rpc.statd, ntpdate/ntpd avcs..
Tom London
selinux at gmail.com
Mon Jun 26 22:17:10 UTC 2006
Running targeted/enforcing, latest rawhide.
Noticed the following in /var/log/audit/audit.log:
type=AVC msg=audit(1151339261.011:8): avc: denied { send } for
pid=2087 comm="rpc.statd" saddr=127.0.0.1 src=32770 daddr=127.0.0.1
dest=111 netif=lo scontext=system_u:system_r:rpcd_t:s0
tcontext=system_u:object_r:unlabeled_t:s0 tclass=packet
type=SYSCALL msg=audit(1151339261.011:8): arch=40000003 syscall=102
success=no exit=-1 a0=b a1=bfc68f34 a2=fefff4 a3=fad8c0 items=0
ppid=2086 pid=2087 auid=4294967295 uid=29 gid=29 euid=29 suid=29
fsuid=29 egid=29 sgid=29 fsgid=29 tty=(none) comm="rpc.statd"
exe="/sbin/rpc.statd" subj=system_u:system_r:rpcd_t:s0
type=SOCKADDR msg=audit(1151339261.011:8):
saddr=0200006F7F0000010000000000000000
type=SOCKETCALL msg=audit(1151339261.011:8): nargs=6 a0=7 a1=96281f8
a2=38 a3=0 a4=9628010 a5=10
type=AVC msg=audit(1151339261.123:9): avc: denied { send } for
pid=2087 comm="rpc.statd" saddr=127.0.0.1 src=32770 daddr=127.0.0.1
dest=111 netif=lo scontext=system_u:system_r:rpcd_t:s0
tcontext=system_u:object_r:unlabeled_t:s0 tclass=packet
type=AVC msg=audit(1151339277.372:11): avc: denied { send } for
pid=2290 comm="ntpdate" saddr=10.10.4.52 src=32771 daddr=10.10.2.102
dest=53 netif=eth0 scontext=system_u:system_r:ntpd_t:s0
tcontext=system_u:object_r:unlabeled_t:s0 tclass=packet
type=SYSCALL msg=audit(1151339277.372:11): arch=40000003 syscall=102
success=no exit=-1 a0=9 a1=bfd21190 a2=3d1ff4 a3=5 items=0 ppid=2281
pid=2290 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
sgid=0 fsgid=0 tty=(none) comm="ntpdate" exe="/usr/sbin/ntpdate"
subj=system_u:system_r:ntpd_t:s0
type=SOCKETCALL msg=audit(1151339277.372:11): nargs=4 a0=4 a1=bfd214f0
a2=20 a3=4000
type=AVC msg=audit(1151339277.372:12): avc: denied { send } for
pid=2290 comm="ntpdate" saddr=10.10.4.52 src=32771 daddr=10.10.2.11
dest=53 netif=eth0 scontext=system_u:system_r:ntpd_t:s0
tcontext=system_u:object_r:unlabeled_t:s0 tclass=packet
type=SYSCALL msg=audit(1151339277.372:12): arch=40000003 syscall=102
success=no exit=-1 a0=9 a1=bfd21190 a2=3d1ff4 a3=3 items=0 ppid=2281
pid=2290 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
sgid=0 fsgid=0 tty=(none) comm="ntpdate" exe="/usr/sbin/ntpdate"
subj=system_u:system_r:ntpd_t:s0
type=SOCKETCALL msg=audit(1151339277.372:12): nargs=4 a0=4 a1=bfd214f0
a2=20 a3=4000
<<<< similar for ntpd >>>>>
type=SYSCALL msg=audit(1151339261.123:9): arch=40000003 syscall=102
success=no exit=-1 a0=b a1=bfc68ee4 a2=fefff4 a3=fad8c0 items=0 ppid=1
pid=2087 auid=4294967295 uid=29 gid=29 euid=29 suid=29 fsuid=29
egid=29 sgid=29 fsgid=29 tty=(none) comm="rpc.statd"
exe="/sbin/rpc.statd" subj=system_u:system_r:rpcd_t:s0
type=SOCKADDR msg=audit(1151339261.123:9):
saddr=0200006F7F0000010000000000000000
type=SOCKETCALL msg=audit(1151339261.123:9): nargs=6 a0=3 a1=9628f40
a2=38 a3=0 a4=9628d58 a5=10
type=AVC msg=audit(1151339261.163:10): avc: denied { send } for
pid=2087 comm="rpc.statd" saddr=127.0.0.1 src=32771 daddr=127.0.0.1
dest=111 netif=lo scontext=system_u:system_r:rpcd_t:s0
tcontext=system_u:object_r:unlabeled_t:s0 tclass=packet
type=SYSCALL msg=audit(1151339261.163:10): arch=40000003 syscall=102
success=no exit=-1 a0=b a1=bfc68ec0 a2=fefff4 a3=fad8c0 items=0 ppid=1
pid=2087 auid=4294967295 uid=29 gid=29 euid=29 suid=29 fsuid=29
egid=29 sgid=29 fsgid=29 tty=(none) comm="rpc.statd"
exe="/sbin/rpc.statd" subj=system_u:system_r:rpcd_t:s0
type=SOCKADDR msg=audit(1151339261.163:10):
saddr=0200006F7F0000010000000000000000
type=SOCKETCALL msg=audit(1151339261.163:10): nargs=6 a0=7 a1=962cb38
a2=38 a3=0 a4=962c950 a5=10
tom
--
Tom London
More information about the fedora-selinux-list
mailing list