winbindd avc errors
Jim Cornette
jim-cornette at insight.rr.com
Sun Dec 19 19:36:20 UTC 2004
Karsten Wade wrote:
> On Sat, 2004-12-18 at 21:39 -0500, Jim Cornette wrote:
>
>>I am trying to run some samba related programs and found that the
>>winbindd program causes some avc errors. I did a
>>touch /.autorelabel
>>and noticed that the errors were still present with this daemon. I did
>>not configure anything for this program. Attached is the avc errors for
>>today. I disabled the daemon and have no errors now.
>
>
> Do you have the latest policy? winbind policy was added, and it appears
> to allow all the denials you have below. I'm looking at 1.17.30-2.50.
> I know there was no winbind in 2.43 (iirc).
These errors are with selinux-policy-targeted-1.17.30-2.51 installed and
the system relabelled.
I just started the daemon again and have similar errors reported.
I then setenforced 0 and started then stopped the service. The startup
succeeded and the shutdown service succeded. When in the enforcing mode,
startup succeeded, but shutdown failed. Excerpt from the log below.
Jim
Dec 19 14:29:33 cornette-fc3-lt winbindd[3292]: [2004/12/19 14:29:33, 0]
lib/util_sock.c:create_pipe_sock(1079)
Dec 19 14:29:33 cornette-fc3-lt winbindd[3292]: bind failed on pipe
socket /var/run/winbindd/pipe: Permission denied
Dec 19 14:29:33 cornette-fc3-lt kernel: audit(1103484573.789:0): avc:
denied { create } for pid=3292 exe=/usr/sbin/winbindd name=pipe
scontext=root:system_r:winbind_t tcontext=root:object_r:var_run_t
tclass=sock_file
Dec 19 14:29:39 cornette-fc3-lt winbind: winbindd shutdown failed
>
>
> - Karsten
>
>>Thanks,
>>
>>Jim
>>plain text document attachment (winbindd.errors)
>>Dec 18 14:16:53 cornette-fc3-lt kernel: audit(1103397413.233:0): avc: denied { create } for pid=2137 exe=/usr/sbin/winbindd name=winbindd.log scontext=user_u:system_r:winbind_t tcontext=user_u:object_r:samba_log_t tclass=file
>>Dec 18 14:16:53 cornette-fc3-lt kernel: audit(1103397413.234:0): avc: denied { create } for pid=2137 exe=/usr/sbin/winbindd name=winbindd.log scontext=user_u:system_r:winbind_t tcontext=user_u:object_r:samba_log_t tclass=file
>>Dec 18 14:16:53 cornette-fc3-lt kernel: audit(1103397413.235:0): avc: denied { create } for pid=2137 exe=/usr/sbin/winbindd name=winbindd.log scontext=user_u:system_r:winbind_t tcontext=user_u:object_r:samba_log_t tclass=file
>>Dec 18 14:16:53 cornette-fc3-lt kernel: audit(1103397413.236:0): avc: denied { create } for pid=2137 exe=/usr/sbin/winbindd name=winbindd.log scontext=user_u:system_r:winbind_t tcontext=user_u:object_r:samba_log_t tclass=file
>>Dec 18 14:16:53 cornette-fc3-lt kernel: audit(1103397413.236:0): avc: denied { create } for pid=2137 exe=/usr/sbin/winbindd name=winbindd.log scontext=user_u:system_r:winbind_t tcontext=user_u:object_r:samba_log_t tclass=file
>>Dec 18 14:16:53 cornette-fc3-lt kernel: audit(1103397413.237:0): avc: denied { create } for pid=2137 exe=/usr/sbin/winbindd name=winbindd.log scontext=user_u:system_r:winbind_t tcontext=user_u:object_r:samba_log_t tclass=file
>>Dec 18 14:16:53 cornette-fc3-lt kernel: audit(1103397413.290:0): avc: denied { create } for pid=2137 exe=/usr/sbin/winbindd name=winbindd.log scontext=user_u:system_r:winbind_t tcontext=user_u:object_r:samba_log_t tclass=file
>>Dec 18 14:16:53 cornette-fc3-lt kernel: audit(1103397413.290:0): avc: denied { create } for pid=2137 exe=/usr/sbin/winbindd name=winbindd.log scontext=user_u:system_r:winbind_t tcontext=user_u:object_r:samba_log_t tclass=file
>>Dec 18 14:16:53 cornette-fc3-lt kernel: audit(1103397413.291:0): avc: denied { create } for pid=2137 exe=/usr/sbin/winbindd name=winbindd.log scontext=user_u:system_r:winbind_t tcontext=user_u:object_r:samba_log_t tclass=file
>>Dec 18 14:16:53 cornette-fc3-lt kernel: audit(1103397413.356:0): avc: denied { create } for pid=2137 exe=/usr/sbin/winbindd name=winbindd_idmap.tdb scontext=user_u:system_r:winbind_t tcontext=user_u:object_r:samba_var_t tclass=file
>>Dec 18 14:16:53 cornette-fc3-lt kernel: audit(1103397413.357:0): avc: denied { create } for pid=2137 exe=/usr/sbin/winbindd name=winbindd.log scontext=user_u:system_r:winbind_t tcontext=user_u:object_r:samba_log_t tclass=file
>>Dec 18 14:16:53 cornette-fc3-lt kernel: audit(1103397413.357:0): avc: denied { create } for pid=2137 exe=/usr/sbin/winbindd name=winbindd.log scontext=user_u:system_r:winbind_t tcontext=user_u:object_r:samba_log_t tclass=file
>>Dec 18 14:16:53 cornette-fc3-lt kernel: audit(1103397413.358:0): avc: denied { create } for pid=2137 exe=/usr/sbin/winbindd name=winbindd.log scontext=user_u:system_r:winbind_t tcontext=user_u:object_r:samba_log_t tclass=file
>>Dec 18 14:16:53 cornette-fc3-lt kernel: audit(1103397413.359:0): avc: denied { create } for pid=2137 exe=/usr/sbin/winbindd name=winbindd.log scontext=user_u:system_r:winbind_t tcontext=user_u:object_r:samba_log_t tclass=file
>>Dec 18 14:16:53 cornette-fc3-lt kernel: audit(1103397413.455:0): avc: denied { create } for pid=2139 exe=/usr/sbin/winbindd name=netsamlogon_cache.tdb scontext=user_u:system_r:winbind_t tcontext=user_u:object_r:samba_var_t tclass=file
>>Dec 18 14:16:54 cornette-fc3-lt kernel: audit(1103397414.324:0): avc: denied { create } for pid=2139 exe=/usr/sbin/winbindd name=winbindd_cache.tdb scontext=user_u:system_r:winbind_t tcontext=user_u:object_r:samba_var_t tclass=file
>>Dec 18 14:16:54 cornette-fc3-lt kernel: audit(1103397414.324:0): avc: denied { create } for pid=2139 exe=/usr/sbin/winbindd name=winbindd.log scontext=user_u:system_r:winbind_t tcontext=user_u:object_r:samba_log_t tclass=file
>>Dec 18 14:16:55 cornette-fc3-lt kernel: audit(1103397415.218:0): avc: denied { create } for pid=2139 exe=/usr/sbin/winbindd name=winbindd scontext=user_u:system_r:winbind_t tcontext=user_u:object_r:var_run_t tclass=dir
>>Dec 18 14:16:55 cornette-fc3-lt kernel: audit(1103397415.218:0): avc: denied { create } for pid=2139 exe=/usr/sbin/winbindd name=winbindd.log scontext=user_u:system_r:winbind_t tcontext=user_u:object_r:samba_log_t tclass=file
>>Dec 18 14:16:55 cornette-fc3-lt kernel: audit(1103397415.218:0): avc: denied { create } for pid=2139 exe=/usr/sbin/winbindd name=winbindd.log scontext=user_u:system_r:winbind_t tcontext=user_u:object_r:samba_log_t tclass=file
>>Dec 18 15:49:07 cornette-fc3-lt dbus: avc: 1 AV entries and 1/512 buckets used, longest chain length 1
>>Dec 18 15:54:00 cornette-fc3-lt dbus: avc: 1 AV entries and 1/512 buckets used, longest chain length 1
>>Dec 18 15:54:12 cornette-fc3-lt dbus: avc: 1 AV entries and 1/512 buckets used, longest chain length 1
>>Dec 18 15:59:09 cornette-fc3-lt kernel: audit(1103403334.306:0): avc: granted { setenforce } for pid=212 exe=/bin/bash scontext=user_u:system_r:unconfined_t tcontext=system_u:object_r:security_t tclass=security
>>Dec 18 15:59:09 cornette-fc3-lt kernel: audit(1103403523.164:0): avc: granted { setenforce } for pid=212 exe=/bin/bash scontext=user_u:system_r:unconfined_t tcontext=system_u:object_r:security_t tclass=security
>>Dec 18 15:59:33 cornette-fc3-lt kernel: audit(1103403573.176:0): avc: denied { create } for pid=2190 exe=/usr/sbin/winbindd name=winbindd.log scontext=user_u:system_r:winbind_t tcontext=user_u:object_r:samba_log_t tclass=file
>>Dec 18 15:59:33 cornette-fc3-lt kernel: audit(1103403573.177:0): avc: denied { create } for pid=2190 exe=/usr/sbin/winbindd name=winbindd.log scontext=user_u:system_r:winbind_t tcontext=user_u:object_r:samba_log_t tclass=file
>>Dec 18 15:59:33 cornette-fc3-lt kernel: audit(1103403573.178:0): avc: denied { create } for pid=2190 exe=/usr/sbin/winbindd name=winbindd.log scontext=user_u:system_r:winbind_t tcontext=user_u:object_r:samba_log_t tclass=file
>>Dec 18 15:59:33 cornette-fc3-lt kernel: audit(1103403573.179:0): avc: denied { create } for pid=2190 exe=/usr/sbin/winbindd name=winbindd.log scontext=user_u:system_r:winbind_t tcontext=user_u:object_r:samba_log_t tclass=file
>>Dec 18 15:59:33 cornette-fc3-lt kernel: audit(1103403573.179:0): avc: denied { create } for pid=2190 exe=/usr/sbin/winbindd name=winbindd.log scontext=user_u:system_r:winbind_t tcontext=user_u:object_r:samba_log_t tclass=file
>>Dec 18 15:59:33 cornette-fc3-lt kernel: audit(1103403573.218:0): avc: denied { create } for pid=2190 exe=/usr/sbin/winbindd name=winbindd.log scontext=user_u:system_r:winbind_t tcontext=user_u:object_r:samba_log_t tclass=file
>>Dec 18 15:59:33 cornette-fc3-lt kernel: audit(1103403573.218:0): avc: denied { create } for pid=2190 exe=/usr/sbin/winbindd name=winbindd.log scontext=user_u:system_r:winbind_t tcontext=user_u:object_r:samba_log_t tclass=file
>>Dec 18 15:59:33 cornette-fc3-lt kernel: audit(1103403573.219:0): avc: denied { create } for pid=2190 exe=/usr/sbin/winbindd name=winbindd.log scontext=user_u:system_r:winbind_t tcontext=user_u:object_r:samba_log_t tclass=file
>>Dec 18 15:59:33 cornette-fc3-lt kernel: audit(1103403573.299:0): avc: denied { create } for pid=2190 exe=/usr/sbin/winbindd name=winbindd_idmap.tdb scontext=user_u:system_r:winbind_t tcontext=user_u:object_r:samba_var_t tclass=file
>>Dec 18 15:59:33 cornette-fc3-lt kernel: audit(1103403573.300:0): avc: denied { create } for pid=2190 exe=/usr/sbin/winbindd name=winbindd.log scontext=user_u:system_r:winbind_t tcontext=user_u:object_r:samba_log_t tclass=file
>>Dec 18 15:59:33 cornette-fc3-lt kernel: audit(1103403573.301:0): avc: denied { create } for pid=2190 exe=/usr/sbin/winbindd name=winbindd.log scontext=user_u:system_r:winbind_t tcontext=user_u:object_r:samba_log_t tclass=file
>>Dec 18 15:59:33 cornette-fc3-lt kernel: audit(1103403573.412:0): avc: denied { create } for pid=2191 exe=/usr/sbin/winbindd name=netsamlogon_cache.tdb scontext=user_u:system_r:winbind_t tcontext=user_u:object_r:samba_var_t tclass=file
>>Dec 18 15:59:34 cornette-fc3-lt kernel: audit(1103403574.278:0): avc: denied { create } for pid=2191 exe=/usr/sbin/winbindd name=winbindd_cache.tdb scontext=user_u:system_r:winbind_t tcontext=user_u:object_r:samba_var_t tclass=file
>>Dec 18 15:59:34 cornette-fc3-lt kernel: audit(1103403574.278:0): avc: denied { create } for pid=2191 exe=/usr/sbin/winbindd name=winbindd.log scontext=user_u:system_r:winbind_t tcontext=user_u:object_r:samba_log_t tclass=file
>>Dec 18 15:59:35 cornette-fc3-lt kernel: audit(1103403575.585:0): avc: denied { create } for pid=2191 exe=/usr/sbin/winbindd name=winbindd scontext=user_u:system_r:winbind_t tcontext=user_u:object_r:var_run_t tclass=dir
>>Dec 18 15:59:35 cornette-fc3-lt kernel: audit(1103403575.585:0): avc: denied { create } for pid=2191 exe=/usr/sbin/winbindd name=winbindd.log scontext=user_u:system_r:winbind_t tcontext=user_u:object_r:samba_log_t tclass=file
>>Dec 18 15:59:35 cornette-fc3-lt kernel: audit(1103403575.586:0): avc: denied { create } for pid=2191 exe=/usr/sbin/winbindd name=winbindd.log scontext=user_u:system_r:winbind_t tcontext=user_u:object_r:samba_log_t tclass=file
>>Dec 18 16:11:18 cornette-fc3-lt dbus: avc: 1 AV entries and 1/512 buckets used, longest chain length 1
>>Dec 18 16:13:54 cornette-fc3-lt dbus: avc: 0 AV entries and 0/512 buckets used, longest chain length 0
>>Dec 18 16:31:46 cornette-fc3-lt dbus: avc: 1 AV entries and 1/512 buckets used, longest chain length 1
>>--
>>fedora-selinux-list mailing list
>>fedora-selinux-list at redhat.com
>>http://www.redhat.com/mailman/listinfo/fedora-selinux-list
--
Anything worth doing is worth overdoing.
More information about the fedora-selinux-list
mailing list