AVC on install of libutempter ?

Tom London selinux at gmail.com
Mon Jul 31 13:55:58 UTC 2006 

On 7/31/06, Daniel J Walsh <dwalsh at redhat.com> wrote:
> This log file seems very screwed up.  Any idea what happened to it?
>
Sorry, I used the output of 'auseach -i'.

Believe this is the 'raw' log file:

type=DAEMON_START msg=audit(1154191808.923:9127) auditd start,
ver=1.2.5, format=raw, auid=500 res=success, auditd pid=4138
type=CONFIG_CHANGE msg=audit(1154191809.155:65): audit_enabled=1 old=1
by auid=500 subj=system_u:system_r:auditd_t:s0
type=CONFIG_CHANGE msg=audit(1154191809.179:66):
audit_backlog_limit=256 old=256 by auid=500
subj=system_u:system_r:auditctl_t:s0
type=USER_END msg=audit(1154191856.525:67): user pid=3912 uid=0
auid=500 subj=user_u:system_r:unconfined_t:s0 msg='PAM: session close
acct=root : exe="/usr/sbin/userhelper" (hostname=?, addr=?, terminal=?
res=success)'
type=USER_CHAUTHTOK msg=audit(1154191876.038:68): user pid=4163 uid=0
auid=500 subj=user_u:system_r:groupadd_t:s0 msg='op=adding group
acct=utempter exe="/usr/sbin/groupadd" (hostname=?, addr=?,
terminal=pts/0 res=success)'
type=AVC msg=audit(1154191876.042:69): avc:  denied  { write } for
pid=4164 comm="nscd" name="group" dev=dm-0 ino=854746
scontext=user_u:system_r:nscd_t:s0 tcontext=system_u:object_r:etc_t:s0
tclass=file
type=AVC msg=audit(1154191876.042:69): avc:  denied  { read write }
for  pid=4164 comm="nscd" name="gshadow" dev=dm-0 ino=853755
scontext=user_u:system_r:nscd_t:s0
tcontext=system_u:object_r:shadow_t:s0 tclass=file
type=SYSCALL msg=audit(1154191876.042:69): arch=40000003 syscall=11
success=yes exit=0 a0=804de0d a1=bf8131a4 a2=bf8131b8 a3=1 items=2
ppid=4163 pid=4164 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
sgid=0 fsgid=0 tty=pts0 comm="nscd" exe="/usr/sbin/nscd"
subj=user_u:system_r:nscd_t:s0 key=(null)
type=AVC_PATH msg=audit(1154191876.042:69):  path="/etc/gshadow"
type=AVC_PATH msg=audit(1154191876.042:69):  path="/etc/group"
type=EXECVE msg=audit(1154191876.042:69): a0="/usr/sbin/nscd"
a1="nscd" a2="-i" a3="group"
type=CWD msg=audit(1154191876.042:69):  cwd="/"
type=PATH msg=audit(1154191876.042:69): item=0 name="/usr/sbin/nscd"
inode=8303056 dev=fd:00 mode=0100755 ouid=0 ogid=0 rdev=00:00
obj=system_u:object_r:nscd_exec_t:s0
type=PATH msg=audit(1154191876.042:69): item=1 name=(null)
inode=7798798 dev=fd:00 mode=0100755 ouid=0 ogid=0 rdev=00:00
obj=system_u:object_r:ld_so_t:s0
type=USER_ACCT msg=audit(1154192461.127:70): user pid=4272 uid=0
auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c255 msg='PAM:
accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?,
terminal=cron res=success)'
type=LOGIN msg=audit(1154192461.127:71): login pid=4272 uid=0 old
auid=4294967295 new auid=0



tom
-- 
Tom London

More information about the fedora-selinux-list mailing list