SELinux is preventing /sbin/ip (ifconfig_t) "write" to pipe (unconfined_t).
Antonio Olivares
olivares14031 at yahoo.com
Wed Oct 3 23:23:42 UTC 2007
Summary
SELinux is preventing /sbin/ip (ifconfig_t)
"write" to pipe (unconfined_t).
Detailed Description
SELinux denied access requested by /sbin/ip. It is
not expected that this
access is required by /sbin/ip and this access may
signal an intrusion
attempt. It is also possible that the specific
version or configuration of
the application is causing it to require
additional access.
Allowing Access
You can generate a local policy module to allow
this access - see
http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385
Or you can disable
SELinux protection altogether. Disabling SELinux
protection is not
recommended. Please file a
http://bugzilla.redhat.com/bugzilla/enter_bug.cgi
against this package.
Additional Information
Source Context
system_u:system_r:ifconfig_t
Target Context
system_u:system_r:unconfined_t
Target Objects pipe [ fifo_file ]
Affected RPM Packages iproute-2.6.22-2.fc8
[application]
Policy RPM
selinux-policy-3.0.8-14.fc8
Selinux Enabled True
Policy Type targeted
MLS Enabled True
Enforcing Mode Enforcing
Plugin Name plugins.catchall
Host Name localhost.localdomain
Platform Linux
localhost.localdomain
2.6.23-0.214.rc8.git2.fc8 #1 SMP Fri Sep 28
17:38:00 EDT 2007 i686
i686
Alert Count 14
First Seen Wed 26 Sep 2007 06:34:54
PM CDT
Last Seen Wed 03 Oct 2007 06:18:53
PM CDT
Local ID
d0527712-8653-4588-9f61-e20604d839bf
Line Numbers
Raw Audit Messages
avc: denied { write } for comm=ip dev=pipefs egid=0
euid=0 exe=/sbin/ip exit=0
fsgid=0 fsuid=0 gid=0 items=0 path=pipe:[12268]
pid=3166
scontext=system_u:system_r:ifconfig_t:s0 sgid=0
subj=system_u:system_r:ifconfig_t:s0 suid=0
tclass=fifo_file
tcontext=system_u:system_r:unconfined_t:s0 tty=(none)
uid=0
Summary
SELinux is preventing /sbin/consoletype
(consoletype_t) "write" to pipe
(unconfined_t).
Detailed Description
SELinux denied access requested by
/sbin/consoletype. It is not expected
that this access is required by /sbin/consoletype
and this access may signal
an intrusion attempt. It is also possible that the
specific version or
configuration of the application is causing it to
require additional access.
Allowing Access
You can generate a local policy module to allow
this access - see
http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385
Or you can disable
SELinux protection altogether. Disabling SELinux
protection is not
recommended. Please file a
http://bugzilla.redhat.com/bugzilla/enter_bug.cgi
against this package.
Additional Information
Source Context
system_u:system_r:consoletype_t
Target Context
system_u:system_r:unconfined_t
Target Objects pipe [ fifo_file ]
Affected RPM Packages initscripts-8.56-1
[application]
Policy RPM
selinux-policy-3.0.8-14.fc8
Selinux Enabled True
Policy Type targeted
MLS Enabled True
Enforcing Mode Enforcing
Plugin Name plugins.catchall
Host Name localhost.localdomain
Platform Linux
localhost.localdomain
2.6.23-0.214.rc8.git2.fc8 #1 SMP Fri Sep 28
17:38:00 EDT 2007 i686
i686
Alert Count 18
First Seen Wed 26 Sep 2007 06:34:54
PM CDT
Last Seen Wed 03 Oct 2007 06:18:53
PM CDT
Local ID
a29d7946-1930-4194-8c71-7edfbf95f972
Line Numbers
Raw Audit Messages
avc: denied { write } for comm=consoletype dev=pipefs
egid=0 euid=0
exe=/sbin/consoletype exit=0 fsgid=0 fsuid=0 gid=0
items=0 path=pipe:[12164]
pid=3131 scontext=system_u:system_r:consoletype_t:s0
sgid=0
subj=system_u:system_r:consoletype_t:s0 suid=0
tclass=fifo_file
tcontext=system_u:system_r:unconfined_t:s0 tty=(none)
uid=0
____________________________________________________________________________________
Yahoo! oneSearch: Finally, mobile search
that gives answers, not web links.
http://mobile.yahoo.com/mobileweb/onesearch?refer=1ONXIC
More information about the fedora-selinux-list
mailing list