Kernel audit messages

Mike Chambers mike at netlyncs.com
Tue Apr 13 10:36:40 UTC 2004


I have found these this morning in my logs after the latest kernel from
rawhide on a FC2T2 system...

[root at homer cron.monthly]# rpm -q policy kernel
policy-1.10.2-5
kernel-2.6.5-1.315


Apr 12 18:51:53 homer kernel: audit(1081813913.544:0): avc:  denied  {
search } for  pid=973 exe=/usr/bin/procmail name=mail dev=hda2
ino=246478 scontext=system_u:system_r:procmail_t
tcontext=system_u:object_r:etc_mail_t tclass=dir
Apr 12 18:51:53 homer kernel: audit(1081813913.558:0): avc:  denied  { getattr } for  pid=973 exe=/usr/bin/procmail path=/etc/mail/spamassassin/spamassassin-default.rc dev=hda2 ino=246760 scontext=system_u:system_r:procmail_t tcontext=system_u:object_r:etc_mail_t tclass=file
Apr 12 18:51:53 homer kernel: audit(1081813913.559:0): avc:  denied  { read } for  pid=973 exe=/usr/bin/procmail name=spamassassin-default.rc dev=hda2 ino=246760 scontext=system_u:system_r:procmail_t tcontext=system_u:object_r:etc_mail_t tclass=file
Apr 12 18:51:53 homer kernel: audit(1081813913.662:0): avc:  denied  { read } for  pid=975 exe=/usr/bin/perl name=urandom dev=hda2 ino=798062 scontext=system_u:system_r:procmail_t tcontext=system_u:object_r:urandom_device_t tclass=chr_file
Apr 12 18:51:53 homer kernel: audit(1081813913.664:0): avc:  denied  { read } for  pid=975 exe=/usr/bin/perl name=self dev= ino=2 scontext=system_u:system_r:procmail_t tcontext=system_u:object_r:proc_t tclass=lnk_file
Apr 12 18:51:53 homer kernel: audit(1081813913.665:0): avc:  denied  { search } for  pid=975 exe=/usr/bin/perl name=975 dev= ino=63897602 scontext=system_u:system_r:procmail_t tcontext=system_u:system_r:procmail_t tclass=dir
Apr 12 18:51:53 homer kernel: audit(1081813913.665:0): avc:  denied  { read } for  pid=975 exe=/usr/bin/perl name=exe dev= ino=63897608 scontext=system_u:system_r:procmail_t tcontext=system_u:system_r:procmail_t tclass=lnk_file
Apr 12 18:51:53 homer kernel: audit(1081813913.666:0): avc:  denied  { getattr } for  pid=975 exe=/usr/bin/perl path=/bin dev=hda2 ino=851969 scontext=system_u:system_r:procmail_t tcontext=system_u:object_r:bin_t tclass=dir
Apr 12 18:51:56 homer kernel: audit(1081813916.231:0): avc:  denied  { search } for  pid=975 exe=/usr/bin/perl name=mqueue dev=hda2 ino=1065066 scontext=system_u:system_r:procmail_t tcontext=system_u:object_r:mqueue_spool_t tclass=dir
Apr 12 18:51:58 homer kernel: audit(1081813918.828:0): avc:  denied  { read } for  pid=975 exe=/usr/bin/perl name=shadow dev=hda2 ino=246191 scontext=system_u:system_r:procmail_t tcontext=system_u:object_r:shadow_t tclass=file
Apr 12 18:51:58 homer kernel: audit(1081813918.829:0): avc:  denied  { getattr } for  pid=975 exe=/usr/bin/perl path=/etc/shadow dev=hda2 ino=246191 scontext=system_u:system_r:procmail_t tcontext=system_u:object_r:shadow_t tclass=file
Apr 12 18:51:59 homer kernel: audit(1081813919.130:0): avc:  denied  { getattr } for  pid=975 exe=/usr/bin/perl path=/usr/share/spamassassin/20_anti_ratware.cf dev=hda2 ino=2327150 scontext=system_u:system_r:procmail_t tcontext=system_u:object_r:usr_t tclass=file
Apr 12 18:51:59 homer kernel: audit(1081813919.268:0): avc:  denied  { read } for  pid=975 exe=/usr/bin/perl name=10_misc.cf dev=hda2 ino=2326781 scontext=system_u:system_r:procmail_t tcontext=system_u:object_r:usr_t tclass=file
Apr 12 18:51:59 homer kernel: audit(1081813919.268:0): avc:  denied  { ioctl } for  pid=975 exe=/usr/bin/perl path=/usr/share/spamassassin/10_misc.cf dev=hda2 ino=2326781 scontext=system_u:system_r:procmail_t tcontext=system_u:object_r:usr_t tclass=file
Apr 12 18:52:01 homer kernel: audit(1081813921.154:0): avc:  denied  { getattr } for  pid=975 exe=/usr/bin/perl path=/etc/mail/spamassassin dev=hda2 ino=246658 scontext=system_u:system_r:procmail_t tcontext=system_u:object_r:etc_mail_t tclass=dir
Apr 12 18:52:01 homer kernel: audit(1081813921.155:0): avc:  denied  { read } for  pid=975 exe=/usr/bin/perl name=spamassassin dev=hda2 ino=246658 scontext=system_u:system_r:procmail_t tcontext=system_u:object_r:etc_mail_t tclass=dir
Apr 12 18:52:01 homer kernel: audit(1081813921.156:0): avc:  denied  { ioctl } for  pid=975 exe=/usr/bin/perl path=/etc/mail/spamassassin/local.cf dev=hda2 ino=246831 scontext=system_u:system_r:procmail_t tcontext=system_u:object_r:etc_mail_t tclass=file
Apr 12 18:52:03 homer kernel: audit(1081813923.705:0): avc:  denied  { net_admin } for  pid=986 exe=/usr/sbin/httpd capability=12 scontext=system_u:system_r:httpd_t tcontext=system_u:system_r:httpd_t tclass=capability
Apr 12 18:52:05 homer kernel: audit(1081813925.336:0): avc:  denied  { getattr } for  pid=975 exe=/usr/bin/perl path=/var/tmp dev=hda2 ino=1064964 scontext=system_u:system_r:procmail_t tcontext=system_u:object_r:tmp_t tclass=dir
Apr 12 18:52:09 homer kernel: audit(1081813929.624:0): avc:  denied  { setrlimit } for  pid=1007 exe=/usr/sbin/smbd scontext=system_u:system_r:smbd_t tcontext=system_u:system_r:smbd_t tclass=process
Apr 12 18:54:57 homer kernel: audit(1081814097.936:0): avc:  denied  { search } for  pid=1073 exe=/usr/bin/procmail name=mail dev=hda2 ino=246478 scontext=system_u:system_r:procmail_t tcontext=system_u:object_r:etc_mail_t tclass=dir
Apr 12 18:54:57 homer kernel: audit(1081814097.937:0): avc:  denied  { getattr } for  pid=1073 exe=/usr/bin/procmail path=/etc/mail/spamassassin/spamassassin-default.rc dev=hda2 ino=246760 scontext=system_u:system_r:procmail_t tcontext=system_u:object_r:etc_mail_t tclass=file
Apr 12 18:54:57 homer kernel: audit(1081814097.948:0): avc:  denied  { read } for  pid=1075 exe=/usr/bin/perl name=urandom dev=hda2 ino=798062 scontext=system_u:system_r:procmail_t tcontext=system_u:object_r:urandom_device_t tclass=chr_file
Apr 12 18:54:57 homer kernel: audit(1081814097.951:0): avc:  denied  { read } for  pid=1075 exe=/usr/bin/perl name=self dev= ino=2 scontext=system_u:system_r:procmail_t tcontext=system_u:object_r:proc_t tclass=lnk_file
Apr 12 18:54:57 homer kernel: audit(1081814097.952:0): avc:  denied  { search } for  pid=1075 exe=/usr/bin/perl name=1075 dev= ino=70451202 scontext=system_u:system_r:procmail_t tcontext=system_u:system_r:procmail_t tclass=dir
Apr 12 18:54:57 homer kernel: audit(1081814097.952:0): avc:  denied  { read } for  pid=1075 exe=/usr/bin/perl name=exe dev= ino=70451208 scontext=system_u:system_r:procmail_t tcontext=system_u:system_r:procmail_t tclass=lnk_file
Apr 12 18:54:57 homer kernel: audit(1081814097.953:0): avc:  denied  { getattr } for  pid=1075 exe=/usr/bin/perl path=/bin dev=hda2 ino=851969 scontext=system_u:system_r:procmail_t tcontext=system_u:object_r:bin_t tclass=dir
Apr 12 18:54:59 homer kernel: audit(1081814099.890:0): avc:  denied  { read } for  pid=1075 exe=/usr/bin/perl name=shadow dev=hda2 ino=246191 scontext=system_u:system_r:procmail_t tcontext=system_u:object_r:shadow_t tclass=file
Apr 12 18:54:59 homer kernel: audit(1081814099.891:0): avc:  denied  { getattr } for  pid=1075 exe=/usr/bin/perl path=/etc/shadow dev=hda2 ino=246191 scontext=system_u:system_r:procmail_t tcontext=system_u:object_r:shadow_t tclass=file
Apr 12 18:54:59 homer kernel: audit(1081814099.893:0): avc:  denied  { getattr } for  pid=1075 exe=/usr/bin/perl path=/usr/share/spamassassin/20_anti_ratware.cf dev=hda2 ino=2327150 scontext=system_u:system_r:procmail_t tcontext=system_u:object_r:usr_t tclass=file
Apr 12 18:54:59 homer kernel: audit(1081814099.896:0): avc:  denied  { read } for  pid=1075 exe=/usr/bin/perl name=10_misc.cf dev=hda2 ino=2326781 scontext=system_u:system_r:procmail_t tcontext=system_u:object_r:usr_t tclass=file
Apr 12 18:54:59 homer kernel: audit(1081814099.897:0): avc:  denied  { ioctl } for  pid=1075 exe=/usr/bin/perl path=/usr/share/spamassassin/10_misc.cf dev=hda2 ino=2326781 scontext=system_u:system_r:procmail_t tcontext=system_u:object_r:usr_t tclass=file
Apr 12 18:55:00 homer kernel: audit(1081814100.023:0): avc:  denied  { getattr } for  pid=1075 exe=/usr/bin/perl path=/etc/mail/spamassassin dev=hda2 ino=246658 scontext=system_u:system_r:procmail_t tcontext=system_u:object_r:etc_mail_t tclass=dir
Apr 12 18:55:00 homer kernel: audit(1081814100.025:0): avc:  denied  { read } for  pid=1075 exe=/usr/bin/perl name=spamassassin dev=hda2 ino=246658 scontext=system_u:system_r:procmail_t tcontext=system_u:object_r:etc_mail_t tclass=dir
Apr 12 18:55:00 homer kernel: audit(1081814100.026:0): avc:  denied  { ioctl } for  pid=1075 exe=/usr/bin/perl path=/etc/mail/spamassassin/local.cf dev=hda2 ino=246831 scontext=system_u:system_r:procmail_t tcontext=system_u:object_r:etc_mail_t tclass=file
Apr 12 19:12:59 homer kernel: audit(1081815179.382:0): avc:  denied  { read } for  pid=1089 exe=/usr/sbin/smbd name=mtab dev=hda2 ino=247415 scontext=system_u:system_r:smbd_t tcontext=system_u:object_r:etc_runtime_t tclass=file
Apr 12 19:12:59 homer kernel: audit(1081815179.383:0): avc:  denied  { getattr } for  pid=1089 exe=/usr/sbin/smbd path=/etc/mtab dev=hda2 ino=247415 scontext=system_u:system_r:smbd_t tcontext=system_u:object_r:etc_runtime_t tclass=file
Apr 12 20:01:11 homer kernel: audit(1081818071.753:0): avc:  denied  { setattr } for  pid=1182 exe=/usr/bin/rsync name=rawhide dev=hdd1 ino=473284 scontext=system_u:system_r:system_crond_t tcontext=system_u:object_r:user_home_t tclass=dir
Apr 12 20:01:11 homer kernel: audit(1081818071.754:0): avc:  denied  { setattr } for  pid=1182 exe=/usr/bin/rsync name=Archive-Update-in-Progress-carroll.aset.psu.edu dev=hdd1 ino=473288 scontext=system_u:system_r:system_crond_t tcontext=system_u:object_r:user_home_t tclass=file
Apr 12 20:01:12 homer kernel: audit(1081818072.235:0): avc:  denied  { setattr } for  pid=1182 exe=/usr/bin/rsync name=Canna-libs-3.7p1-6.i386.rpm dev=hdd1 ino=522486 scontext=system_u:system_r:system_crond_t tcontext=root:object_r:user_home_t tclass=file
Apr 12 20:01:16 homer kernel: audit(1081818076.850:0): avc:  denied  { read } for  pid=1192 exe=/usr/bin/perl name=shadow dev=hda2 ino=246191 scontext=system_u:system_r:procmail_t tcontext=system_u:object_r:shadow_t tclass=file
Apr 12 20:01:16 homer kernel: audit(1081818076.851:0): avc:  denied  { getattr } for  pid=1192 exe=/usr/bin/perl path=/etc/shadow dev=hda2 ino=246191 scontext=system_u:system_r:procmail_t tcontext=system_u:object_r:shadow_t tclass=file
Apr 12 20:01:16 homer kernel: audit(1081818076.854:0): avc:  denied  { getattr } for  pid=1192 exe=/usr/bin/perl path=/usr/share/spamassassin/20_anti_ratware.cf dev=hda2 ino=2327150 scontext=system_u:system_r:procmail_t tcontext=system_u:object_r:usr_t tclass=file
Apr 12 20:01:16 homer kernel: audit(1081818076.857:0): avc:  denied  { read } for  pid=1192 exe=/usr/bin/perl name=10_misc.cf dev=hda2 ino=2326781 scontext=system_u:system_r:procmail_t tcontext=system_u:object_r:usr_t tclass=file
Apr 12 20:01:16 homer kernel: audit(1081818076.857:0): avc:  denied  { ioctl } for  pid=1192 exe=/usr/bin/perl path=/usr/share/spamassassin/10_misc.cf dev=hda2 ino=2326781 scontext=system_u:system_r:procmail_t tcontext=system_u:object_r:usr_t tclass=file
Apr 12 20:16:59 homer kernel: audit(1081819019.856:0): avc:  denied  { read } for  pid=1253 exe=/usr/sbin/smbd name=mtab dev=hda2 ino=247415 scontext=system_u:system_r:smbd_t tcontext=system_u:object_r:etc_runtime_t tclass=file
Apr 12 20:16:59 homer kernel: audit(1081819019.857:0): avc:  denied  { getattr } for  pid=1253 exe=/usr/sbin/smbd path=/etc/mtab dev=hda2 ino=247415 scontext=system_u:system_r:smbd_t tcontext=system_u:object_r:etc_runtime_t tclass=file
Apr 12 21:26:27 homer kernel: audit(1081823187.677:0): avc:  denied  { getattr } for  pid=1360 exe=/usr/sbin/ipop3d path=/etc/krb5.conf dev=hda2 ino=247355 scontext=system_u:system_r:inetd_child_t tcontext=system_u:object_r:krb5_conf_t tclass=file
Apr 12 21:26:27 homer kernel: audit(1081823187.679:0): avc:  denied  { read } for  pid=1360 exe=/usr/sbin/ipop3d name=krb5.conf dev=hda2 ino=247355 scontext=system_u:system_r:inetd_child_t tcontext=system_u:object_r:krb5_conf_t tclass=file
Apr 12 21:26:27 homer kernel: audit(1081823187.679:0): avc:  denied  { write } for  pid=1360 exe=/usr/sbin/ipop3d name=krb5.conf dev=hda2 ino=247355 scontext=system_u:system_r:inetd_child_t tcontext=system_u:object_r:krb5_conf_t tclass=file
Apr 12 21:26:27 homer kernel: audit(1081823187.716:0): avc:  denied  { read } for  pid=1360 exe=/usr/sbin/ipop3d name=urandom dev=hda2 ino=798062 scontext=system_u:system_r:inetd_child_t tcontext=system_u:object_r:urandom_device_t tclass=chr_file
Apr 12 21:26:27 homer kernel: audit(1081823187.719:0): avc:  denied  { getattr } for  pid=1360 exe=/usr/sbin/ipop3d path=/dev/urandom dev=hda2 ino=798062 scontext=system_u:system_r:inetd_child_t tcontext=system_u:object_r:urandom_device_t tclass=chr_file
Apr 12 21:26:28 homer kernel: audit(1081823188.064:0): avc:  denied  { read } for  pid=1360 exe=/usr/sbin/ipop3d name=mounts dev= ino=4105 scontext=system_u:system_r:inetd_child_t tcontext=system_u:object_r:proc_t tclass=lnk_file
Apr 12 21:26:28 homer kernel: audit(1081823188.065:0): avc:  denied  { search } for  pid=1360 exe=/usr/sbin/ipop3d name=1360 dev= ino=89128962 scontext=system_u:system_r:inetd_child_t tcontext=system_u:system_r:inetd_child_t tclass=dir
Apr 12 21:26:28 homer kernel: audit(1081823188.065:0): avc:  denied  { read } for  pid=1360 exe=/usr/sbin/ipop3d name=mounts dev= ino=89128976 scontext=system_u:system_r:inetd_child_t tcontext=system_u:system_r:inetd_child_t tclass=file
Apr 12 21:26:28 homer kernel: audit(1081823188.066:0): avc:  denied  { getattr } for  pid=1360 exe=/usr/sbin/ipop3d path=/proc/1360/mounts dev= ino=89128976 scontext=system_u:system_r:inetd_child_t tcontext=system_u:system_r:inetd_child_t tclass=file
Apr 12 21:26:28 homer kernel: audit(1081823188.116:0): avc:  denied  { read } for  pid=1360 exe=/usr/sbin/ipop3d name=shadow dev=hda2 ino=246191 scontext=system_u:system_r:inetd_child_t tcontext=system_u:object_r:shadow_t tclass=file
Apr 12 21:26:28 homer kernel: audit(1081823188.117:0): avc:  denied  { getattr } for  pid=1360 exe=/usr/sbin/ipop3d path=/etc/shadow dev=hda2 ino=246191 scontext=system_u:system_r:inetd_child_t tcontext=system_u:object_r:shadow_t tclass=file
Apr 12 21:26:28 homer kernel: audit(1081823188.160:0): avc:  denied  { search } for  pid=1360 exe=/usr/sbin/ipop3d name=sys dev= ino=4120 scontext=system_u:system_r:inetd_child_t tcontext=system_u:object_r:sysctl_t tclass=dir
Apr 12 21:26:28 homer kernel: audit(1081823188.162:0): avc:  denied  { search } for  pid=1360 exe=/usr/sbin/ipop3d dev=hdd1 ino=2 scontext=system_u:system_r:inetd_child_t tcontext=system_u:object_r:home_root_t tclass=dir
Apr 12 21:26:28 homer kernel: audit(1081823188.162:0): avc:  denied  { search } for  pid=1360 exe=/usr/sbin/ipop3d name=mike dev=hdd1 ino=1648321 scontext=system_u:system_r:inetd_child_t tcontext=mike:object_r:user_home_dir_t tclass=dir
Apr 12 21:26:28 homer kernel: audit(1081823188.209:0): avc:  denied  { search } for  pid=1360 exe=/usr/sbin/ipop3d name=spool dev=hda2 ino=1064995 scontext=system_u:system_r:inetd_child_t tcontext=system_u:object_r:var_spool_t tclass=dir
Apr 12 21:26:28 homer kernel: audit(1081823188.209:0): avc:  denied  { search } for  pid=1360 exe=/usr/sbin/ipop3d name=mail dev=hda2 ino=1064997 scontext=system_u:system_r:inetd_child_t tcontext=system_u:object_r:mail_spool_t tclass=dir
Apr 12 21:26:28 homer kernel: audit(1081823188.209:0): avc:  denied  { getattr } for  pid=1360 exe=/usr/sbin/ipop3d path=/var/spool/mail/mike dev=hda2 ino=1065833 scontext=system_u:system_r:inetd_child_t tcontext=system_u:object_r:mail_spool_t tclass=file
Apr 12 21:26:28 homer kernel: audit(1081823188.210:0): avc:  denied  { read } for  pid=1360 exe=/usr/sbin/ipop3d name=mike dev=hda2 ino=1065833 scontext=system_u:system_r:inetd_child_t tcontext=system_u:object_r:mail_spool_t tclass=file
Apr 12 21:26:28 homer kernel: audit(1081823188.263:0): avc:  denied  { setattr } for  pid=1360 exe=/usr/sbin/ipop3d name=mike dev=hda2 ino=1065833 scontext=system_u:system_r:inetd_child_t tcontext=system_u:object_r:mail_spool_t tclass=file
Apr 12 21:26:28 homer kernel: audit(1081823188.269:0): avc:  denied  { write } for  pid=1360 exe=/usr/sbin/ipop3d name=mike dev=hda2 ino=1065833 scontext=system_u:system_r:inetd_child_t tcontext=system_u:object_r:mail_spool_t tclass=file
Apr 12 21:26:28 homer kernel: audit(1081823188.270:0): avc:  denied  { write } for  pid=1360 exe=/usr/sbin/ipop3d name=mail dev=hda2 ino=1064997 scontext=system_u:system_r:inetd_child_t tcontext=system_u:object_r:mail_spool_t tclass=dir
Apr 12 21:26:28 homer kernel: audit(1081823188.270:0): avc:  denied  { add_name } for  pid=1360 exe=/usr/sbin/ipop3d name=mike.lock.1081823188.1360.homer.netlyncs.com scontext=system_u:system_r:inetd_child_t tcontext=system_u:object_r:mail_spool_t tclass=dir
Apr 12 21:26:28 homer kernel: audit(1081823188.270:0): avc:  denied  { create } for  pid=1360 exe=/usr/sbin/ipop3d name=mike.lock.1081823188.1360.homer.netlyncs.com scontext=system_u:system_r:inetd_child_t tcontext=system_u:object_r:mail_spool_t tclass=file
Apr 12 21:26:28 homer kernel: audit(1081823188.272:0): avc:  denied  { link } for  pid=1360 exe=/usr/sbin/ipop3d name=mike.lock.1081823188.1360.homer.netlyncs.com dev=hda2 ino=1065132 scontext=system_u:system_r:inetd_child_t tcontext=system_u:object_r:mail_spool_t tclass=file
Apr 12 21:26:28 homer kernel: audit(1081823188.272:0): avc:  denied  { remove_name } for  pid=1360 exe=/usr/sbin/ipop3d name=mike.lock.1081823188.1360.homer.netlyncs.com dev=hda2 ino=1065132 scontext=system_u:system_r:inetd_child_t tcontext=system_u:object_r:mail_spool_t tclass=dir
Apr 12 21:26:28 homer kernel: audit(1081823188.272:0): avc:  denied  { unlink } for  pid=1360 exe=/usr/sbin/ipop3d name=mike.lock.1081823188.1360.homer.netlyncs.com dev=hda2 ino=1065132 scontext=system_u:system_r:inetd_child_t tcontext=system_u:object_r:mail_spool_t tclass=file
Apr 12 21:26:28 homer kernel: audit(1081823188.273:0): avc:  denied  { lock } for  pid=1360 exe=/usr/sbin/ipop3d path=/var/spool/mail/mike dev=hda2 ino=1065833 scontext=system_u:system_r:inetd_child_t tcontext=system_u:object_r:mail_spool_t tclass=file
Apr 12 21:31:24 homer kernel: audit(1081823484.510:0): avc:  denied  { read } for  pid=1361 exe=/usr/sbin/ipop3d name=mounts dev= ino=4105 scontext=system_u:system_r:inetd_child_t tcontext=system_u:object_r:proc_t tclass=lnk_file
Apr 12 21:40:42 homer kernel: audit(1081824042.049:0): avc:  denied  { read } for  pid=1373 exe=/usr/bin/perl name=self dev= ino=2 scontext=system_u:system_r:procmail_t tcontext=system_u:object_r:proc_t tclass=lnk_file
Apr 12 21:43:58 homer kernel: audit(1081824238.654:0): avc:  denied  { read } for  pid=829 comm=nfsd laddr=192.168.1.4 lport=2049 faddr=192.168.1.3 fport=800 scontext=system_u:system_r:kernel_t tcontext=system_u:object_r:unlabeled_t tclass=file
Apr 12 21:43:58 homer kernel: audit(1081824238.717:0): avc:  denied  { rawip_recv } for  saddr=192.168.1.3 src=800 daddr=192.168.1.4 dest=2049 netif=eth0 scontext=system_u:object_r:unlabeled_t tcontext=system_u:object_r:netif_eth0_t tclass=netif
Apr 12 21:43:58 homer kernel: audit(1081824238.717:0): avc:  denied  { rawip_recv } for  saddr=192.168.1.3 src=800 daddr=192.168.1.4 dest=2049 netif=eth0 scontext=system_u:object_r:unlabeled_t tcontext=system_u:object_r:node_t tclass=node
Apr 12 21:43:58 homer kernel: audit(1081824238.717:0): avc:  denied  { rawip_send } for  saddr=192.168.1.4 src=2049 daddr=192.168.1.3 dest=800 netif=eth0 scontext=system_u:object_r:unlabeled_t tcontext=system_u:object_r:netif_eth0_t tclass=netif
Apr 12 21:43:58 homer kernel: audit(1081824238.717:0): avc:  denied  { rawip_send } for  saddr=192.168.1.4 src=2049 daddr=192.168.1.3 dest=800 netif=eth0 scontext=system_u:object_r:unlabeled_t tcontext=system_u:object_r:node_t tclass=node
Apr 12 21:43:58 homer kernel: audit(1081824238.717:0): avc:  denied  { write } for  pid=828 comm=nfsd laddr=192.168.1.4 lport=2049 faddr=192.168.1.3 fport=800 scontext=system_u:system_r:kernel_t tcontext=system_u:object_r:unlabeled_t tclass=file
Apr 12 21:50:17 homer kernel: audit(1081824617.611:0): avc:  denied  { read } for  pid=1452 exe=/usr/bin/perl name=exe dev= ino=95158280 scontext=system_u:system_r:procmail_t tcontext=system_u:system_r:procmail_t tclass=lnk_file
Apr 12 21:50:17 homer kernel: audit(1081824617.613:0): avc:  denied  { getattr } for  pid=1452 exe=/usr/bin/perl path=/bin dev=hda2 ino=851969 scontext=system_u:system_r:procmail_t tcontext=system_u:object_r:bin_t tclass=dir
Apr 12 21:50:21 homer kernel: audit(1081824621.537:0): avc:  denied  { getattr } for  pid=1452 exe=/usr/bin/perl path=/usr/share/spamassassin/20_anti_ratware.cf dev=hda2 ino=2327150 scontext=system_u:system_r:procmail_t tcontext=system_u:object_r:usr_t tclass=file
Apr 12 21:50:21 homer kernel: audit(1081824621.540:0): avc:  denied  { read } for  pid=1452 exe=/usr/bin/perl name=10_misc.cf dev=hda2 ino=2326781 scontext=system_u:system_r:procmail_t tcontext=system_u:object_r:usr_t tclass=file
Apr 12 21:50:21 homer kernel: audit(1081824621.540:0): avc:  denied  { ioctl } for  pid=1452 exe=/usr/bin/perl path=/usr/share/spamassassin/10_misc.cf dev=hda2 ino=2326781 scontext=system_u:system_r:procmail_t tcontext=system_u:object_r:usr_t tclass=file
Apr 12 21:50:22 homer sshd[1413]: Warning!  Could not relabel  with system_u:object_r:sshd_devpts_t, not relabeling. 
Apr 12 21:51:24 homer kernel: audit(1081824684.506:0): avc:  denied  { search } for  pid=1458 exe=/usr/sbin/ipop3d name=1458 dev= ino=95551490 scontext=system_u:system_r:inetd_child_t tcontext=system_u:system_r:inetd_child_t tclass=dir
Apr 12 21:51:24 homer kernel: audit(1081824684.506:0): avc:  denied  { read } for  pid=1458 exe=/usr/sbin/ipop3d name=mounts dev= ino=95551504 scontext=system_u:system_r:inetd_child_t tcontext=system_u:system_r:inetd_child_t tclass=file
Apr 12 21:51:24 homer kernel: audit(1081824684.507:0): avc:  denied  { getattr } for  pid=1458 exe=/usr/sbin/ipop3d path=/proc/1458/mounts dev= ino=95551504 scontext=system_u:system_r:inetd_child_t tcontext=system_u:system_r:inetd_child_t tclass=file
Apr 12 21:53:00 homer kernel: audit(1081824780.234:0): avc:  denied  { read } for  pid=1461 exe=/usr/sbin/smbd name=mtab dev=hda2 ino=247415 scontext=system_u:system_r:smbd_t tcontext=system_u:object_r:etc_runtime_t tclass=file
Apr 12 21:53:00 homer kernel: audit(1081824780.235:0): avc:  denied  { getattr } for  pid=1461 exe=/usr/sbin/smbd path=/etc/mtab dev=hda2 ino=247415 scontext=system_u:system_r:smbd_t tcontext=system_u:object_r:etc_runtime_t tclass=file
Apr 12 21:55:48 homer kernel: audit(1081824948.537:0): avc:  denied  { read } for  pid=826 comm=nfsd laddr=192.168.1.4 lport=2049 faddr=192.168.1.3 fport=800 scontext=system_u:system_r:kernel_t tcontext=system_u:object_r:unlabeled_t tclass=file
Apr 12 21:55:48 homer kernel: audit(1081824948.537:0): avc:  denied  { write } for  pid=826 comm=nfsd laddr=192.168.1.4 lport=2049 faddr=192.168.1.3 fport=800 scontext=system_u:system_r:kernel_t tcontext=system_u:object_r:unlabeled_t tclass=file
Apr 12 21:55:48 homer kernel: audit(1081824948.537:0): avc:  denied  { rawip_send } for  pid=826 comm=nfsd saddr=192.168.1.4 src=2049 daddr=192.168.1.3 dest=800 netif=eth0 scontext=system_u:object_r:unlabeled_t tcontext=system_u:object_r:netif_eth0_t tclass=netif
Apr 12 21:55:48 homer kernel: audit(1081824948.538:0): avc:  denied  { rawip_send } for  pid=826 comm=nfsd saddr=192.168.1.4 src=2049 daddr=192.168.1.3 dest=800 netif=eth0 scontext=system_u:object_r:unlabeled_t tcontext=system_u:object_r:node_t tclass=node
Apr 12 21:55:48 homer kernel: audit(1081824948.538:0): avc:  denied  { rawip_recv } for  pid=725 exe=/sbin/klogd saddr=192.168.1.3 src=800 daddr=192.168.1.4 dest=2049 netif=eth0 scontext=system_u:object_r:unlabeled_t tcontext=system_u:object_r:netif_eth0_t tclass=netif
Apr 12 21:55:48 homer kernel: audit(1081824948.538:0): avc:  denied  { rawip_recv } for  pid=725 exe=/sbin/klogd saddr=192.168.1.3 src=800 daddr=192.168.1.4 dest=2049 netif=eth0 scontext=system_u:object_r:unlabeled_t tcontext=system_u:object_r:node_t tclass=node
Apr 12 22:38:14 homer kernel: audit(1081827494.725:0): avc:  denied  { search } for  pid=1069 exe=/usr/sbin/httpd name=mysql dev=hda2 ino=1081669 scontext=system_u:system_r:httpd_t tcontext=system_u:object_r:mysqld_db_t tclass=dir
Apr 12 22:38:14 homer kernel: audit(1081827494.725:0): avc:  denied  { write } for  pid=1069 exe=/usr/sbin/httpd name=mysql.sock dev=hda2 ino=1802291 scontext=system_u:system_r:httpd_t tcontext=system_u:object_r:mysqld_db_t tclass=sock_file
Apr 12 22:38:14 homer kernel: audit(1081827494.726:0): avc:  denied  { connectto } for  pid=1069 exe=/usr/sbin/httpd path=/var/lib/mysql/mysql.sock scontext=system_u:system_r:httpd_t tcontext=system_u:system_r:initrc_t tclass=unix_stream_socket
Apr 12 22:40:26 homer kernel: audit(1081827626.397:0): avc:  denied  { getattr } for  pid=838 exe=/usr/sbin/rpc.mountd path=/proc/fs/nfsd/filehandle dev= ino=10 scontext=system_u:system_r:nfsd_t tcontext=system_u:object_r:nfsd_fs_t tclass=file
Apr 12 23:55:20 homer kernel: audit(1081832120.161:0): avc:  denied  { search } for  pid=1068 exe=/usr/sbin/httpd name=mysql dev=hda2 ino=1081669 scontext=system_u:system_r:httpd_t tcontext=system_u:object_r:mysqld_db_t tclass=dir
Apr 13 00:00:00 homer kernel: audit(1081832400.471:0): avc:  denied  { read } for  pid=1670 exe=/usr/bin/perl name=exe dev= ino=109445128 scontext=system_u:system_r:procmail_t tcontext=system_u:system_r:procmail_t tclass=lnk_file
Apr 13 00:00:00 homer kernel: audit(1081832400.472:0): avc:  denied  { getattr } for  pid=1670 exe=/usr/bin/perl path=/bin dev=hda2 ino=851969 scontext=system_u:system_r:procmail_t tcontext=system_u:object_r:bin_t tclass=dir
Apr 13 00:00:04 homer kernel: audit(1081832404.255:0): avc:  denied  { getattr } for  pid=1670 exe=/usr/bin/perl path=/usr/share/spamassassin/20_anti_ratware.cf dev=hda2 ino=2327150 scontext=system_u:system_r:procmail_t tcontext=system_u:object_r:usr_t tclass=file
Apr 13 00:00:04 homer kernel: audit(1081832404.258:0): avc:  denied  { read } for  pid=1670 exe=/usr/bin/perl name=10_misc.cf dev=hda2 ino=2326781 scontext=system_u:system_r:procmail_t tcontext=system_u:object_r:usr_t tclass=file
Apr 13 00:00:04 homer kernel: audit(1081832404.259:0): avc:  denied  { ioctl } for  pid=1670 exe=/usr/bin/perl path=/usr/share/spamassassin/10_misc.cf dev=hda2 ino=2326781 scontext=system_u:system_r:procmail_t tcontext=system_u:object_r:usr_t tclass=file
Apr 13 00:01:00 homer kernel: audit(1081832460.817:0): avc:  denied  { read } for  pid=1678 exe=/usr/sbin/smbd name=mtab dev=hda2 ino=247415 scontext=system_u:system_r:smbd_t tcontext=system_u:object_r:etc_runtime_t tclass=file
Apr 13 00:01:00 homer kernel: audit(1081832460.818:0): avc:  denied  { getattr } for  pid=1678 exe=/usr/sbin/smbd path=/etc/mtab dev=hda2 ino=247415 scontext=system_u:system_r:smbd_t tcontext=system_u:object_r:etc_runtime_t tclass=file
Apr 13 00:01:05 homer kernel: audit(1081832465.152:0): avc:  denied  { setattr } for  pid=1676 exe=/usr/bin/rsync name=rawhide dev=hdd1 ino=473284 scontext=system_u:system_r:system_crond_t tcontext=system_u:object_r:user_home_t tclass=dir
Apr 13 00:01:05 homer kernel: audit(1081832465.153:0): avc:  denied  { setattr } for  pid=1676 exe=/usr/bin/rsync name=Archive-Update-in-Progress-carroll.aset.psu.edu dev=hdd1 ino=473288 scontext=system_u:system_r:system_crond_t tcontext=system_u:object_r:user_home_t tclass=file
Apr 13 00:01:05 homer kernel: audit(1081832465.634:0): avc:  denied  { setattr } for  pid=1676 exe=/usr/bin/rsync name=Canna-libs-3.7p1-6.i386.rpm dev=hdd1 ino=522486 scontext=system_u:system_r:system_crond_t tcontext=root:object_r:user_home_t tclass=file
Apr 13 02:33:18 homer kernel: audit(1081841598.434:0): avc:  denied  { getattr } for  pid=1894 exe=/usr/sbin/ipop3d path=/etc/krb5.conf dev=hda2 ino=247355 scontext=system_u:system_r:inetd_child_t tcontext=system_u:object_r:krb5_conf_t tclass=file
Apr 13 02:33:18 homer kernel: audit(1081841598.435:0): avc:  denied  { read } for  pid=1894 exe=/usr/sbin/ipop3d name=krb5.conf dev=hda2 ino=247355 scontext=system_u:system_r:inetd_child_t tcontext=system_u:object_r:krb5_conf_t tclass=file
Apr 13 02:33:18 homer kernel: audit(1081841598.436:0): avc:  denied  { write } for  pid=1894 exe=/usr/sbin/ipop3d name=krb5.conf dev=hda2 ino=247355 scontext=system_u:system_r:inetd_child_t tcontext=system_u:object_r:krb5_conf_t tclass=file
Apr 13 02:33:18 homer kernel: audit(1081841598.438:0): avc:  denied  { read } for  pid=1894 exe=/usr/sbin/ipop3d name=urandom dev=hda2 ino=798062 scontext=system_u:system_r:inetd_child_t tcontext=system_u:object_r:urandom_device_t tclass=chr_file
Apr 13 02:33:18 homer kernel: audit(1081841598.439:0): avc:  denied  { getattr } for  pid=1894 exe=/usr/sbin/ipop3d path=/dev/urandom dev=hda2 ino=798062 scontext=system_u:system_r:inetd_child_t tcontext=system_u:object_r:urandom_device_t tclass=chr_file
Apr 13 02:33:19 homer kernel: audit(1081841599.251:0): avc:  denied  { read } for  pid=1894 exe=/usr/sbin/ipop3d name=mounts dev= ino=4105 scontext=system_u:system_r:inetd_child_t tcontext=system_u:object_r:proc_t tclass=lnk_file
Apr 13 02:33:19 homer kernel: audit(1081841599.251:0): avc:  denied  { search } for  pid=1894 exe=/usr/sbin/ipop3d name=1894 dev= ino=124125186 scontext=system_u:system_r:inetd_child_t tcontext=system_u:system_r:inetd_child_t tclass=dir
Apr 13 02:33:19 homer kernel: audit(1081841599.251:0): avc:  denied  { read } for  pid=1894 exe=/usr/sbin/ipop3d name=mounts dev= ino=124125200 scontext=system_u:system_r:inetd_child_t tcontext=system_u:system_r:inetd_child_t tclass=file
Apr 13 02:33:19 homer kernel: audit(1081841599.251:0): avc:  denied  { getattr } for  pid=1894 exe=/usr/sbin/ipop3d path=/proc/1894/mounts dev= ino=124125200 scontext=system_u:system_r:inetd_child_t tcontext=system_u:system_r:inetd_child_t tclass=file
Apr 13 02:33:19 homer kernel: audit(1081841599.255:0): avc:  denied  { read } for  pid=1894 exe=/usr/sbin/ipop3d name=shadow dev=hda2 ino=246191 scontext=system_u:system_r:inetd_child_t tcontext=system_u:object_r:shadow_t tclass=file
Apr 13 02:33:19 homer kernel: audit(1081841599.256:0): avc:  denied  { getattr } for  pid=1894 exe=/usr/sbin/ipop3d path=/etc/shadow dev=hda2 ino=246191 scontext=system_u:system_r:inetd_child_t tcontext=system_u:object_r:shadow_t tclass=file
Apr 13 02:33:19 homer kernel: audit(1081841599.261:0): avc:  denied  { search } for  pid=1894 exe=/usr/sbin/ipop3d name=sys dev= ino=4120 scontext=system_u:system_r:inetd_child_t tcontext=system_u:object_r:sysctl_t tclass=dir
Apr 13 02:33:19 homer kernel: audit(1081841599.267:0): avc:  denied  { search } for  pid=1894 exe=/usr/sbin/ipop3d dev=hdd1 ino=2 scontext=system_u:system_r:inetd_child_t tcontext=system_u:object_r:home_root_t tclass=dir
Apr 13 02:33:19 homer kernel: audit(1081841599.267:0): avc:  denied  { search } for  pid=1894 exe=/usr/sbin/ipop3d name=brad dev=hdd1 ino=734401 scontext=system_u:system_r:inetd_child_t tcontext=system_u:object_r:user_home_dir_t tclass=dir
Apr 13 02:33:19 homer kernel: audit(1081841599.287:0): avc:  denied  { search } for  pid=1894 exe=/usr/sbin/ipop3d name=spool dev=hda2 ino=1064995 scontext=system_u:system_r:inetd_child_t tcontext=system_u:object_r:var_spool_t tclass=dir
Apr 13 02:33:19 homer kernel: audit(1081841599.288:0): avc:  denied  { search } for  pid=1894 exe=/usr/sbin/ipop3d name=mail dev=hda2 ino=1064997 scontext=system_u:system_r:inetd_child_t tcontext=system_u:object_r:mail_spool_t tclass=dir
Apr 13 02:33:19 homer kernel: audit(1081841599.288:0): avc:  denied  { getattr } for  pid=1894 exe=/usr/sbin/ipop3d path=/var/spool/mail/brad dev=hda2 ino=1065835 scontext=system_u:system_r:inetd_child_t tcontext=system_u:object_r:mail_spool_t tclass=file
Apr 13 02:33:19 homer kernel: audit(1081841599.289:0): avc:  denied  { read } for  pid=1894 exe=/usr/sbin/ipop3d name=brad dev=hda2 ino=1065835 scontext=system_u:system_r:inetd_child_t tcontext=system_u:object_r:mail_spool_t tclass=file
Apr 13 02:33:19 homer kernel: audit(1081841599.339:0): avc:  denied  { setattr } for  pid=1894 exe=/usr/sbin/ipop3d name=brad dev=hda2 ino=1065835 scontext=system_u:system_r:inetd_child_t tcontext=system_u:object_r:mail_spool_t tclass=file
Apr 13 02:33:19 homer kernel: audit(1081841599.401:0): avc:  denied  { write } for  pid=1894 exe=/usr/sbin/ipop3d name=brad dev=hda2 ino=1065835 scontext=system_u:system_r:inetd_child_t tcontext=system_u:object_r:mail_spool_t tclass=file
Apr 13 02:33:19 homer kernel: audit(1081841599.401:0): avc:  denied  { write } for  pid=1894 exe=/usr/sbin/ipop3d name=mail dev=hda2 ino=1064997 scontext=system_u:system_r:inetd_child_t tcontext=system_u:object_r:mail_spool_t tclass=dir
Apr 13 02:33:19 homer kernel: audit(1081841599.402:0): avc:  denied  { add_name } for  pid=1894 exe=/usr/sbin/ipop3d name=brad.lock.1081841599.1894.homer.netlyncs.com scontext=system_u:system_r:inetd_child_t tcontext=system_u:object_r:mail_spool_t tclass=dir
Apr 13 02:33:19 homer kernel: audit(1081841599.402:0): avc:  denied  { create } for  pid=1894 exe=/usr/sbin/ipop3d name=brad.lock.1081841599.1894.homer.netlyncs.com scontext=system_u:system_r:inetd_child_t tcontext=system_u:object_r:mail_spool_t tclass=file
Apr 13 02:33:19 homer kernel: audit(1081841599.403:0): avc:  denied  { link } for  pid=1894 exe=/usr/sbin/ipop3d name=brad.lock.1081841599.1894.homer.netlyncs.com dev=hda2 ino=1065132 scontext=system_u:system_r:inetd_child_t tcontext=system_u:object_r:mail_spool_t tclass=file
Apr 13 02:33:19 homer kernel: audit(1081841599.404:0): avc:  denied  { remove_name } for  pid=1894 exe=/usr/sbin/ipop3d name=brad.lock.1081841599.1894.homer.netlyncs.com dev=hda2 ino=1065132 scontext=system_u:system_r:inetd_child_t tcontext=system_u:object_r:mail_spool_t tclass=dir
Apr 13 02:33:19 homer kernel: audit(1081841599.404:0): avc:  denied  { unlink } for  pid=1894 exe=/usr/sbin/ipop3d name=brad.lock.1081841599.1894.homer.netlyncs.com dev=hda2 ino=1065132 scontext=system_u:system_r:inetd_child_t tcontext=system_u:object_r:mail_spool_t tclass=file
Apr 13 02:33:19 homer kernel: audit(1081841599.404:0): avc:  denied  { lock } for  pid=1894 exe=/usr/sbin/ipop3d path=/var/spool/mail/brad dev=hda2 ino=1065835 scontext=system_u:system_r:inetd_child_t tcontext=system_u:object_r:mail_spool_t tclass=file
Apr 13 02:42:31 homer kernel: audit(1081842151.034:0): avc:  denied  { read } for  pid=827 comm=nfsd laddr=192.168.1.4 lport=2049 faddr=192.168.1.3 fport=800 scontext=system_u:system_r:kernel_t tcontext=system_u:object_r:unlabeled_t tclass=file
Apr 13 02:42:31 homer kernel: audit(1081842151.098:0): avc:  denied  { rawip_recv } for  pid=1446 exe=/home/mike/Seti/setiathome saddr=192.168.1.3 src=800 daddr=192.168.1.4 dest=2049 netif=eth0 scontext=system_u:object_r:unlabeled_t tcontext=system_u:object_r:netif_eth0_t tclass=netif
Apr 13 02:42:31 homer kernel: audit(1081842151.099:0): avc:  denied  { rawip_recv } for  pid=1446 exe=/home/mike/Seti/setiathome saddr=192.168.1.3 src=800 daddr=192.168.1.4 dest=2049 netif=eth0 scontext=system_u:object_r:unlabeled_t tcontext=system_u:object_r:node_t tclass=node
Apr 13 02:42:31 homer kernel: audit(1081842151.099:0): avc:  denied  { rawip_send } for  pid=1446 exe=/home/mike/Seti/setiathome saddr=192.168.1.4 src=2049 daddr=192.168.1.3 dest=800 netif=eth0 scontext=system_u:object_r:unlabeled_t tcontext=system_u:object_r:netif_eth0_t tclass=netif
Apr 13 02:42:31 homer kernel: audit(1081842151.099:0): avc:  denied  { rawip_send } for  pid=1446 exe=/home/mike/Seti/setiathome saddr=192.168.1.4 src=2049 daddr=192.168.1.3 dest=800 netif=eth0 scontext=system_u:object_r:unlabeled_t tcontext=system_u:object_r:node_t tclass=node
Apr 13 02:42:31 homer kernel: audit(1081842151.108:0): avc:  denied  { write } for  pid=828 comm=nfsd laddr=192.168.1.4 lport=2049 faddr=192.168.1.3 fport=800 scontext=system_u:system_r:kernel_t tcontext=system_u:object_r:unlabeled_t tclass=file
Apr 13 03:02:02 homer kernel: audit(1081843322.045:0): avc:  denied  { write } for  pid=1944 exe=/usr/bin/python name=run dev=hda2 ino=1064994 scontext=system_u:system_r:system_crond_t tcontext=system_u:object_r:var_run_t tclass=dir
Apr 13 03:02:02 homer kernel: audit(1081843322.045:0): avc:  denied  { add_name } for  pid=1944 exe=/usr/bin/python name=epylog.pid scontext=system_u:system_r:system_crond_t tcontext=system_u:object_r:var_run_t tclass=dir
Apr 13 03:02:02 homer kernel: audit(1081843322.045:0): avc:  denied  { create } for  pid=1944 exe=/usr/bin/python name=epylog.pid scontext=system_u:system_r:system_crond_t tcontext=system_u:object_r:var_run_t tclass=file

I do see some things in the log that might be 3rd party, such as setiathome and epylog which is how I get my logs but wasn't sure
if this only involved those or others, such as POP3.

Sorry to flood the list, but wasn't sure how to show these.

-- 
Mike Chambers
Madisonville, KY

"It's only funny until someone gets hurt...Then it's hilarious!"




More information about the fedora-selinux-list mailing list