F9: gam_server

Daniel J Walsh dwalsh at redhat.com
Mon Jul 14 13:05:27 UTC 2008 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Dan Thurman wrote:
> Again, more issues. Suggested fix?
> ============================
> Summary:
> 
> SELinux is preventing gam_server (gamin_t) "dac_override" to <Unknown>
> (gamin_t).
> 
> Detailed Description:
> 
> SELinux denied access requested by gam_server. It is not expected that this
> access is required by gam_server and this access may signal an intrusion
> attempt. It is also possible that the specific version or configuration
> of the
> application is causing it to require additional access.
> 
> Allowing Access:
> 
> You can generate a local policy module to allow this access - see FAQ
> (http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can
> disable
> SELinux protection altogether. Disabling SELinux protection is not
> recommended.
> Please file a bug report
> (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
> against this package.
> 
> Additional Information:
> 
> Source Context                system_u:system_r:gamin_t:s0
> Target Context                system_u:system_r:gamin_t:s0
> Target Objects                None [ capability ]
> Source                        gam_server
> Source Path                   /usr/libexec/gam_server
> Port                          <Unknown>
> Host                          bronze.cdkkt.com
> Source RPM Packages           gamin-0.1.9-5.fc9
> Target RPM Packages           Policy RPM                   
> selinux-policy-3.3.1-74.fc9
> Selinux Enabled               True
> Policy Type                   targeted
> MLS Enabled                   True
> Enforcing Mode                Enforcing
> Plugin Name                   catchall
> Host Name                     bronze.cdkkt.com
> Platform                      Linux bronze.cdkkt.com
> 2.6.25.9-76.fc9.i686 #1 SMP
>                              Fri Jun 27 16:14:35 EDT 2008 i686 i686
> Alert Count                   20
> First Seen                    Thu 10 Jul 2008 10:35:43 AM PDT
> Last Seen                     Thu 10 Jul 2008 11:11:40 AM PDT
> Local ID                      5eb1bf77-5c10-4071-9892-bac42ca11adb
> Line Numbers                 
> Raw Audit Messages           
> host=bronze.cdkkt.com type=AVC msg=audit(1215713500.169:272): avc: 
> denied  { dac_override } for  pid=11637 comm="gam_server" capability=1
> scontext=system_u:system_r:gamin_t:s0
> tcontext=system_u:system_r:gamin_t:s0 tclass=capability
> 
> host=bronze.cdkkt.com type=AVC msg=audit(1215713500.169:272): avc: 
> denied  { dac_read_search } for  pid=11637 comm="gam_server"
> capability=2 scontext=system_u:system_r:gamin_t:s0
> tcontext=system_u:system_r:gamin_t:s0 tclass=capability
> 
> host=bronze.cdkkt.com type=SYSCALL msg=audit(1215713500.169:272):
> arch=40000003 syscall=33 success=no exit=-13 a0=96ca580 a1=0 a2=4b9264
> a3=10 items=0 ppid=1 pid=11637 auid=4294967295 uid=0 gid=0 euid=0 suid=0
> fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295
> comm="gam_server" exe="/usr/libexec/gam_server"
> subj=system_u:system_r:gamin_t:s0 key=(null)
> 
> 
> -- 
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
This is a bad domain and will be fixed in the next update.  For now it
is probably best to just relabel the gamin_exec_t to bin_t and stop the
transition.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkh7TxYACgkQrlYvE4MpobMZoACgxpQqu7e/wSNBUJ6eNtmmR/yG
28cAoLpvykovrTIrThMTTGWdNMVWLAiR
=ArZ/
-----END PGP SIGNATURE-----

More information about the fedora-selinux-list mailing list