wihbindd avc errors

Sun Dec 19 13:42:20 UTC 2004

On Sat, 2004-12-18 at 21:39 -0500, Jim Cornette wrote:
> I am trying to run some samba related programs and found that the 
> winbindd program causes some avc errors. I did a
> touch /.autorelabel
> and noticed that the errors were still present with this daemon. I did 
> not configure anything for this program. Attached is the avc errors for 
> today. I disabled the daemon and have no errors now.

Do you have the latest policy?  winbind policy was added, and it appears
to allow all the denials you have below.  I'm looking at 1.17.30-2.50.
I know there was no winbind in 2.43 (iirc).

- Karsten
> 
> Thanks,
> 
> Jim
> plain text document attachment (winbindd.errors)
> Dec 18 14:16:53 cornette-fc3-lt kernel: audit(1103397413.233:0): avc:  denied  { create } for  pid=2137 exe=/usr/sbin/winbindd name=winbindd.log scontext=user_u:system_r:winbind_t tcontext=user_u:object_r:samba_log_t tclass=file
> Dec 18 14:16:53 cornette-fc3-lt kernel: audit(1103397413.234:0): avc:  denied  { create } for  pid=2137 exe=/usr/sbin/winbindd name=winbindd.log scontext=user_u:system_r:winbind_t tcontext=user_u:object_r:samba_log_t tclass=file
> Dec 18 14:16:53 cornette-fc3-lt kernel: audit(1103397413.235:0): avc:  denied  { create } for  pid=2137 exe=/usr/sbin/winbindd name=winbindd.log scontext=user_u:system_r:winbind_t tcontext=user_u:object_r:samba_log_t tclass=file
> Dec 18 14:16:53 cornette-fc3-lt kernel: audit(1103397413.236:0): avc:  denied  { create } for  pid=2137 exe=/usr/sbin/winbindd name=winbindd.log scontext=user_u:system_r:winbind_t tcontext=user_u:object_r:samba_log_t tclass=file
> Dec 18 14:16:53 cornette-fc3-lt kernel: audit(1103397413.236:0): avc:  denied  { create } for  pid=2137 exe=/usr/sbin/winbindd name=winbindd.log scontext=user_u:system_r:winbind_t tcontext=user_u:object_r:samba_log_t tclass=file
> Dec 18 14:16:53 cornette-fc3-lt kernel: audit(1103397413.237:0): avc:  denied  { create } for  pid=2137 exe=/usr/sbin/winbindd name=winbindd.log scontext=user_u:system_r:winbind_t tcontext=user_u:object_r:samba_log_t tclass=file
> Dec 18 14:16:53 cornette-fc3-lt kernel: audit(1103397413.290:0): avc:  denied  { create } for  pid=2137 exe=/usr/sbin/winbindd name=winbindd.log scontext=user_u:system_r:winbind_t tcontext=user_u:object_r:samba_log_t tclass=file
> Dec 18 14:16:53 cornette-fc3-lt kernel: audit(1103397413.290:0): avc:  denied  { create } for  pid=2137 exe=/usr/sbin/winbindd name=winbindd.log scontext=user_u:system_r:winbind_t tcontext=user_u:object_r:samba_log_t tclass=file
> Dec 18 14:16:53 cornette-fc3-lt kernel: audit(1103397413.291:0): avc:  denied  { create } for  pid=2137 exe=/usr/sbin/winbindd name=winbindd.log scontext=user_u:system_r:winbind_t tcontext=user_u:object_r:samba_log_t tclass=file
> Dec 18 14:16:53 cornette-fc3-lt kernel: audit(1103397413.356:0): avc:  denied  { create } for  pid=2137 exe=/usr/sbin/winbindd name=winbindd_idmap.tdb scontext=user_u:system_r:winbind_t tcontext=user_u:object_r:samba_var_t tclass=file
> Dec 18 14:16:53 cornette-fc3-lt kernel: audit(1103397413.357:0): avc:  denied  { create } for  pid=2137 exe=/usr/sbin/winbindd name=winbindd.log scontext=user_u:system_r:winbind_t tcontext=user_u:object_r:samba_log_t tclass=file
> Dec 18 14:16:53 cornette-fc3-lt kernel: audit(1103397413.357:0): avc:  denied  { create } for  pid=2137 exe=/usr/sbin/winbindd name=winbindd.log scontext=user_u:system_r:winbind_t tcontext=user_u:object_r:samba_log_t tclass=file
> Dec 18 14:16:53 cornette-fc3-lt kernel: audit(1103397413.358:0): avc:  denied  { create } for  pid=2137 exe=/usr/sbin/winbindd name=winbindd.log scontext=user_u:system_r:winbind_t tcontext=user_u:object_r:samba_log_t tclass=file
> Dec 18 14:16:53 cornette-fc3-lt kernel: audit(1103397413.359:0): avc:  denied  { create } for  pid=2137 exe=/usr/sbin/winbindd name=winbindd.log scontext=user_u:system_r:winbind_t tcontext=user_u:object_r:samba_log_t tclass=file
> Dec 18 14:16:53 cornette-fc3-lt kernel: audit(1103397413.455:0): avc:  denied  { create } for  pid=2139 exe=/usr/sbin/winbindd name=netsamlogon_cache.tdb scontext=user_u:system_r:winbind_t tcontext=user_u:object_r:samba_var_t tclass=file
> Dec 18 14:16:54 cornette-fc3-lt kernel: audit(1103397414.324:0): avc:  denied  { create } for  pid=2139 exe=/usr/sbin/winbindd name=winbindd_cache.tdb scontext=user_u:system_r:winbind_t tcontext=user_u:object_r:samba_var_t tclass=file
> Dec 18 14:16:54 cornette-fc3-lt kernel: audit(1103397414.324:0): avc:  denied  { create } for  pid=2139 exe=/usr/sbin/winbindd name=winbindd.log scontext=user_u:system_r:winbind_t tcontext=user_u:object_r:samba_log_t tclass=file
> Dec 18 14:16:55 cornette-fc3-lt kernel: audit(1103397415.218:0): avc:  denied  { create } for  pid=2139 exe=/usr/sbin/winbindd name=winbindd scontext=user_u:system_r:winbind_t tcontext=user_u:object_r:var_run_t tclass=dir
> Dec 18 14:16:55 cornette-fc3-lt kernel: audit(1103397415.218:0): avc:  denied  { create } for  pid=2139 exe=/usr/sbin/winbindd name=winbindd.log scontext=user_u:system_r:winbind_t tcontext=user_u:object_r:samba_log_t tclass=file
> Dec 18 14:16:55 cornette-fc3-lt kernel: audit(1103397415.218:0): avc:  denied  { create } for  pid=2139 exe=/usr/sbin/winbindd name=winbindd.log scontext=user_u:system_r:winbind_t tcontext=user_u:object_r:samba_log_t tclass=file
> Dec 18 15:49:07 cornette-fc3-lt dbus: avc:  1 AV entries and 1/512 buckets used, longest chain length 1 
> Dec 18 15:54:00 cornette-fc3-lt dbus: avc:  1 AV entries and 1/512 buckets used, longest chain length 1 
> Dec 18 15:54:12 cornette-fc3-lt dbus: avc:  1 AV entries and 1/512 buckets used, longest chain length 1 
> Dec 18 15:59:09 cornette-fc3-lt kernel: audit(1103403334.306:0): avc:  granted  { setenforce } for  pid=212 exe=/bin/bash scontext=user_u:system_r:unconfined_t tcontext=system_u:object_r:security_t tclass=security
> Dec 18 15:59:09 cornette-fc3-lt kernel: audit(1103403523.164:0): avc:  granted  { setenforce } for  pid=212 exe=/bin/bash scontext=user_u:system_r:unconfined_t tcontext=system_u:object_r:security_t tclass=security
> Dec 18 15:59:33 cornette-fc3-lt kernel: audit(1103403573.176:0): avc:  denied  { create } for  pid=2190 exe=/usr/sbin/winbindd name=winbindd.log scontext=user_u:system_r:winbind_t tcontext=user_u:object_r:samba_log_t tclass=file
> Dec 18 15:59:33 cornette-fc3-lt kernel: audit(1103403573.177:0): avc:  denied  { create } for  pid=2190 exe=/usr/sbin/winbindd name=winbindd.log scontext=user_u:system_r:winbind_t tcontext=user_u:object_r:samba_log_t tclass=file
> Dec 18 15:59:33 cornette-fc3-lt kernel: audit(1103403573.178:0): avc:  denied  { create } for  pid=2190 exe=/usr/sbin/winbindd name=winbindd.log scontext=user_u:system_r:winbind_t tcontext=user_u:object_r:samba_log_t tclass=file
> Dec 18 15:59:33 cornette-fc3-lt kernel: audit(1103403573.179:0): avc:  denied  { create } for  pid=2190 exe=/usr/sbin/winbindd name=winbindd.log scontext=user_u:system_r:winbind_t tcontext=user_u:object_r:samba_log_t tclass=file
> Dec 18 15:59:33 cornette-fc3-lt kernel: audit(1103403573.179:0): avc:  denied  { create } for  pid=2190 exe=/usr/sbin/winbindd name=winbindd.log scontext=user_u:system_r:winbind_t tcontext=user_u:object_r:samba_log_t tclass=file
> Dec 18 15:59:33 cornette-fc3-lt kernel: audit(1103403573.218:0): avc:  denied  { create } for  pid=2190 exe=/usr/sbin/winbindd name=winbindd.log scontext=user_u:system_r:winbind_t tcontext=user_u:object_r:samba_log_t tclass=file
> Dec 18 15:59:33 cornette-fc3-lt kernel: audit(1103403573.218:0): avc:  denied  { create } for  pid=2190 exe=/usr/sbin/winbindd name=winbindd.log scontext=user_u:system_r:winbind_t tcontext=user_u:object_r:samba_log_t tclass=file
> Dec 18 15:59:33 cornette-fc3-lt kernel: audit(1103403573.219:0): avc:  denied  { create } for  pid=2190 exe=/usr/sbin/winbindd name=winbindd.log scontext=user_u:system_r:winbind_t tcontext=user_u:object_r:samba_log_t tclass=file
> Dec 18 15:59:33 cornette-fc3-lt kernel: audit(1103403573.299:0): avc:  denied  { create } for  pid=2190 exe=/usr/sbin/winbindd name=winbindd_idmap.tdb scontext=user_u:system_r:winbind_t tcontext=user_u:object_r:samba_var_t tclass=file
> Dec 18 15:59:33 cornette-fc3-lt kernel: audit(1103403573.300:0): avc:  denied  { create } for  pid=2190 exe=/usr/sbin/winbindd name=winbindd.log scontext=user_u:system_r:winbind_t tcontext=user_u:object_r:samba_log_t tclass=file
> Dec 18 15:59:33 cornette-fc3-lt kernel: audit(1103403573.301:0): avc:  denied  { create } for  pid=2190 exe=/usr/sbin/winbindd name=winbindd.log scontext=user_u:system_r:winbind_t tcontext=user_u:object_r:samba_log_t tclass=file
> Dec 18 15:59:33 cornette-fc3-lt kernel: audit(1103403573.412:0): avc:  denied  { create } for  pid=2191 exe=/usr/sbin/winbindd name=netsamlogon_cache.tdb scontext=user_u:system_r:winbind_t tcontext=user_u:object_r:samba_var_t tclass=file
> Dec 18 15:59:34 cornette-fc3-lt kernel: audit(1103403574.278:0): avc:  denied  { create } for  pid=2191 exe=/usr/sbin/winbindd name=winbindd_cache.tdb scontext=user_u:system_r:winbind_t tcontext=user_u:object_r:samba_var_t tclass=file
> Dec 18 15:59:34 cornette-fc3-lt kernel: audit(1103403574.278:0): avc:  denied  { create } for  pid=2191 exe=/usr/sbin/winbindd name=winbindd.log scontext=user_u:system_r:winbind_t tcontext=user_u:object_r:samba_log_t tclass=file
> Dec 18 15:59:35 cornette-fc3-lt kernel: audit(1103403575.585:0): avc:  denied  { create } for  pid=2191 exe=/usr/sbin/winbindd name=winbindd scontext=user_u:system_r:winbind_t tcontext=user_u:object_r:var_run_t tclass=dir
> Dec 18 15:59:35 cornette-fc3-lt kernel: audit(1103403575.585:0): avc:  denied  { create } for  pid=2191 exe=/usr/sbin/winbindd name=winbindd.log scontext=user_u:system_r:winbind_t tcontext=user_u:object_r:samba_log_t tclass=file
> Dec 18 15:59:35 cornette-fc3-lt kernel: audit(1103403575.586:0): avc:  denied  { create } for  pid=2191 exe=/usr/sbin/winbindd name=winbindd.log scontext=user_u:system_r:winbind_t tcontext=user_u:object_r:samba_log_t tclass=file
> Dec 18 16:11:18 cornette-fc3-lt dbus: avc:  1 AV entries and 1/512 buckets used, longest chain length 1 
> Dec 18 16:13:54 cornette-fc3-lt dbus: avc:  0 AV entries and 0/512 buckets used, longest chain length 0 
> Dec 18 16:31:46 cornette-fc3-lt dbus: avc:  1 AV entries and 1/512 buckets used, longest chain length 1 
> --
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
> http://www.redhat.com/mailman/listinfo/fedora-selinux-list
-- 
Karsten Wade, RHCE, Sr. Tech Writer
a lemon is just a melon in disguise
http://people.redhat.com/kwade/
gpg fingerprint: 2680 DBFD D968 3141 0115  5F1B D992 0E06 AD0E 0C41