AVCs when inserting USB hard drive, etc.

Tom London selinux at gmail.com
Sat Dec 3 20:08:19 UTC 2005 

Running Rawhide, targeted/enforcing.

running selinux-policy-targeted-2.0.8-1, got the following in
/var/log/messages when I inserted a USB hard drive:

Dec  3 11:58:18 localhost kernel:  sda: sda1 sda2 sda3
Dec  3 11:58:18 localhost kernel: sd 0:0:0:0: Attached scsi disk sda
Dec  3 11:58:20 localhost dbus: Can't send to audit system: USER_AVC
pid=2759 uid=81 loginuid=-1 message=avc:  denied  { send_msg } for
msgtype=method_call interface=org.freedesktop.Hal.Device
member=SetPropertyBoolean dest=org.freedesktop.Hal spid=25942
tpid=2799 scontext=system_u:system_r:hald_t
tcontext=system_u:system_r:hald_t tclass=dbus
Dec  3 11:58:20 localhost fstab-sync[25943]: added mount point
/media/usbdisk for /dev/sda1
Dec  3 11:58:20 localhost dbus: Can't send to audit system: USER_AVC
pid=2759 uid=81 loginuid=-1 message=avc:  denied  { send_msg } for
msgtype=method_call interface=org.freedesktop.Hal.Device
member=SetPropertyBoolean dest=org.freedesktop.Hal spid=25949
tpid=2799 scontext=system_u:system_r:hald_t
tcontext=system_u:system_r:hald_t tclass=dbus
Dec  3 11:58:20 localhost fstab-sync[25950]: added mount point
/media/usbdisk1 for /dev/sda2

Many of the following in /var/log/audit/audit.log:
time->Sat Dec  3 11:58:20 2005
type=PATH msg=audit(1133639900.242:1387): item=0 flags=1 
inode=2142284 dev=fd:00 mode=0140666 ouid=0 ogid=0 rdev=00:00
type=SOCKETCALL msg=audit(1133639900.242:1387): nargs=3 a0=4 a1=bfd17f6a a2=6e
type=SOCKADDR msg=audit(1133639900.242:1387):
saddr=01002F7661722F72756E2F61637069642E736F636B6574000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
type=SYSCALL msg=audit(1133639900.242:1387): arch=40000003 syscall=102
success=no exit=-13 a0=3 a1=bfd17f20 a2=4 a3=8b31030 items=1 pid=2805
auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0
fsgid=0 comm="hald-addon-acpi" exe="/usr/libexec/hald-addon-acpi"
type=AVC msg=audit(1133639900.242:1387): avc:  denied  { write } for 
pid=2805 comm="hald-addon-acpi" name="acpid.socket" dev=dm-0
ino=2142284 scontext=system_u:system_r:hald_t:s0
tcontext=system_u:object_r:var_run_t:s0 tclass=sock_file
----
time->Sat Dec  3 11:58:25 2005
type=PATH msg=audit(1133639905.246:1388): item=0 flags=1 
inode=2142284 dev=fd:00 mode=0140666 ouid=0 ogid=0 rdev=00:00
type=SOCKETCALL msg=audit(1133639905.246:1388): nargs=3 a0=4 a1=bfd17f6a a2=6e
type=SOCKADDR msg=audit(1133639905.246:1388):
saddr=01002F7661722F72756E2F61637069642E736F636B6574000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
type=SYSCALL msg=audit(1133639905.246:1388): arch=40000003 syscall=102
success=no exit=-13 a0=3 a1=bfd17f20 a2=4 a3=8b31030 items=1 pid=2805
auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0
fsgid=0 comm="hald-addon-acpi" exe="/usr/libexec/hald-addon-acpi"
type=AVC msg=audit(1133639905.246:1388): avc:  denied  { write } for 
pid=2805 comm="hald-addon-acpi" name="acpid.socket" dev=dm-0
ino=2142284 scontext=system_u:system_r:hald_t:s0
tcontext=system_u:object_r:var_run_t:s0 tclass=sock_file
----
time->Sat Dec  3 11:58:30 2005
type=PATH msg=audit(1133639910.250:1389): item=0 flags=1 
inode=2142284 dev=fd:00 mode=0140666 ouid=0 ogid=0 rdev=00:00
type=SOCKETCALL msg=audit(1133639910.250:1389): nargs=3 a0=4 a1=bfd17f6a a2=6e
type=SOCKADDR msg=audit(1133639910.250:1389):
saddr=01002F7661722F72756E2F61637069642E736F636B6574000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
type=SYSCALL msg=audit(1133639910.250:1389): arch=40000003 syscall=102
success=no exit=-13 a0=3 a1=bfd17f20 a2=4 a3=8b31030 items=1 pid=2805
auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0
fsgid=0 comm="hald-addon-acpi" exe="/usr/libexec/hald-addon-acpi"
type=AVC msg=audit(1133639910.250:1389): avc:  denied  { write } for 
pid=2805 comm="hald-addon-acpi" name="acpid.socket" dev=dm-0
ino=2142284 scontext=system_u:system_r:hald_t:s0
tcontext=system_u:object_r:var_run_t:s0 tclass=sock_file
----

Did a manual 'restorecon -v -R /var/run' and got:
[root at tlondon ~]# restorecon -v -R /var/run
restorecon reset /var/run/vmnet-natd-8.mac context
system_u:object_r:initrc_var_run_t->system_u:object_r:var_run_t
restorecon reset /var/run/acpid.socket context
system_u:object_r:var_run_t->system_u:object_r:apmd_var_run_t


tom
--
Tom London

More information about the fedora-selinux-list mailing list