execstack AVCs in Rawhide...?
Daniel J Walsh
dwalsh at redhat.com
Fri Dec 22 18:53:41 UTC 2006
Tom London wrote:
We are guessing there is some screwed up library on your machine that is
causing this. Could you attempt to strace one of these apps to see
which library is causing the problem.
Thanks,
Dan
> Running latest Rawhide, targeted/enforcing.
>
> I seem to be getting execstack AVCs from setroubleshootd, sealert,
> gaim, mixer_applet2, and firefox-bin.
>
> Firefox has flash and Sun java plugins; guessing that may be part of
> the issue.
>
> tom
>
> type=DAEMON_START msg=audit(1166807740.587:4053) auditd start,
> ver=1.3.1, format=raw, auid=4294967295 pid=2084 res=success, auditd
> pid=2084
> type=CONFIG_CHANGE msg=audit(1166807740.687:5): audit_enabled=1 old=0
> by auid=4294967295 subj=system_u:system_r:auditd_t:s0
> type=CONFIG_CHANGE msg=audit(1166807740.893:6):
> audit_backlog_limit=256 old=64 by auid=4294967295
> subj=system_u:system_r:auditctl_t:s0
> type=AVC msg=audit(1166807745.923:7): avc: denied { execstack } for
> pid=2187 comm="setroubleshootd"
> scontext=system_u:system_r:setroubleshootd_t:s0
> tcontext=system_u:system_r:setroubleshootd_t:s0 tclass=process
> type=SYSCALL msg=audit(1166807745.923:7): arch=40000003 syscall=125
> success=no exit=-13 a0=bfce1000 a1=1000 a2=1000007 a3=fffff000 items=0
> ppid=1 pid=2187 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0
> egid=0 sgid=0 fsgid=0 tty=(none) comm="setroubleshootd"
> exe="/usr/bin/python" subj=system_u:system_r:setroubleshootd_t:s0
> key=(null)
> type=LABEL_LEVEL_CHANGE msg=audit(1166807750.278:8): user pid=2517
> uid=0 auid=4294967295 subj=system_u:system_r:cupsd_t:s0-s0:c0.c1023
> msg='printer=HP5MP uri=hp:/par/HP_LaserJet_5MP?device=/dev/parport0
> banners=none,none range=unknown: exe="/usr/sbin/cupsd"
> (hostname=localhost.localdomain, addr=127.0.0.1, terminal=?
> res=success)'
> type=LABEL_LEVEL_CHANGE msg=audit(1166807750.429:9): user pid=2517
> uid=0 auid=4294967295 subj=system_u:system_r:cupsd_t:s0-s0:c0.c1023
> msg='printer=hp_LaserJet_1300
> uri=hal:///org/freedesktop/Hal/devices/usb_device_3f0_1017_00CNCB954325_if0_printer_noserial
>
> banners=none,none range=unknown: exe="/usr/sbin/cupsd"
> (hostname=localhost.localdomain, addr=127.0.0.1, terminal=?
> res=success)'
> type=LABEL_LEVEL_CHANGE msg=audit(1166807750.494:10): user pid=2517
> uid=0 auid=4294967295 subj=system_u:system_r:cupsd_t:s0-s0:c0.c1023
> msg='printer=Innopath uri=file:/dev/null banners=none,none
> range=unknown: exe="/usr/sbin/cupsd" (hostname=localhost.localdomain,
> addr=127.0.0.1, terminal=? res=success)'
> type=LABEL_LEVEL_CHANGE msg=audit(1166807750.496:11): user pid=2517
> uid=0 auid=4294967295 subj=system_u:system_r:cupsd_t:s0-s0:c0.c1023
> msg='printer=Local uri=file:/dev/null banners=none,none range=unknown:
> exe="/usr/sbin/cupsd" (hostname=localhost.localdomain, addr=127.0.0.1,
> terminal=? res=success)'
> type=USER_ERR msg=audit(1166807765.078:12): user pid=2960 uid=0
> auid=4294967295 subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 msg='PAM:
> bad_ident acct=? : exe="/usr/sbin/gdm-binary" (hostname=?, addr=?,
> terminal=? res=failed)'
> type=USER_AUTH msg=audit(1166807777.433:13): user pid=3037 uid=0
> auid=4294967295 subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 msg='PAM:
> authentication acct=tbl : exe="/usr/sbin/gdm-binary" (hostname=?,
> addr=?, terminal=:0 res=success)'
> type=USER_ACCT msg=audit(1166807777.435:14): user pid=3037 uid=0
> auid=4294967295 subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 msg='PAM:
> accounting acct=tbl : exe="/usr/sbin/gdm-binary" (hostname=?, addr=?,
> terminal=:0 res=success)'
> type=CRED_ACQ msg=audit(1166807777.436:15): user pid=3037 uid=0
> auid=4294967295 subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 msg='PAM:
> setcred acct=tbl : exe="/usr/sbin/gdm-binary" (hostname=?, addr=?,
> terminal=:0 res=success)'
> type=LOGIN msg=audit(1166807777.440:16): login pid=3037 uid=0 old
> auid=4294967295 new auid=500
> type=USER_START msg=audit(1166807777.583:17): user pid=3037 uid=0
> auid=500 subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 msg='PAM: session
> open acct=tbl : exe="/usr/sbin/gdm-binary" (hostname=?, addr=?,
> terminal=:0 res=success)'
> type=USER_LOGIN msg=audit(1166807777.585:18): user pid=3037 uid=0
> auid=500 subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 msg='uid=500:
> exe="/usr/sbin/gdm-binary" (hostname=localhost.localdomain,
> addr=127.0.0.1, terminal=:0 res=success)'
> type=AVC msg=audit(1166807804.117:19): avc: denied { execstack } for
> pid=3229 comm="sealert" scontext=user_u:system_r:unconfined_t:s0
> tcontext=user_u:system_r:unconfined_t:s0 tclass=process
> type=SYSCALL msg=audit(1166807804.117:19): arch=40000003 syscall=125
> success=no exit=-13 a0=bf882000 a1=1000 a2=1000007 a3=fffff000 items=0
> ppid=1 pid=3229 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500
> egid=500 sgid=500 fsgid=500 tty=(none) comm="sealert"
> exe="/usr/bin/python" subj=user_u:system_r:unconfined_t:s0 key=(null)
> type=AVC msg=audit(1166807804.624:20): avc: denied { execstack } for
> pid=3240 comm="sealert" scontext=user_u:system_r:unconfined_t:s0
> tcontext=user_u:system_r:unconfined_t:s0 tclass=process
> type=SYSCALL msg=audit(1166807804.624:20): arch=40000003 syscall=125
> success=no exit=-13 a0=bff2f000 a1=1000 a2=1000007 a3=fffff000 items=0
> ppid=3239 pid=3240 auid=500 uid=500 gid=500 euid=500 suid=500
> fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="sealert"
> exe="/usr/bin/python" subj=user_u:system_r:unconfined_t:s0 key=(null)
> type=AVC msg=audit(1166807809.849:21): avc: denied { execstack } for
> pid=3283 comm="gaim" scontext=user_u:system_r:unconfined_t:s0
> tcontext=user_u:system_r:unconfined_t:s0 tclass=process
> type=SYSCALL msg=audit(1166807809.849:21): arch=40000003 syscall=125
> success=no exit=-13 a0=bffd9000 a1=1000 a2=1000007 a3=fffff000 items=0
> ppid=3193 pid=3283 auid=500 uid=500 gid=500 euid=500 suid=500
> fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="gaim"
> exe="/usr/bin/gaim" subj=user_u:system_r:unconfined_t:s0 key=(null)
> type=AVC msg=audit(1166807821.317:22): avc: denied { execstack } for
> pid=3419 comm="mixer_applet2"
> scontext=user_u:system_r:unconfined_t:s0
> tcontext=user_u:system_r:unconfined_t:s0 tclass=process
> type=SYSCALL msg=audit(1166807821.317:22): arch=40000003 syscall=125
> success=no exit=-13 a0=bfa39000 a1=1000 a2=1000007 a3=fffff000 items=0
> ppid=3408 pid=3419 auid=500 uid=500 gid=500 euid=500 suid=500
> fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="mixer_applet2"
> exe="/usr/libexec/mixer_applet2" subj=user_u:system_r:unconfined_t:s0
> key=(null)
> type=USER_AUTH msg=audit(1166807845.960:23): user pid=3460 uid=500
> auid=500 subj=user_u:system_r:unconfined_t:s0 msg='PAM: authentication
> acct=root : exe="/bin/su" (hostname=?, addr=?, terminal=pts/0
> res=success)'
> type=USER_ACCT msg=audit(1166807845.961:24): user pid=3460 uid=500
> auid=500 subj=user_u:system_r:unconfined_t:s0 msg='PAM: accounting
> acct=root : exe="/bin/su" (hostname=?, addr=?, terminal=pts/0
> res=success)'
> type=USER_START msg=audit(1166807847.381:25): user pid=3460 uid=500
> auid=500 subj=user_u:system_r:unconfined_t:s0 msg='PAM: session open
> acct=root : exe="/bin/su" (hostname=?, addr=?, terminal=pts/0
> res=success)'
> type=CRED_ACQ msg=audit(1166807847.382:26): user pid=3460 uid=500
> auid=500 subj=user_u:system_r:unconfined_t:s0 msg='PAM: setcred
> acct=root : exe="/bin/su" (hostname=?, addr=?, terminal=pts/0
> res=success)'
> type=AVC msg=audit(1166807900.148:27): avc: denied { execstack } for
> pid=3441 comm="firefox-bin" scontext=user_u:system_r:unconfined_t:s0
> tcontext=user_u:system_r:unconfined_t:s0 tclass=process
> type=SYSCALL msg=audit(1166807900.148:27): arch=40000003 syscall=125
> success=no exit=-13 a0=bf89b000 a1=1000 a2=1000007 a3=fffff000 items=0
> ppid=1 pid=3441 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500
> egid=500 sgid=500 fsgid=500 tty=(none) comm="firefox-bin"
> exe="/usr/lib/firefox-2.0/firefox-bin"
> subj=user_u:system_r:unconfined_t:s0 key=(null)
> type=AVC msg=audit(1166807900.158:28): avc: denied { execstack } for
> pid=3441 comm="firefox-bin" scontext=user_u:system_r:unconfined_t:s0
> tcontext=user_u:system_r:unconfined_t:s0 tclass=process
> type=SYSCALL msg=audit(1166807900.158:28): arch=40000003 syscall=125
> success=no exit=-13 a0=bf89b000 a1=1000 a2=1000007 a3=fffff000 items=0
> ppid=1 pid=3441 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500
> egid=500 sgid=500 fsgid=500 tty=(none) comm="firefox-bin"
> exe="/usr/lib/firefox-2.0/firefox-bin"
> subj=user_u:system_r:unconfined_t:s0 key=(null)
> type=AVC msg=audit(1166807900.162:29): avc: denied { execstack } for
> pid=3441 comm="firefox-bin" scontext=user_u:system_r:unconfined_t:s0
> tcontext=user_u:system_r:unconfined_t:s0 tclass=process
> type=SYSCALL msg=audit(1166807900.162:29): arch=40000003 syscall=125
> success=no exit=-13 a0=bf89b000 a1=1000 a2=1000007 a3=fffff000 items=0
> ppid=1 pid=3441 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500
> egid=500 sgid=500 fsgid=500 tty=(none) comm="firefox-bin"
> exe="/usr/lib/firefox-2.0/firefox-bin"
> subj=user_u:system_r:unconfined_t:s0 key=(null)
> type=AVC msg=audit(1166807900.163:30): avc: denied { execstack } for
> pid=3441 comm="firefox-bin" scontext=user_u:system_r:unconfined_t:s0
> tcontext=user_u:system_r:unconfined_t:s0 tclass=process
> type=SYSCALL msg=audit(1166807900.163:30): arch=40000003 syscall=125
> success=no exit=-13 a0=bf89b000 a1=1000 a2=1000007 a3=fffff000 items=0
> ppid=1 pid=3441 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500
> egid=500 sgid=500 fsgid=500 tty=(none) comm="firefox-bin"
> exe="/usr/lib/firefox-2.0/firefox-bin"
> subj=user_u:system_r:unconfined_t:s0 key=(null)
>
More information about the fedora-selinux-list
mailing list