AVCs from selinux-targeted

Tom London selinux at gmail.com
Wed Apr 12 16:00:18 UTC 2006 

Below is a dump of the AVC after applying today's
selinux-policy-targeted and rebooting in permissive mode.

tom

[gdm greeter fails, but not sure yet if it is related....

The first AVC is from vmware...]


[root at localhost ~]# ausearch -i -if log
----
type=DAEMON_START msg=audit(04/12/2006 08:49:21.597:3214)  auditd
start, ver=1.2, format=raw, auid=unknown(4294967295) res=success,
auditd pid=1987
----
type=CONFIG_CHANGE msg=audit(04/12/2006 08:49:21.597:4) :
audit_enabled=1 old=0 by auid=unknown(4294967295)
----
type=CONFIG_CHANGE msg=audit(04/12/2006 08:49:21.645:5) :
audit_backlog_limit=256 old=64 by auid=unknown(4294967295)
----
type=SOCKETCALL msg=audit(04/12/2006 08:49:30.234:6) : nargs=3 a0=4
a1=bfbacca0 a2=10
type=SOCKADDR msg=audit(04/12/2006 08:49:30.234:6) : saddr=inet
host:0.0.0.0 serv:0
type=SYSCALL msg=audit(04/12/2006 08:49:30.234:6) : arch=i386
syscall=socketcall(bind) success=yes exit=0 a0=2 a1=bfbacc70
a2=82a0158 a3=7 items=0 pid=2143 auid=unknown(4294967295) uid=root
gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root
tty=(none) comm=vmnet-natd exe=/usr/bin/vmnet-natd
subj=system_u:system_r:initrc_t:s0
type=AVC msg=audit(04/12/2006 08:49:30.234:6) : avc:  denied  {
node_bind } for  pid=2143 comm=vmnet-natd
scontext=system_u:system_r:initrc_t:s0
tcontext=system_u:object_r:inaddr_any_node_t:s0 tclass=rawip_socket
----
type=USER_ERR msg=audit(04/12/2006 08:50:06.277:7) : user pid=2639
uid=root auid=unknown(4294967295) msg='PAM: bad_ident acct=? :
exe=/usr/sbin/gdm-binary (hostname=?, addr=?, terminal=console
res=failed)'
----
type=AVC_PATH msg=audit(04/12/2006 08:50:14.705:8) : 
path=/usr/lib/dri/i915_dri.so
type=SYSCALL msg=audit(04/12/2006 08:50:14.705:8) : arch=i386
syscall=mprotect success=yes exit=0 a0=e48000 a1=2af000 a2=5
a3=bfbcb770 items=0 pid=2672 auid=unknown(4294967295) uid=root
gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root
tty=tty7 comm=Xorg exe=/usr/bin/Xorg
subj=system_u:system_r:xdm_t:s0-s0:c0.c255
type=AVC msg=audit(04/12/2006 08:50:14.705:8) : avc:  denied  {
execmod } for  pid=2672 comm=Xorg name=i915_dri.so dev=dm-0
ino=5880987 scontext=system_u:system_r:xdm_t:s0-s0:c0.c255
tcontext=system_u:object_r:lib_t:s0 tclass=file
----
type=USER_AUTH msg=audit(04/12/2006 08:50:57.884:9) : user pid=2669
uid=root auid=unknown(4294967295) msg='PAM: authentication acct=tbl :
exe=/usr/sbin/gdm-binary (hostname=?, addr=?, terminal=:0
res=success)'
----
type=USER_ACCT msg=audit(04/12/2006 08:50:57.884:10) : user pid=2669
uid=root auid=unknown(4294967295) msg='PAM: accounting acct=tbl :
exe=/usr/sbin/gdm-binary (hostname=?, addr=?, terminal=:0
res=success)'
----
type=CRED_ACQ msg=audit(04/12/2006 08:50:57.888:11) : user pid=2669
uid=root auid=unknown(4294967295) msg='PAM: setcred acct=tbl :
exe=/usr/sbin/gdm-binary (hostname=?, addr=?, terminal=:0
res=success)'
----
type=LOGIN msg=audit(04/12/2006 08:50:57.888:12) : login pid=2669
uid=root old auid=unknown(4294967295) new auid=tbl
----
type=USER_START msg=audit(04/12/2006 08:50:58.072:13) : user pid=2669
uid=root auid=tbl msg='PAM: session open acct=tbl :
exe=/usr/sbin/gdm-binary (hostname=?, addr=?, terminal=:0
res=success)'
----
type=USER_LOGIN msg=audit(04/12/2006 08:50:58.076:14) : user pid=2669
uid=root auid=tbl msg='uid=tbl exe=/usr/sbin/gdm-binary
(hostname=localhost.localdomain, addr=127.0.0.1, terminal=:0
res=success)'
----
type=PATH msg=audit(04/12/2006 08:51:04.840:15) : item=0
name=/proc/sys/vm/ inode=4026531931 dev=00:03 mode=dir,555 ouid=root
ogid=root rdev=00:00 obj=system_u:object_r:sysctl_vm_t:s0
type=CWD msg=audit(04/12/2006 08:51:04.840:15) :  cwd=/usr/share/hal/scripts
type=SYSCALL msg=audit(04/12/2006 08:51:04.840:15) : arch=i386
syscall=access success=yes exit=0 a0=9b243b8 a1=2 a2=2 a3=9b23528
items=1 pid=2841 auid=unknown(4294967295) uid=root gid=root euid=root
suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none)
comm=pm-powersave exe=/bin/bash subj=system_u:system_r:hald_t:s0
type=AVC msg=audit(04/12/2006 08:51:04.840:15) : avc:  denied  { write
} for  pid=2841 comm=pm-powersave name=vm dev=proc ino=-268435365
scontext=system_u:system_r:hald_t:s0
tcontext=system_u:object_r:sysctl_vm_t:s0 tclass=dir
----
type=PATH msg=audit(04/12/2006 08:51:06.697:16) : item=1 name=(null)
inode=1045685 dev=fd:00 mode=file,755 ouid=root ogid=root rdev=00:00
obj=system_u:object_r:ld_so_t:s0
type=PATH msg=audit(04/12/2006 08:51:06.697:16) : item=0
name=/usr/bin/bluez-pin inode=5799749 dev=fd:00 mode=file,755
ouid=root ogid=root rdev=00:00
obj=system_u:object_r:bluetooth_helper_exec_t:s0
type=CWD msg=audit(04/12/2006 08:51:06.697:16) :  cwd=/home/tbl
type=AVC_PATH msg=audit(04/12/2006 08:51:06.697:16) :  path=pipe:[9329]
type=AVC_PATH msg=audit(04/12/2006 08:51:06.697:16) :  path=pipe:[9329]
type=SYSCALL msg=audit(04/12/2006 08:51:06.697:16) : arch=i386
syscall=execve success=yes exit=0 a0=9b760b3 a1=bffcc5e0 a2=9b31078
a3=bffcdddf items=2 pid=2854 auid=tbl uid=tbl gid=tbl euid=tbl
suid=tbl fsuid=tbl egid=tbl sgid=tbl fsgid=tbl tty=(none)
comm=bluez-pin exe=/usr/bin/bluez-pin
subj=user_u:system_r:bluetooth_helper_t:s0
type=AVC msg=audit(04/12/2006 08:51:06.697:16) : avc:  denied  { write
} for  pid=2854 comm=bluez-pin name=[9329] dev=pipefs ino=9329
scontext=user_u:system_r:bluetooth_helper_t:s0
tcontext=system_u:system_r:xdm_t:s0-s0:c0.c255 tclass=fifo_file
type=AVC msg=audit(04/12/2006 08:51:06.697:16) : avc:  denied  { use }
for  pid=2854 comm=bluez-pin name=[9329] dev=pipefs ino=9329
scontext=user_u:system_r:bluetooth_helper_t:s0
tcontext=system_u:system_r:xdm_t:s0-s0:c0.c255 tclass=fd
----
type=AVC_PATH msg=audit(04/12/2006 08:51:18.709:17) : 
path=/usr/lib/libSDL-1.2.so.0.7.2
type=SYSCALL msg=audit(04/12/2006 08:51:18.709:17) : arch=i386
syscall=mprotect success=yes exit=0 a0=32c7000 a1=71000 a2=5
a3=bf8935c0 items=0 pid=2848 auid=tbl uid=tbl gid=tbl euid=tbl
suid=tbl fsuid=tbl egid=tbl sgid=tbl fsgid=tbl tty=(none) comm=ekiga
exe=/usr/bin/ekiga subj=user_u:system_r:unconfined_t:s0
type=AVC msg=audit(04/12/2006 08:51:18.709:17) : avc:  denied  {
execmod } for pid=2848 comm=ekiga name=libSDL-1.2.so.0.7.2 dev=dm-0
ino=5803884 scontext=user_u:system_r:unconfined_t:s0
tcontext=system_u:object_r:lib_t:s0 tclass=file
----
type=USER_AUTH msg=audit(04/12/2006 08:51:33.050:18) : user pid=2951
uid=tbl auid=tbl msg='PAM: authentication acct=root : exe=/bin/su
(hostname=?, addr=?, terminal=pts/1 res=success)'
----
type=USER_ACCT msg=audit(04/12/2006 08:51:33.050:19) : user pid=2951
uid=tbl auid=tbl msg='PAM: accounting acct=root : exe=/bin/su
(hostname=?, addr=?, terminal=pts/1 res=success)'
----
type=USER_START msg=audit(04/12/2006 08:51:34.530:20) : user pid=2951
uid=tbl auid=tbl msg='PAM: session open acct=root : exe=/bin/su
(hostname=?, addr=?, terminal=pts/1 res=success)'
----
type=CRED_ACQ msg=audit(04/12/2006 08:51:35.178:21) : user pid=2951
uid=tbl auid=tbl msg='PAM: setcred acct=root : exe=/bin/su
(hostname=?, addr=?, terminal=pts/1 res=success)'
[root at localhost ~]#


--
Tom London

More information about the fedora-selinux-list mailing list