execstack AVCs in Rawhide...?

Tom London selinux at gmail.com
Fri Dec 22 17:32:12 UTC 2006 

Running latest Rawhide, targeted/enforcing.

I seem to be getting execstack AVCs from setroubleshootd, sealert,
gaim, mixer_applet2, and firefox-bin.

Firefox has flash and Sun java plugins; guessing that may be part of the issue.

tom

type=DAEMON_START msg=audit(1166807740.587:4053) auditd start,
ver=1.3.1, format=raw, auid=4294967295 pid=2084 res=success, auditd
pid=2084
type=CONFIG_CHANGE msg=audit(1166807740.687:5): audit_enabled=1 old=0
by auid=4294967295 subj=system_u:system_r:auditd_t:s0
type=CONFIG_CHANGE msg=audit(1166807740.893:6):
audit_backlog_limit=256 old=64 by auid=4294967295
subj=system_u:system_r:auditctl_t:s0
type=AVC msg=audit(1166807745.923:7): avc:  denied  { execstack } for
pid=2187 comm="setroubleshootd"
scontext=system_u:system_r:setroubleshootd_t:s0
tcontext=system_u:system_r:setroubleshootd_t:s0 tclass=process
type=SYSCALL msg=audit(1166807745.923:7): arch=40000003 syscall=125
success=no exit=-13 a0=bfce1000 a1=1000 a2=1000007 a3=fffff000 items=0
ppid=1 pid=2187 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0
egid=0 sgid=0 fsgid=0 tty=(none) comm="setroubleshootd"
exe="/usr/bin/python" subj=system_u:system_r:setroubleshootd_t:s0
key=(null)
type=LABEL_LEVEL_CHANGE msg=audit(1166807750.278:8): user pid=2517
uid=0 auid=4294967295 subj=system_u:system_r:cupsd_t:s0-s0:c0.c1023
msg='printer=HP5MP uri=hp:/par/HP_LaserJet_5MP?device=/dev/parport0
banners=none,none range=unknown: exe="/usr/sbin/cupsd"
(hostname=localhost.localdomain, addr=127.0.0.1, terminal=?
res=success)'
type=LABEL_LEVEL_CHANGE msg=audit(1166807750.429:9): user pid=2517
uid=0 auid=4294967295 subj=system_u:system_r:cupsd_t:s0-s0:c0.c1023
msg='printer=hp_LaserJet_1300
uri=hal:///org/freedesktop/Hal/devices/usb_device_3f0_1017_00CNCB954325_if0_printer_noserial
banners=none,none range=unknown: exe="/usr/sbin/cupsd"
(hostname=localhost.localdomain, addr=127.0.0.1, terminal=?
res=success)'
type=LABEL_LEVEL_CHANGE msg=audit(1166807750.494:10): user pid=2517
uid=0 auid=4294967295 subj=system_u:system_r:cupsd_t:s0-s0:c0.c1023
msg='printer=Innopath uri=file:/dev/null banners=none,none
range=unknown: exe="/usr/sbin/cupsd" (hostname=localhost.localdomain,
addr=127.0.0.1, terminal=? res=success)'
type=LABEL_LEVEL_CHANGE msg=audit(1166807750.496:11): user pid=2517
uid=0 auid=4294967295 subj=system_u:system_r:cupsd_t:s0-s0:c0.c1023
msg='printer=Local uri=file:/dev/null banners=none,none range=unknown:
exe="/usr/sbin/cupsd" (hostname=localhost.localdomain, addr=127.0.0.1,
terminal=? res=success)'
type=USER_ERR msg=audit(1166807765.078:12): user pid=2960 uid=0
auid=4294967295 subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 msg='PAM:
bad_ident acct=? : exe="/usr/sbin/gdm-binary" (hostname=?, addr=?,
terminal=? res=failed)'
type=USER_AUTH msg=audit(1166807777.433:13): user pid=3037 uid=0
auid=4294967295 subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 msg='PAM:
authentication acct=tbl : exe="/usr/sbin/gdm-binary" (hostname=?,
addr=?, terminal=:0 res=success)'
type=USER_ACCT msg=audit(1166807777.435:14): user pid=3037 uid=0
auid=4294967295 subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 msg='PAM:
accounting acct=tbl : exe="/usr/sbin/gdm-binary" (hostname=?, addr=?,
terminal=:0 res=success)'
type=CRED_ACQ msg=audit(1166807777.436:15): user pid=3037 uid=0
auid=4294967295 subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 msg='PAM:
setcred acct=tbl : exe="/usr/sbin/gdm-binary" (hostname=?, addr=?,
terminal=:0 res=success)'
type=LOGIN msg=audit(1166807777.440:16): login pid=3037 uid=0 old
auid=4294967295 new auid=500
type=USER_START msg=audit(1166807777.583:17): user pid=3037 uid=0
auid=500 subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 msg='PAM: session
open acct=tbl : exe="/usr/sbin/gdm-binary" (hostname=?, addr=?,
terminal=:0 res=success)'
type=USER_LOGIN msg=audit(1166807777.585:18): user pid=3037 uid=0
auid=500 subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 msg='uid=500:
exe="/usr/sbin/gdm-binary" (hostname=localhost.localdomain,
addr=127.0.0.1, terminal=:0 res=success)'
type=AVC msg=audit(1166807804.117:19): avc:  denied  { execstack } for
 pid=3229 comm="sealert" scontext=user_u:system_r:unconfined_t:s0
tcontext=user_u:system_r:unconfined_t:s0 tclass=process
type=SYSCALL msg=audit(1166807804.117:19): arch=40000003 syscall=125
success=no exit=-13 a0=bf882000 a1=1000 a2=1000007 a3=fffff000 items=0
ppid=1 pid=3229 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500
egid=500 sgid=500 fsgid=500 tty=(none) comm="sealert"
exe="/usr/bin/python" subj=user_u:system_r:unconfined_t:s0 key=(null)
type=AVC msg=audit(1166807804.624:20): avc:  denied  { execstack } for
 pid=3240 comm="sealert" scontext=user_u:system_r:unconfined_t:s0
tcontext=user_u:system_r:unconfined_t:s0 tclass=process
type=SYSCALL msg=audit(1166807804.624:20): arch=40000003 syscall=125
success=no exit=-13 a0=bff2f000 a1=1000 a2=1000007 a3=fffff000 items=0
ppid=3239 pid=3240 auid=500 uid=500 gid=500 euid=500 suid=500
fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="sealert"
exe="/usr/bin/python" subj=user_u:system_r:unconfined_t:s0 key=(null)
type=AVC msg=audit(1166807809.849:21): avc:  denied  { execstack } for
 pid=3283 comm="gaim" scontext=user_u:system_r:unconfined_t:s0
tcontext=user_u:system_r:unconfined_t:s0 tclass=process
type=SYSCALL msg=audit(1166807809.849:21): arch=40000003 syscall=125
success=no exit=-13 a0=bffd9000 a1=1000 a2=1000007 a3=fffff000 items=0
ppid=3193 pid=3283 auid=500 uid=500 gid=500 euid=500 suid=500
fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="gaim"
exe="/usr/bin/gaim" subj=user_u:system_r:unconfined_t:s0 key=(null)
type=AVC msg=audit(1166807821.317:22): avc:  denied  { execstack } for
 pid=3419 comm="mixer_applet2"
scontext=user_u:system_r:unconfined_t:s0
tcontext=user_u:system_r:unconfined_t:s0 tclass=process
type=SYSCALL msg=audit(1166807821.317:22): arch=40000003 syscall=125
success=no exit=-13 a0=bfa39000 a1=1000 a2=1000007 a3=fffff000 items=0
ppid=3408 pid=3419 auid=500 uid=500 gid=500 euid=500 suid=500
fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="mixer_applet2"
exe="/usr/libexec/mixer_applet2" subj=user_u:system_r:unconfined_t:s0
key=(null)
type=USER_AUTH msg=audit(1166807845.960:23): user pid=3460 uid=500
auid=500 subj=user_u:system_r:unconfined_t:s0 msg='PAM: authentication
acct=root : exe="/bin/su" (hostname=?, addr=?, terminal=pts/0
res=success)'
type=USER_ACCT msg=audit(1166807845.961:24): user pid=3460 uid=500
auid=500 subj=user_u:system_r:unconfined_t:s0 msg='PAM: accounting
acct=root : exe="/bin/su" (hostname=?, addr=?, terminal=pts/0
res=success)'
type=USER_START msg=audit(1166807847.381:25): user pid=3460 uid=500
auid=500 subj=user_u:system_r:unconfined_t:s0 msg='PAM: session open
acct=root : exe="/bin/su" (hostname=?, addr=?, terminal=pts/0
res=success)'
type=CRED_ACQ msg=audit(1166807847.382:26): user pid=3460 uid=500
auid=500 subj=user_u:system_r:unconfined_t:s0 msg='PAM: setcred
acct=root : exe="/bin/su" (hostname=?, addr=?, terminal=pts/0
res=success)'
type=AVC msg=audit(1166807900.148:27): avc:  denied  { execstack } for
 pid=3441 comm="firefox-bin" scontext=user_u:system_r:unconfined_t:s0
tcontext=user_u:system_r:unconfined_t:s0 tclass=process
type=SYSCALL msg=audit(1166807900.148:27): arch=40000003 syscall=125
success=no exit=-13 a0=bf89b000 a1=1000 a2=1000007 a3=fffff000 items=0
ppid=1 pid=3441 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500
egid=500 sgid=500 fsgid=500 tty=(none) comm="firefox-bin"
exe="/usr/lib/firefox-2.0/firefox-bin"
subj=user_u:system_r:unconfined_t:s0 key=(null)
type=AVC msg=audit(1166807900.158:28): avc:  denied  { execstack } for
 pid=3441 comm="firefox-bin" scontext=user_u:system_r:unconfined_t:s0
tcontext=user_u:system_r:unconfined_t:s0 tclass=process
type=SYSCALL msg=audit(1166807900.158:28): arch=40000003 syscall=125
success=no exit=-13 a0=bf89b000 a1=1000 a2=1000007 a3=fffff000 items=0
ppid=1 pid=3441 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500
egid=500 sgid=500 fsgid=500 tty=(none) comm="firefox-bin"
exe="/usr/lib/firefox-2.0/firefox-bin"
subj=user_u:system_r:unconfined_t:s0 key=(null)
type=AVC msg=audit(1166807900.162:29): avc:  denied  { execstack } for
 pid=3441 comm="firefox-bin" scontext=user_u:system_r:unconfined_t:s0
tcontext=user_u:system_r:unconfined_t:s0 tclass=process
type=SYSCALL msg=audit(1166807900.162:29): arch=40000003 syscall=125
success=no exit=-13 a0=bf89b000 a1=1000 a2=1000007 a3=fffff000 items=0
ppid=1 pid=3441 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500
egid=500 sgid=500 fsgid=500 tty=(none) comm="firefox-bin"
exe="/usr/lib/firefox-2.0/firefox-bin"
subj=user_u:system_r:unconfined_t:s0 key=(null)
type=AVC msg=audit(1166807900.163:30): avc:  denied  { execstack } for
 pid=3441 comm="firefox-bin" scontext=user_u:system_r:unconfined_t:s0
tcontext=user_u:system_r:unconfined_t:s0 tclass=process
type=SYSCALL msg=audit(1166807900.163:30): arch=40000003 syscall=125
success=no exit=-13 a0=bf89b000 a1=1000 a2=1000007 a3=fffff000 items=0
ppid=1 pid=3441 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500
egid=500 sgid=500 fsgid=500 tty=(none) comm="firefox-bin"
exe="/usr/lib/firefox-2.0/firefox-bin"
subj=user_u:system_r:unconfined_t:s0 key=(null)

-- 
Tom London

More information about the fedora-selinux-list mailing list