9.i686) scriptlet
failed, signal 2
Selinux upon rebooting caused other errors with
firefox3beta, previously submitted to this list and
selinux-list as well. I will also forward this to
fedora-selinux-list as well so that they can recommend
us what to do :)
Regards,
Antonio
____________________________________________________________________________________
Looking for last minute shopping deals?
Find them fast with Yahoo! Search. http://tools.search.yahoo.com/newsearch/category.php?category=shopping
More information about the fedora-selinux-list
mailing list