AVCs from today's updates.... (stroke 2)

Tom London selinux at gmail.com
Fri Aug 11 15:37:35 UTC 2006 

Resending with <100K text to avoid moderator .....

Today's update generated some AVCs (actually lots of them).

Here is audit2allow output:

allow bootloader_t rpm_t:tcp_socket { read write };
allow bootloader_t rpm_var_lib_t:file { read write };
allow depmod_t rpm_t:tcp_socket { read write };
allow depmod_t rpm_var_lib_t:file { read write };
allow depmod_t var_t:file read;

Here are clippings from /var/log/audit/audit.log:
type=AVC msg=audit(1155307887.872:40): avc:  denied  { read write }
for  pid=4770 comm="depmod" name="[51427]" dev=sockfs ino=51427
scontext=system_u:system_r:depmod_t:s0
tcontext=system_u:system_r:rpm_t:s0 tclass=tcp_socket
type=AVC msg=audit(1155307887.872:40): avc:  denied  { read write }
for  pid=4770 comm="depmod" name="__db.000" dev=dm-0 ino=2786034
scontext=system_u:system_r:depmod_t:s0
tcontext=system_u:object_r:rpm_var_lib_t:s0 tclass=file
type=AVC msg=audit(1155307887.872:40): avc:  denied  { read } for
pid=4770 comm="depmod" name="kernel-2.6.17-1.2548.fc6.i686.rpm"
dev=dm-0 ino=2818553 scontext=system_u:system_r:depmod_t:s0
tcontext=system_u:object_r:var_t:s0 tclass=file
type=SYSCALL msg=audit(1155307887.872:40): arch=40000003 syscall=11
success=yes exit=0 a0=8858430 a1=884a5c8 a2=884d8a0 a3=8858760 items=0
ppid=4762 pid=4770 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
sgid=0 fsgid=0 tty=pts0 comm="depmod" exe="/sbin/depmod"
subj=system_u:system_r:depmod_t:s0 key=(null)
type=AVC_PATH msg=audit(1155307887.872:40):
path="/var/cache/yum/development/packages/kernel-2.6.17-1.2548.fc6.i686.rpm"
type=AVC_PATH msg=audit(1155307887.872:40):  path="/var/lib/rpm/__db.000"
type=AVC_PATH msg=audit(1155307887.872:40):  path="socket:[51427]"
<<<<< many, many of the above, various socket #s>>>>>>
<<<<< many, many of the below, various socket #s>>>>>>
type=AVC msg=audit(1155307888.860:41): avc:  denied  { read write }
for  pid=4771 comm="mkinitrd" name="[54546]" dev=sockfs ino=54546
scontext=system_u:system_r:bootloader_t:s0
tcontext=system_u:system_r:rpm_t:s0 tclass=tcp_socket
type=AVC msg=audit(1155307888.860:41): avc:  denied  { read write }
for  pid=4771 comm="mkinitrd" name="[51427]" dev=sockfs ino=51427
scontext=system_u:system_r:bootloader_t:s0
tcontext=system_u:system_r:rpm_t:s0 tclass=tcp_socket
type=AVC msg=audit(1155307888.860:41): avc:  denied  { read write }
for  pid=4771 comm="mkinitrd" name="__db.000" dev=dm-0 ino=2786034
scontext=system_u:system_r:bootloader_t:s0
tcontext=system_u:object_r:rpm_var_lib_t:s0 tclass=file
type=SYSCALL msg=audit(1155307888.860:41): arch=40000003 syscall=11
success=yes exit=0 a0=8857f58 a1=884a5c8 a2=884d8a0 a3=8858470 items=0
ppid=4762 pid=4771 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
sgid=0 fsgid=0 tty=pts0 comm="mkinitrd" exe="/bin/bash"
subj=system_u:system_r:bootloader_t:s0 key=(null)
type=AVC_PATH msg=audit(1155307888.860:41):  path="/var/lib/rpm/__db.000"
type=AVC_PATH msg=audit(1155307888.860:41):  path="socket:[51427]"
type=AVC_PATH msg=audit(1155307888.860:41):  path="socket:[54546]"
type=AVC_PATH msg=audit(1155307888.860:41):  path="socket:[55152]"
type=AVC_PATH msg=audit(1155307888.860:41):  path="socket:[48873]"
<<<< many, many of the above, various socket #s >>>>>

tom
-- 
Tom London

More information about the fedora-selinux-list mailing list