new flood of avc's
Daniel J Walsh
dwalsh at redhat.com
Thu Feb 12 21:44:34 UTC 2009
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Antonio Olivares wrote:
> Dear fellow Selinux experts,
>
> Now setroubleshoot(er) is working fine and I see a great flood of avc's, some are repeating offenders :( ***.kde*** one especially :(
>
>
> Summary:
>
> SELinux prevented kde4-config from writing .kde.
>
> Detailed Description:
>
> SELinux prevented kde4-config from writing .kde. If .kde is a core file, you may
> want to allow this. If .kde is not a core file, this could signal a intrusion
> attempt.
>
> Allowing Access:
>
> Changing the "allow_daemons_dump_core" boolean to true will allow this access:
> "setsebool -P allow_daemons_dump_core=1."
>
> Fix Command:
>
> setsebool -P allow_daemons_dump_core=1
>
> Additional Information:
>
> Source Context system_u:system_r:xdm_t:SystemLow-SystemHigh
> Target Context system_u:object_r:root_t
> Target Objects .kde [ dir ]
> Source kde4-config
> Source Path /usr/bin/kde4-config
> Port <Unknown>
> Host localhost.localdomain
> Source RPM Packages kdelibs-4.2.0-10.fc11
> Target RPM Packages
> Policy RPM selinux-policy-3.6.5-3.fc11
> Selinux Enabled True
> Policy Type targeted
> MLS Enabled True
> Enforcing Mode Enforcing
> Plugin Name allow_daemons_dump_core
> Host Name localhost.localdomain
> Platform Linux localhost.localdomain
> 2.6.29-0.110.rc4.git3.fc11.i586 #1 SMP Wed Feb 11
> 16:25:38 EST 2009 i686 i686
> Alert Count 1
> First Seen Thu 12 Feb 2009 08:38:30 AM CST
> Last Seen Thu 12 Feb 2009 08:38:30 AM CST
> Local ID d108c183-459e-4b03-a811-e45ea3323dad
> Line Numbers
>
> Raw Audit Messages
>
> node=localhost.localdomain type=AVC msg=audit(1234449510.598:8): avc: denied { create } for pid=2607 comm="kde4-config" name=".kde" scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:root_t:s0 tclass=dir
>
> node=localhost.localdomain type=SYSCALL msg=audit(1234449510.598:8): arch=40000003 syscall=39 success=no exit=-13 a0=8794358 a1=1c0 a2=749e38c a3=1 items=0 ppid=2606 pid=2607 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="kde4-config" exe="/usr/bin/kde4-config" subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 key=(null)
>
>
> Summary:
>
> SELinux is preventing the gdm-session-wor from using potentially mislabeled
> files (.xsession-errors).
>
> Detailed Description:
>
> SELinux has denied gdm-session-wor access to potentially mislabeled file(s)
> (.xsession-errors). This means that SELinux will not allow gdm-session-wor to
> use these files. It is common for users to edit files in their home directory or
> tmp directories and then move (mv) them to system directories. The problem is
> that the files end up with the wrong file context which confined applications
> are not allowed to access.
>
> Allowing Access:
>
> If you want gdm-session-wor to access this files, you need to relabel them using
> restorecon -v '.xsession-errors'. You might want to relabel the entire directory
> using restorecon -R -v ''.
>
> Additional Information:
>
> Source Context system_u:system_r:xdm_t:SystemLow-SystemHigh
> Target Context system_u:object_r:xauth_home_t
> Target Objects .xsession-errors [ file ]
> Source gdm-session-wor
> Source Path /usr/libexec/gdm-session-worker
> Port <Unknown>
> Host localhost.localdomain
> Source RPM Packages gdm-2.25.2-3.fc11
> Target RPM Packages
> Policy RPM selinux-policy-3.6.5-3.fc11
> Selinux Enabled True
> Policy Type targeted
> MLS Enabled True
> Enforcing Mode Enforcing
> Plugin Name home_tmp_bad_labels
> Host Name localhost.localdomain
> Platform Linux localhost.localdomain
> 2.6.29-0.110.rc4.git3.fc11.i586 #1 SMP Wed Feb 11
> 16:25:38 EST 2009 i686 i686
> Alert Count 1
> First Seen Thu 12 Feb 2009 08:38:37 AM CST
> Last Seen Thu 12 Feb 2009 08:38:37 AM CST
> Local ID c26924ad-8d28-4294-b100-a403fb00932b
> Line Numbers
>
> Raw Audit Messages
>
> node=localhost.localdomain type=AVC msg=audit(1234449517.666:18): avc: denied { read write } for pid=2665 comm="gdm-session-wor" name=".xsession-errors" dev=dm-0 ino=426067 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:xauth_home_t:s0 tclass=file
>
> node=localhost.localdomain type=SYSCALL msg=audit(1234449517.666:18): arch=40000003 syscall=33 success=no exit=-13 a0=82088a8 a1=6 a2=c4225c a3=ad69bc items=0 ppid=2660 pid=2665 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) ses=1 comm="gdm-session-wor" exe="/usr/libexec/gdm-session-worker" subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 key=(null)
>
>
> Summary:
>
> SELinux is preventing the gdm-session-wor from using potentially mislabeled
> files (.dmrc).
>
> Detailed Description:
>
> SELinux has denied gdm-session-wor access to potentially mislabeled file(s)
> (.dmrc). This means that SELinux will not allow gdm-session-wor to use these
> files. It is common for users to edit files in their home directory or tmp
> directories and then move (mv) them to system directories. The problem is that
> the files end up with the wrong file context which confined applications are not
> allowed to access.
>
> Allowing Access:
>
> If you want gdm-session-wor to access this files, you need to relabel them using
> restorecon -v '.dmrc'. You might want to relabel the entire directory using
> restorecon -R -v ''.
>
> Additional Information:
>
> Source Context system_u:system_r:xdm_t:SystemLow-SystemHigh
> Target Context system_u:object_r:xauth_home_t
> Target Objects .dmrc [ file ]
> Source gdm-session-wor
> Source Path /usr/libexec/gdm-session-worker
> Port <Unknown>
> Host localhost.localdomain
> Source RPM Packages gdm-2.25.2-3.fc11
> Target RPM Packages
> Policy RPM selinux-policy-3.6.5-3.fc11
> Selinux Enabled True
> Policy Type targeted
> MLS Enabled True
> Enforcing Mode Enforcing
> Plugin Name home_tmp_bad_labels
> Host Name localhost.localdomain
> Platform Linux localhost.localdomain
> 2.6.29-0.110.rc4.git3.fc11.i586 #1 SMP Wed Feb 11
> 16:25:38 EST 2009 i686 i686
> Alert Count 2
> First Seen Thu 12 Feb 2009 08:38:37 AM CST
> Last Seen Thu 12 Feb 2009 08:38:37 AM CST
> Local ID 33f693b3-35dc-4b77-be00-95cf19cefdc8
> Line Numbers
>
> Raw Audit Messages
>
> node=localhost.localdomain type=AVC msg=audit(1234449517.325:11): avc: denied { read } for pid=2660 comm="gdm-session-wor" name=".dmrc" dev=dm-0 ino=426068 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:xauth_home_t:s0 tclass=file
>
> node=localhost.localdomain type=SYSCALL msg=audit(1234449517.325:11): arch=40000003 syscall=5 success=no exit=-13 a0=81a9868 a1=8000 a2=0 a3=8000 items=0 ppid=2626 pid=2660 auid=4294967295 uid=0 gid=0 euid=500 suid=0 fsuid=500 egid=500 sgid=0 fsgid=500 tty=(none) ses=4294967295 comm="gdm-session-wor" exe="/usr/libexec/gdm-session-worker" subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 key=(null)
>
>
>
> Summary:
>
> SELinux is preventing 0logwatch (logwatch_t) "read" to /root (user_home_dir_t).
>
> Detailed Description:
>
> SELinux denied access requested by 0logwatch. /root may be a mislabeled. /root
> default SELinux type is admin_home_t, but its current type is user_home_dir_t.
> Changing this file back to the default type, may fix your problem.
>
> File contexts can be assigned to a file in the following ways.
>
> * Files created in a directory receive the file context of the parent
> directory by default.
> * The SELinux policy might override the default label inherited from the
> parent directory by specifying a process running in context A which creates
> a file in a directory labeled B will instead create the file with label C.
> An example of this would be the dhcp client running with the dhclient_t type
> and creates a file in the directory /etc. This file would normally receive
> the etc_t type due to parental inheritance but instead the file is labeled
> with the net_conf_t type because the SELinux policy specifies this.
> * Users can change the file context on a file using tools such as chcon, or
> restorecon.
>
> This file could have been mislabeled either by user error, or if an normally
> confined application was run under the wrong domain.
>
> However, this might also indicate a bug in SELinux because the file should not
> have been labeled with this type.
>
> If you believe this is a bug, please file a bug report
> (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) against this package.
>
> Allowing Access:
>
> You can restore the default system context to this file by executing the
> restorecon command. restorecon '/root', if this file is a directory, you can
> recursively restore using restorecon -R '/root'.
>
> Fix Command:
>
> restorecon '/root'
>
> Additional Information:
>
> Source Context system_u:system_r:logwatch_t:SystemLow-SystemHigh
> Target Context system_u:object_r:user_home_dir_t
> Target Objects /root [ dir ]
> Source 0logwatch
> Source Path /usr/bin/perl
> Port <Unknown>
> Host localhost.localdomain
> Source RPM Packages perl-5.10.0-56.fc11
> Target RPM Packages filesystem-2.4.19-1.fc10
> Policy RPM selinux-policy-3.6.5-3.fc11
> Selinux Enabled True
> Policy Type targeted
> MLS Enabled True
> Enforcing Mode Enforcing
> Plugin Name restorecon
> Host Name localhost.localdomain
> Platform Linux localhost.localdomain
> 2.6.29-0.110.rc4.git3.fc11.i586 #1 SMP Wed Feb 11
> 16:25:38 EST 2009 i686 i686
> Alert Count 1
> First Seen Thu 12 Feb 2009 09:15:02 AM CST
> Last Seen Thu 12 Feb 2009 09:15:02 AM CST
> Local ID f4899a3b-7541-45fa-826e-a0b28973be00
> Line Numbers
>
> Raw Audit Messages
>
> node=localhost.localdomain type=AVC msg=audit(1234451702.307:33): avc: denied { read } for pid=3199 comm="0logwatch" path="/root" dev=dm-0 ino=32769 scontext=system_u:system_r:logwatch_t:s0-s0:c0.c1023 tcontext=system_u:object_r:user_home_dir_t:s0 tclass=dir
>
> node=localhost.localdomain type=SYSCALL msg=audit(1234451702.307:33): arch=40000003 syscall=11 success=yes exit=0 a0=9174c20 a1=91744f8 a2=91728a8 a3=91744f8 items=0 ppid=3195 pid=3199 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=2 comm="0logwatch" exe="/usr/bin/perl" subj=system_u:system_r:logwatch_t:s0-s0:c0.c1023 key=(null)
>
>
> Summary:
>
> SELinux is preventing sendmail (system_mail_t) "read" to /root
> (user_home_dir_t).
>
> Detailed Description:
>
> SELinux denied access requested by sendmail. /root may be a mislabeled. /root
> default SELinux type is admin_home_t, but its current type is user_home_dir_t.
> Changing this file back to the default type, may fix your problem.
>
> File contexts can be assigned to a file in the following ways.
>
> * Files created in a directory receive the file context of the parent
> directory by default.
> * The SELinux policy might override the default label inherited from the
> parent directory by specifying a process running in context A which creates
> a file in a directory labeled B will instead create the file with label C.
> An example of this would be the dhcp client running with the dhclient_t type
> and creates a file in the directory /etc. This file would normally receive
> the etc_t type due to parental inheritance but instead the file is labeled
> with the net_conf_t type because the SELinux policy specifies this.
> * Users can change the file context on a file using tools such as chcon, or
> restorecon.
>
> This file could have been mislabeled either by user error, or if an normally
> confined application was run under the wrong domain.
>
> However, this might also indicate a bug in SELinux because the file should not
> have been labeled with this type.
>
> If you believe this is a bug, please file a bug report
> (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) against this package.
>
> Allowing Access:
>
> You can restore the default system context to this file by executing the
> restorecon command. restorecon '/root', if this file is a directory, you can
> recursively restore using restorecon -R '/root'.
>
> Fix Command:
>
> restorecon '/root'
>
> Additional Information:
>
> Source Context system_u:system_r:system_mail_t:SystemLow-
> SystemHigh
> Target Context system_u:object_r:user_home_dir_t
> Target Objects /root [ dir ]
> Source sendmail
> Source Path /usr/sbin/sendmail.sendmail
> Port <Unknown>
> Host localhost.localdomain
> Source RPM Packages sendmail-8.14.3-4.fc11
> Target RPM Packages filesystem-2.4.19-1.fc10
> Policy RPM selinux-policy-3.6.5-3.fc11
> Selinux Enabled True
> Policy Type targeted
> MLS Enabled True
> Enforcing Mode Enforcing
> Plugin Name restorecon
> Host Name localhost.localdomain
> Platform Linux localhost.localdomain
> 2.6.29-0.110.rc4.git3.fc11.i586 #1 SMP Wed Feb 11
> 16:25:38 EST 2009 i686 i686
> Alert Count 1
> First Seen Thu 12 Feb 2009 09:30:33 AM CST
> Last Seen Thu 12 Feb 2009 09:30:33 AM CST
> Local ID 748a8584-58e2-4487-afba-48a6e2951d7d
> Line Numbers
>
> Raw Audit Messages
>
> node=localhost.localdomain type=AVC msg=audit(1234452633.639:34): avc: denied { read } for pid=11298 comm="sendmail" path="/root" dev=dm-0 ino=32769 scontext=system_u:system_r:system_mail_t:s0-s0:c0.c1023 tcontext=system_u:object_r:user_home_dir_t:s0 tclass=dir
>
> node=localhost.localdomain type=SYSCALL msg=audit(1234452633.639:34): arch=40000003 syscall=11 success=yes exit=0 a0=804d6f0 a1=bfb3981c a2=82320a0 a3=4 items=0 ppid=3162 pid=11298 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=51 sgid=51 fsgid=51 tty=(none) ses=2 comm="sendmail" exe="/usr/sbin/sendmail.sendmail" subj=system_u:system_r:system_mail_t:s0-s0:c0.c1023 key=(null)
>
>
> I will be patient here, but the .kde one, I don't understand what is wrong, is it with KDe or with selinux. I keep seeing it over and over. It goes away and then it comes back :(
>
> Thanks,
>
> Antonio
>
>
>
>
>
>
>
>
>
>
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
kde login thinks that it's homedir is / and wants to create files under /
Then need to start it in a real homedir or have it put this directory
under /var/lib/kde?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iEYEARECAAYFAkmUmEIACgkQrlYvE4MpobMq/gCeJPvsvZPGic6I5pYhsWFcq7nk
ouMAoIpuSyd/p3L6NaC0hnRROaVby80L
=wr2p
-----END PGP SIGNATURE-----
More information about the fedora-selinux-list
mailing list