denied avc's for hald, hpiod and mplayer plugin
Antonio Olivares
olivares14031 at yahoo.com
Thu Oct 19 21:33:06 UTC 2006
--- Daniel J Walsh <dwalsh at redhat.com> wrote:
> Antonio Olivares wrote:
> > SELinux: initialized (dev autofs, type autofs),
> uses genfs_contexts
> > SELinux: initialized (dev autofs, type autofs),
> uses genfs_contexts
> > audit(1161244617.541:4): avc: denied { name_bind
> } for pid=2074 comm="hpiod" src=2208
> scontext=system_u:system_r:hplip_t:s0
> tcontext=system_u:object_r:port_t:s0
> tclass=tcp_socket
> > eth0: no IPv6 routers present
> > audit(1161244622.801:5): avc: denied { search }
> for pid=2232 comm="hald" name="irq" dev=proc
> ino=-268435212 scontext=system_u:system_r:hald_t:s0
> tcontext=system_u:object_r:sysctl_irq_t:s0
> tclass=dir
> > audit(1161244622.801:6): avc: denied { search }
> for pid=2232 comm="hald" name="irq" dev=proc
> ino=-268435212 scontext=system_u:system_r:hald_t:s0
> tcontext=system_u:object_r:sysctl_irq_t:s0
> tclass=dir
> > audit(1161244622.801:7): avc: denied { search }
> for pid=2232 comm="hald" name="irq" dev=proc
> ino=-268435212 scontext=system_u:system_r:hald_t:s0
> tcontext=system_u:object_r:sysctl_irq_t:s0
> tclass=dir
> > audit(1161244622.801:8): avc: denied { search }
> for pid=2232 comm="hald" name="irq" dev=proc
> ino=-268435212 scontext=system_u:system_r:hald_t:s0
> tcontext=system_u:object_r:sysctl_irq_t:s0
> tclass=dir
> > audit(1161244622.801:9): avc: denied { search }
> for pid=2232 comm="hald" name="irq" dev=proc
> ino=-268435212 scontext=system_u:system_r:hald_t:s0
> tcontext=system_u:object_r:sysctl_irq_t:s0
> tclass=dir
> > audit(1161246948.355:10): avc: denied { execmem
> } for pid=5945 comm="mplayer"
> scontext=user_u:system_r:unconfined_t:s0
> tcontext=user_u:system_r:unconfined_t:s0
> tclass=process
> > audit(1161246948.355:11): avc: denied { execmem
> } for pid=5945 comm="mplayer"
> scontext=user_u:system_r:unconfined_t:s0
> tcontext=user_u:system_r:unconfined_t:s0
> tclass=process
> > audit(1161246948.391:12): avc: denied { execmem
> } for pid=5945 comm="mplayer"
> scontext=user_u:system_r:unconfined_t:s0
> tcontext=user_u:system_r:unconfined_t:s0
> tclass=process
> > audit(1161246948.391:13): avc: denied { execmem
> } for pid=5945 comm="mplayer"
> scontext=user_u:system_r:unconfined_t:s0
> tcontext=user_u:system_r:unconfined_t:s0
> tclass=process
> > audit(1161246948.403:14): avc: denied { execmem
> } for pid=5945 comm="mplayer"
> scontext=user_u:system_r:unconfined_t:s0
> tcontext=user_u:system_r:unconfined_t:s0
> tclass=process
> > audit(1161246948.403:15): avc: denied { execmem
> } for pid=5945 comm="mplayer"
> scontext=user_u:system_r:unconfined_t:s0
> tcontext=user_u:system_r:unconfined_t:s0
> tclass=process
> > audit(1161246948.415:16): avc: denied { execmem
> } for pid=5945 comm="mplayer"
> scontext=user_u:system_r:unconfined_t:s0
> tcontext=user_u:system_r:unconfined_t:s0
> tclass=process
> > audit(1161246948.415:17): avc: denied { execmem
> } for pid=5945 comm="mplayer"
> scontext=user_u:system_r:unconfined_t:s0
> tcontext=user_u:system_r:unconfined_t:s0
> tclass=process
> > audit(1161246981.941:18): avc: denied { execmem
> } for pid=5950 comm="mplayer"
> scontext=user_u:system_r:unconfined_t:s0
> tcontext=user_u:system_r:unconfined_t:s0
> tclass=process
> > audit(1161246981.941:19): avc: denied { execmem
> } for pid=5950 comm="mplayer"
> scontext=user_u:system_r:unconfined_t:s0
> tcontext=user_u:system_r:unconfined_t:s0
> tclass=process
> > audit(1161246981.941:20): avc: denied { execmem
> } for pid=5950 comm="mplayer"
> scontext=user_u:system_r:unconfined_t:s0
> tcontext=user_u:system_r:unconfined_t:s0
> tclass=process
> > audit(1161246981.941:21): avc: denied { execmem
> } for pid=5950 comm="mplayer"
> scontext=user_u:system_r:unconfined_t:s0
> tcontext=user_u:system_r:unconfined_t:s0
> tclass=process
> > audit(1161246981.941:22): avc: denied { execmem
> } for pid=5950 comm="mplayer"
> scontext=user_u:system_r:unconfined_t:s0
> tcontext=user_u:system_r:unconfined_t:s0
> tclass=process
> > audit(1161246981.941:23): avc: denied { execmem
> } for pid=5950 comm="mplayer"
> scontext=user_u:system_r:unconfined_t:s0
> tcontext=user_u:system_r:unconfined_t:s0
> tclass=process
> > audit(1161246981.941:24): avc: denied { execmem
> } for pid=5950 comm="mplayer"
> scontext=user_u:system_r:unconfined_t:s0
> tcontext=user_u:system_r:unconfined_t:s0
> tclass=process
> > audit(1161246981.941:25): avc: denied { execmem
> } for pid=5950 comm="mplayer"
> scontext=user_u:system_r:unconfined_t:s0
> tcontext=user_u:system_r:unconfined_t:s0
> tclass=process
> > audit(1161247003.070:26): avc: denied { execmem
> } for pid=5953 comm="mplayer"
> scontext=user_u:system_r:unconfined_t:s0
> tcontext=user_u:system_r:unconfined_t:s0
> tclass=process
> > audit(1161247003.070:27): avc: denied { execmem
> } for pid=5953 comm="mplayer"
> scontext=user_u:system_r:unconfined_t:s0
> tcontext=user_u:system_r:unconfined_t:s0
> tclass=process
> > audit(1161247003.074:28): avc: denied { execmem
> } for pid=5953 comm="mplayer"
> scontext=user_u:system_r:unconfined_t:s0
> tcontext=user_u:system_r:unconfined_t:s0
> tclass=process
> > audit(1161247003.074:29): avc: denied { execmem
> } for pid=5953 comm="mplayer"
> scontext=user_u:system_r:unconfined_t:s0
> tcontext=user_u:system_r:unconfined_t:s0
> tclass=process
> > audit(1161247003.074:30): avc: denied { execmem
> } for pid=5953 comm="mplayer"
> scontext=user_u:system_r:unconfined_t:s0
> tcontext=user_u:system_r:unconfined_t:s0
> tclass=process
> > audit(1161247003.074:31): avc: denied { execmem
> } for pid=5953 comm="mplayer"
> scontext=user_u:system_r:unconfined_t:s0
> tcontext=user_u:system_r:unconfined_t:s0
> tclass=process
> > audit(1161247003.074:32): avc: denied { execmem
> } for pid=5953 comm="mplayer"
> scontext=user_u:system_r:unconfined_t:s0
> tcontext=user_u:system_r:unconfined_t:s0
> tclass=process
> > audit(1161247003.074:33): avc: denied { execmem
> } for pid=5953 comm="mplayer"
> scontext=user_u:system_r:unconfined_t:s0
> tcontext=user_u:system_r:unconfined_t:s0
> tclass=process
> > audit(1161247021.299:34): avc: denied { execmem
> } for pid=5956 comm="mplayer"
> scontext=user_u:system_r:unconfined_t:s0
> tcontext=user_u:system_r:unconfined_t:s0
> tclass=process
> > audit(1161247021.299:35): avc: denied { execmem
> } for pid=5956 comm="mplayer"
> scontext=user_u:system_r:unconfined_t:s0
> tcontext=user_u:system_r:unconfined_t:s0
> tclass=process
> > audit(1161247021.299:36): avc: denied { execmem
> } for pid=5956 comm="mplayer"
> scontext=user_u:system_r:unconfined_t:s0
> tcontext=user_u:system_r:unconfined_t:s0
> tclass=process
> > audit(1161247021.299:37): avc: denied { execmem
> } for pid=5956 comm="mplayer"
> scontext=user_u:system_r:unconfined_t:s0
> tcontext=user_u:system_r:unconfined_t:s0
> tclass=process
> > audit(1161247021.299:38): avc: denied { execmem
> } for pid=5956 comm="mplayer"
> scontext=user_u:system_r:unconfined_t:s0
> tcontext=user_u:system_r:unconfined_t:s0
> tclass=process
> > audit(1161247021.299:39): avc: denied { execmem
> } for pid=5956 comm="mplayer"
> scontext=user_u:system_r:unconfined_t:s0
> tcontext=user_u:system_r:unconfined_t:s0
> tclass=process
> > audit(1161247021.299:40): avc: denied { execmem
> } for pid=5956 comm="mplayer"
> scontext=user_u:system_r:unconfined_t:s0
> tcontext=user_u:system_r:unconfined_t:s0
> tclass=process
> > audit(1161247021.299:41): avc: denied { execmem
> } for pid=5956 comm="mplayer"
> scontext=user_u:system_r:unconfined_t:s0
> tcontext=user_u:system_r:unconfined_t:s0
> tclass=process
> >
> > I have tried audit2allow but returns the following
>
> >
> > [olivares at localhost ~]$ grep avc
> /var/log/audit/audit.log
=== message truncated ===
Thanks for helping. Now mplayer plugin works!!
[root at localhost ~]# chcon -t unconfined_execmem_exec_t
MPLAYERBINARY
chcon: MPLAYERBINARY: No such file or directory
[root at localhost ~]# ls -lZ /usr/bin/mplayer
ls: /usr/bin/mplayer: No such file or directory
[root at localhost ~]# which mplayer
/usr/local/bin/mplayer
[root at localhost ~]# ls -lZ /usr/local/bin/mplayer
-rwxr-xr-x root root system_u:object_r:bin_t
/usr/local/bin/mplayer
[root at localhost ~]# chcon -t unconfined_execmem_exec_t
/usr/local/bin/mplayer
[root at localhost ~]# ls -lZ /usr/local/bin/mplayer
-rwxr-xr-x root root
system_u:object_r:unconfined_execmem_exec_t
/usr/local/bin/mplayer
However, hald still shows up in dmesg
[olivares at localhost ~]$ dmesg
Linux version 2.6.18-1.2798.fc6
(brewbuilder at hs20-bc2-4.build.redhat.com) (gcc version
4.1.1 20061011 (Red Hat 4.1.1-30)) #1 SMP Mon Oct 16
14:37:32 EDT 2006
BIOS-provided physical RAM map:
BIOS-e820: 0000000000000000 - 000000000009fc00
(usable)
BIOS-e820: 000000000009fc00 - 00000000000a0000
(reserved)
BIOS-e820: 00000000000e0000 - 0000000000100000
(reserved)
BIOS-e820: 0000000000100000 - 000000001dfd0000
(usable)
BIOS-e820: 000000001dfd0000 - 000000001dfdf000 (ACPI
data)
BIOS-e820: 000000001dfdf000 - 000000001e000000 (ACPI
NVS)
BIOS-e820: 00000000fec00000 - 00000000fec01000
(reserved)
BIOS-e820: 00000000fee00000 - 00000000fee01000
(reserved)
BIOS-e820: 00000000ff7c0000 - 0000000100000000
(reserved)
0MB HIGHMEM available.
479MB LOWMEM available.
.......
SELinux: initialized (dev autofs, type autofs), uses
genfs_contexts
SELinux: initialized (dev autofs, type autofs), uses
genfs_contexts
audit(1161274398.870:4): avc: denied { name_bind }
for pid=2076 comm="hpiod" src=2208
scontext=system_u:system_r:hplip_t:s0
tcontext=system_u:object_r:port_t:s0 tclass=tcp_socket
eth0: no IPv6 routers present
audit(1161274403.915:5): avc: denied { search } for
pid=2234 comm="hald" name="irq" dev=proc
ino=-268435212 scontext=system_u:system_r:hald_t:s0
tcontext=system_u:object_r:sysctl_irq_t:s0 tclass=dir
audit(1161274403.915:6): avc: denied { search } for
pid=2234 comm="hald" name="irq" dev=proc
ino=-268435212 scontext=system_u:system_r:hald_t:s0
tcontext=system_u:object_r:sysctl_irq_t:s0 tclass=dir
audit(1161274403.915:7): avc: denied { search } for
pid=2234 comm="hald" name="irq" dev=proc
ino=-268435212 scontext=system_u:system_r:hald_t:s0
tcontext=system_u:object_r:sysctl_irq_t:s0 tclass=dir
audit(1161274403.915:8): avc: denied { search } for
pid=2234 comm="hald" name="irq" dev=proc
ino=-268435212 scontext=system_u:system_r:hald_t:s0
tcontext=system_u:object_r:sysctl_irq_t:s0 tclass=dir
audit(1161274403.915:9): avc: denied { search } for
pid=2234 comm="hald" name="irq" dev=proc
ino=-268435212 scontext=system_u:system_r:hald_t:s0
tcontext=system_u:object_r:sysctl_irq_t:s0 tclass=dir
how can I make it go away, or it is just a friendly
feature that won't hurt the computer.
Best Regards,
Antonio
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
More information about the fedora-selinux-list
mailing list