SELinux advisory
Daniel J Walsh
dwalsh at redhat.com
Fri Jun 26 19:28:02 UTC 2009
On 06/26/2009 11:20 AM, Paolo Galtieri wrote:
> I keep getting the following SELinux alert.
> SELinux is preventing hostname (hostname_t) "read" security_t
>
> The alert data is shown below. I'm not sure what I might have changed to
> cause this.
>
> Paolo
>
> Summary:
>
> SELinux is preventing hostname (hostname_t) "read" security_t.
>
> Detailed Description:
>
> SELinux denied access requested by hostname. It is not expected that
> this access
> is required by hostname and this access may signal an intrusion attempt.
> It is
> also possible that the specific version or configuration of the
> application is
> causing it to require additional access.
>
> Allowing Access:
>
> You can generate a local policy module to allow this access - see FAQ
> (http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can
> disable
> SELinux protection altogether. Disabling SELinux protection is not
> recommended.
> Please file a bug report
> (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
> against this package.
>
> Additional Information:
>
> Source Context system_u:system_r:hostname_t:s0
> Target Context system_u:object_r:security_t:s0
> Target Objects mls [ file ]
> Source hostname
> Source Path /bin/hostname
> Port <Unknown>
> Host peglaptop10
> Source RPM Packages net-tools-1.60-92.fc11
> Target RPM Packages Policy RPM selinux-policy-3.6.12-50.fc11
> Selinux Enabled True
> Policy Type targeted
> MLS Enabled True
> Enforcing Mode Enforcing
> Plugin Name catchall
> Host Name peglaptop10
> Platform Linux peglaptop10 2.6.29.5-191.fc11.x86_64 #1 SMP
> Tue Jun 16 23:23:21 EDT 2009 x86_64 x86_64
> Alert Count 108
> First Seen Fri 19 Jun 2009 06:33:48 PM MST
> Last Seen Fri 26 Jun 2009 07:31:49 AM MST
> Local ID 2bc187c8-f1ab-4a44-8c0b-cc092191743b
> Line Numbers
> Raw Audit Messages
> node=peglaptop10 type=AVC msg=audit(1246026709.145:1331): avc: denied {
> read } for pid=14213 comm="hostname" name="mls" dev=selinuxfs ino=12
> scontext=system_u:system_r:hostname_t:s0
> tcontext=system_u:object_r:security_t:s0 tclass=file
>
> node=peglaptop10 type=SYSCALL msg=audit(1246026709.145:1331):
> arch=c000003e syscall=2 success=no exit=-13 a0=7fff3f294550 a1=0
> a2=7fff3f29455c a3=fffffff8 items=0 ppid=14200 pid=14213 auid=4294967295
> uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none)
> ses=4294967295 comm="hostname" exe="/bin/hostname"
> subj=system_u:system_r:hostname_t:s0 key=(null)
>
You can ignore this for now and update to
selinux-policy-3.6.12-57.fc11.noarch, when it becomes available.
Or you can grab it now at
https://admin.fedoraproject.org/updates/selinux-policy-3.6.12-57.fc11
More information about the fedora-list
mailing list