Stuff I found in my log?
Knute Johnson
knute at frazmtn.com
Wed May 24 00:12:37 UTC 2006
I found some interesting things in my 'messages' log today. I'm not
sure what they mean and would appreciate any information.
This one is the most bothersome. It appears that 'useradd' was
prevented from running this morning only I didn't run it. Would any
other programs run 'useradd' and what would cause it to be denied?
May 23 05:11:49 rabbitbrush kernel: audit(1148386309.877:556): avc:
denied { write } for pid=13906 comm="useradd" name="[1708464]"
dev=pipefs ino=1708464 scontext=user_u:system_r:useradd_t:s0
tcontext=user_u:system_r:unconfined_t:s0 tclass=fifo_file
There are a boatload of these messages. I know that 'webalizer' is a
statistics formatter for the web server but why would it be run
dozens of times and be denied?
May 23 04:02:02 rabbitbrush kernel: audit(1148382121.861:514): avc:
denied { create } for pid=12313 comm="webalizer"
scontext=user_u:system_r:webalizer_t:s0
tcontext=user_u:system_r:webalizer_t:s0 tclass=netlink_route_socket
May 23 04:02:02 rabbitbrush kernel: audit(1148382122.237:515): avc:
denied { create } for pid=12313 comm="webalizer"
scontext=user_u:system_r:webalizer_t:s0
tcontext=user_u:system_r:webalizer_t:s0 tclass=netlink_route_socket
May 23 04:02:02 rabbitbrush kernel: audit(1148382122.237:516): avc:
denied { create } for pid=12313 comm="webalizer"
scontext=user_u:system_r:webalizer_t:s0
tcontext=user_u:system_r:webalizer_t:s0 tclass=netlink_route_socket
What would cause hundreds of these messages to appear in the log. I
know I played with setsebool but I only changed one item.
May 22 17:33:58 rabbitbrush kernel: audit(1148344436.645:286): avc:
granted { setbool } for pid=2303 comm="setsebool"
scontext=user_u:system_r:unconfined_t:s0
tcontext=system_u:object_r:security_t:s0 tclass=security
May 22 17:33:58 rabbitbrush kernel: audit(1148344436.645:287): avc:
granted { setbool } for pid=2303 comm="setsebool"
scontext=user_u:system_r:unconfined_t:s0
tcontext=system_u:object_r:security_t:s0 tclass=security
May 22 17:33:58 rabbitbrush kernel: audit(1148344436.645:288): avc:
granted { setbool } for pid=2303 comm="setsebool"
scontext=user_u:system_r:unconfined_t:s0
tcontext=system_u:object_r:security_t:s0 tclass=security
May 22 17:33:58 rabbitbrush kernel: audit(1148344436.645:289): avc:
granted { setbool } for pid=2303 comm="setsebool"
scontext=user_u:system_r:unconfined_t:s0
tcontext=system_u:object_r:security_t:s0 tclass=security
Thanks very much,
--
Knute Johnson
Molon Labe...
More information about the fedora-selinux-list
mailing list