selinux denials for new Fedora 9 install
Antonio Olivares
olivares14031 at yahoo.com
Fri May 23 00:24:45 UTC 2008
Dear all,
I have installed Fedora 9 unto a new machine x86_64, it was working beautifully, I am at this time putting in updates. However I got some selinux denials from setroubleshoot deamon
Tomboy Notes shows this error in box
\begin{box}
"Tomboy Notes" has quit unexpectedly
If you reload a panel object, it will automatically be added back to the panel.
\end{box}
The selinux denials follow:
Advice/Suggestions/Comments are welcome :)
Regards,
Antonio
Summary:
SELinux is preventing tomboy (unlabeled_t) "read" to socket (unlabeled_t).
Detailed Description:
SELinux denied access requested by tomboy. It is not expected that this access
is required by tomboy and this access may signal an intrusion attempt. It is
also possible that the specific version or configuration of the application is
causing it to require additional access.
Allowing Access:
You can generate a local policy module to allow this access - see FAQ
(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable
SELinux protection altogether. Disabling SELinux protection is not recommended.
Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
against this package.
Additional Information:
Source Context system_u:object_r:unlabeled_t:s0
Target Context system_u:object_r:unlabeled_t:s0
Target Objects socket [ unix_stream_socket ]
Source tomboy
Source Path /usr/bin/mono
Port <Unknown>
Host localhost.localdomain
Source RPM Packages mono-core-1.9.1-2.fc9
Target RPM Packages
Policy RPM selinux-policy-3.3.1-42.fc9
Selinux Enabled True
Policy Type targeted
MLS Enabled True
Enforcing Mode Enforcing
Plugin Name catchall
Host Name localhost.localdomain
Platform Linux localhost.localdomain 2.6.25-14.fc9.x86_64
#1 SMP Thu May 1 06:06:21 EDT 2008 x86_64 x86_64
Alert Count 1
First Seen Thu 22 May 2008 02:18:36 PM CDT
Last Seen Thu 22 May 2008 02:18:36 PM CDT
Local ID e22208e0-0d5a-43aa-a57d-ca251e71c7f0
Line Numbers
Raw Audit Messages
host=localhost.localdomain type=AVC msg=audit(1211483916.963:40): avc: denied { read } for pid=2664 comm="tomboy" path="socket:[19661]" dev=sockfs ino=19661 scontext=system_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=unix_stream_socket
host=localhost.localdomain type=SYSCALL msg=audit(1211483916.963:40): arch=c000003e syscall=0 success=no exit=-13 a0=3 a1=e69c24 a2=1000 a3=1 items=0 ppid=1 pid=2664 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) ses=1 comm="tomboy" exe="/usr/bin/mono" subj=system_u:object_r:unlabeled_t:s0 key=(null)
Summary:
SELinux is preventing tomboy (unlabeled_t) "write" to socket (unlabeled_t).
Detailed Description:
SELinux denied access requested by tomboy. It is not expected that this access
is required by tomboy and this access may signal an intrusion attempt. It is
also possible that the specific version or configuration of the application is
causing it to require additional access.
Allowing Access:
You can generate a local policy module to allow this access - see FAQ
(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable
SELinux protection altogether. Disabling SELinux protection is not recommended.
Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
against this package.
Additional Information:
Source Context system_u:object_r:unlabeled_t:s0
Target Context system_u:object_r:unlabeled_t:s0
Target Objects socket [ unix_stream_socket ]
Source tomboy
Source Path /usr/bin/mono
Port <Unknown>
Host localhost.localdomain
Source RPM Packages mono-core-1.9.1-2.fc9
Target RPM Packages
Policy RPM selinux-policy-3.3.1-42.fc9
Selinux Enabled True
Policy Type targeted
MLS Enabled True
Enforcing Mode Enforcing
Plugin Name catchall
Host Name localhost.localdomain
Platform Linux localhost.localdomain 2.6.25-14.fc9.x86_64
#1 SMP Thu May 1 06:06:21 EDT 2008 x86_64 x86_64
Alert Count 5
First Seen Thu 22 May 2008 02:18:37 PM CDT
Last Seen Thu 22 May 2008 02:18:37 PM CDT
Local ID 125d1844-fea9-4203-9bde-2f6582a25bec
Line Numbers
Raw Audit Messages
host=localhost.localdomain type=AVC msg=audit(1211483917.148:46): avc: denied { write } for pid=2664 comm="tomboy" path="socket:[19778]" dev=sockfs ino=19778 scontext=system_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=unix_stream_socket
host=localhost.localdomain type=SYSCALL msg=audit(1211483917.148:46): arch=c000003e syscall=20 success=no exit=-13 a0=14 a1=ef21e0 a2=1 a3=a0 items=0 ppid=1 pid=2664 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) ses=1 comm="tomboy" exe="/usr/bin/mono" subj=system_u:object_r:unlabeled_t:s0 key=(null)
Summary:
SELinux is preventing tomboy (unlabeled_t) "search" to / (root_t).
Detailed Description:
SELinux denied access requested by tomboy. It is not expected that this access
is required by tomboy and this access may signal an intrusion attempt. It is
also possible that the specific version or configuration of the application is
causing it to require additional access.
Allowing Access:
Sometimes labeling problems can cause SELinux denials. You could try to restore
the default system file context for /,
restorecon -v '/'
If this does not work, there is currently no automatic way to allow this access.
Instead, you can generate a local policy module to allow this access - see FAQ
(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable
SELinux protection altogether. Disabling SELinux protection is not recommended.
Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
against this package.
Additional Information:
Source Context system_u:object_r:unlabeled_t:s0
Target Context system_u:object_r:root_t:s0
Target Objects / [ dir ]
Source tomboy
Source Path /usr/bin/mono
Port <Unknown>
Host localhost.localdomain
Source RPM Packages mono-core-1.9.1-2.fc9
Target RPM Packages filesystem-2.4.13-1.fc9
Policy RPM selinux-policy-3.3.1-42.fc9
Selinux Enabled True
Policy Type targeted
MLS Enabled True
Enforcing Mode Enforcing
Plugin Name catchall_file
Host Name localhost.localdomain
Platform Linux localhost.localdomain 2.6.25-14.fc9.x86_64
#1 SMP Thu May 1 06:06:21 EDT 2008 x86_64 x86_64
Alert Count 1
First Seen Thu 22 May 2008 02:18:37 PM CDT
Last Seen Thu 22 May 2008 02:18:37 PM CDT
Local ID dc21e5d6-47fb-47f9-97de-31a1009d6922
Line Numbers
Raw Audit Messages
host=localhost.localdomain type=AVC msg=audit(1211483917.148:47): avc: denied { search } for pid=2664 comm="tomboy" name="/" dev=dm-0 ino=2 scontext=system_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:root_t:s0 tclass=dir
host=localhost.localdomain type=SYSCALL msg=audit(1211483917.148:47): arch=c000003e syscall=87 success=no exit=-13 a0=ef24a0 a1=ef1cd0 a2=ef24a0 a3=7ffff6f6ede0 items=0 ppid=1 pid=2664 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) ses=1 comm="tomboy" exe="/usr/bin/mono" subj=system_u:object_r:unlabeled_t:s0 key=(null)
Summary:
SELinux is preventing tomboy (unlabeled_t) "unix_write" to <Unknown>
(unlabeled_t).
Detailed Description:
SELinux denied access requested by tomboy. It is not expected that this access
is required by tomboy and this access may signal an intrusion attempt. It is
also possible that the specific version or configuration of the application is
causing it to require additional access.
Allowing Access:
You can generate a local policy module to allow this access - see FAQ
(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable
SELinux protection altogether. Disabling SELinux protection is not recommended.
Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
against this package.
Additional Information:
Source Context system_u:object_r:unlabeled_t:s0
Target Context system_u:object_r:unlabeled_t:s0
Target Objects None [ sem ]
Source tomboy
Source Path /usr/bin/mono
Port <Unknown>
Host localhost.localdomain
Source RPM Packages mono-core-1.9.1-2.fc9
Target RPM Packages
Policy RPM selinux-policy-3.3.1-42.fc9
Selinux Enabled True
Policy Type targeted
MLS Enabled True
Enforcing Mode Enforcing
Plugin Name catchall
Host Name localhost.localdomain
Platform Linux localhost.localdomain 2.6.25-14.fc9.x86_64
#1 SMP Thu May 1 06:06:21 EDT 2008 x86_64 x86_64
Alert Count 1
First Seen Thu 22 May 2008 02:18:37 PM CDT
Last Seen Thu 22 May 2008 02:18:37 PM CDT
Local ID be7c4e58-a211-4d65-b643-49e9315ba3a6
Line Numbers
Raw Audit Messages
host=localhost.localdomain type=AVC msg=audit(1211483917.148:48): avc: denied { unix_write } for pid=2664 comm="tomboy" key=1291903136 scontext=system_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=sem
host=localhost.localdomain type=SYSCALL msg=audit(1211483917.148:48): arch=c000003e syscall=65 success=no exit=-13 a0=0 a1=7ffff6f6f0d0 a2=1 a3=700 items=0 ppid=1 pid=2664 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) ses=1 comm="tomboy" exe="/usr/bin/mono" subj=system_u:object_r:unlabeled_t:s0 key=(null)
Summary:
SELinux is preventing tomboy (unlabeled_t) "signal" to <Unknown> (unlabeled_t).
Detailed Description:
SELinux denied access requested by tomboy. It is not expected that this access
is required by tomboy and this access may signal an intrusion attempt. It is
also possible that the specific version or configuration of the application is
causing it to require additional access.
Allowing Access:
You can generate a local policy module to allow this access - see FAQ
(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable
SELinux protection altogether. Disabling SELinux protection is not recommended.
Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
against this package.
Additional Information:
Source Context system_u:object_r:unlabeled_t:s0
Target Context system_u:object_r:unlabeled_t:s0
Target Objects None [ process ]
Source tomboy
Source Path /usr/bin/mono
Port <Unknown>
Host localhost.localdomain
Source RPM Packages mono-core-1.9.1-2.fc9
Target RPM Packages
Policy RPM selinux-policy-3.3.1-42.fc9
Selinux Enabled True
Policy Type targeted
MLS Enabled True
Enforcing Mode Enforcing
Plugin Name catchall
Host Name localhost.localdomain
Platform Linux localhost.localdomain 2.6.25-14.fc9.x86_64
#1 SMP Thu May 1 06:06:21 EDT 2008 x86_64 x86_64
Alert Count 2
First Seen Thu 22 May 2008 02:18:37 PM CDT
Last Seen Thu 22 May 2008 02:18:37 PM CDT
Local ID 8a1b1271-3864-4af1-90f6-b050cca48dd5
Line Numbers
Raw Audit Messages
host=localhost.localdomain type=AVC msg=audit(1211483917.266:51): avc: denied { signal } for pid=2664 comm="tomboy" scontext=system_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=process
host=localhost.localdomain type=SYSCALL msg=audit(1211483917.266:51): arch=c000003e syscall=234 success=no exit=-13 a0=a68 a1=a68 a2=6 a3=8 items=0 ppid=1 pid=2664 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) ses=1 comm="tomboy" exe="/usr/bin/mono" subj=system_u:object_r:unlabeled_t:s0 key=(null)
Summary:
SELinux is preventing tomboy (unlabeled_t) "fork" to <Unknown> (unlabeled_t).
Detailed Description:
SELinux denied access requested by tomboy. It is not expected that this access
is required by tomboy and this access may signal an intrusion attempt. It is
also possible that the specific version or configuration of the application is
causing it to require additional access.
Allowing Access:
You can generate a local policy module to allow this access - see FAQ
(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable
SELinux protection altogether. Disabling SELinux protection is not recommended.
Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
against this package.
Additional Information:
Source Context system_u:object_r:unlabeled_t:s0
Target Context system_u:object_r:unlabeled_t:s0
Target Objects None [ process ]
Source tomboy
Source Path /usr/bin/mono
Port <Unknown>
Host localhost.localdomain
Source RPM Packages mono-core-1.9.1-2.fc9
Target RPM Packages
Policy RPM selinux-policy-3.3.1-42.fc9
Selinux Enabled True
Policy Type targeted
MLS Enabled True
Enforcing Mode Enforcing
Plugin Name catchall
Host Name localhost.localdomain
Platform Linux localhost.localdomain 2.6.25-14.fc9.x86_64
#1 SMP Thu May 1 06:06:21 EDT 2008 x86_64 x86_64
Alert Count 1
First Seen Thu 22 May 2008 02:18:37 PM CDT
Last Seen Thu 22 May 2008 02:18:37 PM CDT
Local ID 25c06d10-f06e-4883-a58b-65a70df67409
Line Numbers
Raw Audit Messages
host=localhost.localdomain type=AVC msg=audit(1211483917.499:84): avc: denied { fork } for pid=2664 comm="tomboy" scontext=system_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=process
host=localhost.localdomain type=SYSCALL msg=audit(1211483917.499:84): arch=c000003e syscall=56 success=no exit=-13 a0=1200011 a1=0 a2=0 a3=7f0aede2d840 items=0 ppid=1 pid=2664 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) ses=1 comm="tomboy" exe="/usr/bin/mono" subj=system_u:object_r:unlabeled_t:s0 key=(null)
Summary:
SELinux is preventing tomboy (unlabeled_t) "use" to /dev/null (unconfined_t).
Detailed Description:
SELinux denied access requested by tomboy. It is not expected that this access
is required by tomboy and this access may signal an intrusion attempt. It is
also possible that the specific version or configuration of the application is
causing it to require additional access.
Allowing Access:
You can generate a local policy module to allow this access - see FAQ
(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable
SELinux protection altogether. Disabling SELinux protection is not recommended.
Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
against this package.
Additional Information:
Source Context system_u:object_r:unlabeled_t:s0
Target Context unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1
023
Target Objects /dev/null [ fd ]
Source tomboy
Source Path /usr/bin/mono
Port <Unknown>
Host localhost.localdomain
Source RPM Packages mono-core-1.9.1-2.fc9
Target RPM Packages
Policy RPM selinux-policy-3.3.1-42.fc9
Selinux Enabled True
Policy Type targeted
MLS Enabled True
Enforcing Mode Enforcing
Plugin Name catchall
Host Name localhost.localdomain
Platform Linux localhost.localdomain 2.6.25-14.fc9.x86_64
#1 SMP Thu May 1 06:06:21 EDT 2008 x86_64 x86_64
Alert Count 35
First Seen Thu 22 May 2008 02:18:36 PM CDT
Last Seen Thu 22 May 2008 02:18:37 PM CDT
Local ID a83681c0-d977-4078-83ad-3ffe26691266
Line Numbers
Raw Audit Messages
host=localhost.localdomain type=AVC msg=audit(1211483917.499:85): avc: denied { use } for pid=2664 comm="tomboy" path="/dev/null" dev=tmpfs ino=1898 scontext=system_u:object_r:unlabeled_t:s0 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=fd
host=localhost.localdomain type=SYSCALL msg=audit(1211483917.499:85): arch=c000003e syscall=1 success=no exit=-13 a0=2 a1=13d570 a2=124 a3=7f0aede2d7b0 items=0 ppid=1 pid=2664 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) ses=1 comm="tomboy" exe="/usr/bin/mono" subj=system_u:object_r:unlabeled_t:s0 key=(null)
More information about the fedora-selinux-list
mailing list