SELinux is preventing pidof (hotplug_t) "ptrace" to <Unknown>(hotplug_t)

Dan Thurman dant at cdkkt.com
Tue Jul 15 00:03:13 UTC 2008 

Daniel B. Thurman wrote:
>
> The most recent yum update changed, and I have no
> clue what this is. Obtained from the system logs.
>
> I get:
> sealert -l 3f210834-3d3f-4247-a909-cd1219519138
> ==========================================
> Summary:
>
> SELinux is preventing pidof (hotplug_t) "ptrace" to <Unknown> 
> (hotplug_t).
>
> Detailed Description:
>
> SELinux denied access requested by pidof. It is not expected that this
> access is
> required by pidof and this access may signal an intrusion attempt. It is
> also
> possible that the specific version or configuration of the application is
> causing it to require additional access.
>
> Allowing Access:
>
> You can generate a local policy module to allow this access - see FAQ
> (http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can
> disable
> SELinux protection altogether. Disabling SELinux protection is not
> recommended.
> Please file a bug report 
> (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
> against this package.
>
> Additional Information:
>
> Source Context                system_u:system_r:hotplug_t:s0
> Target Context                system_u:system_r:hotplug_t:s0
> Target Objects                None [ process ]
> Source                        pidof
> Source Path                   /sbin/killall5
> Port                          <Unknown>
> Host                          bronze.cdkkt.com
> Source RPM Packages           sysvinit-tools-2.86-24
> Target RPM Packages         
> Policy RPM                    selinux-policy-3.3.1-74.fc9
> Selinux Enabled               True
> Policy Type                   targeted
> MLS Enabled                   True
> Enforcing Mode                Enforcing
> Plugin Name                   catchall
> Host Name                     bronze.cdkkt.com
> Platform                      Linux bronze.cdkkt.com
> 2.6.25.9-76.fc9.i686 #1 SMP
>                               Fri Jun 27 16:14:35 EDT 2008 i686 i686
> Alert Count                   4
> First Seen                    Mon Jul 14 08:07:44 2008
> Last Seen                     Mon Jul 14 16:45:58 2008
> Local ID                      3f210834-3d3f-4247-a909-cd1219519138
> Line Numbers                
>
> Raw Audit Messages          
>
> host=bronze.cdkkt.com type=AVC msg=audit(1216079158.438:534): avc: 
> denied  { ptrace } for  pid=12710 comm="pidof"
> scontext=system_u:system_r:hotplug_t:s0
> tcontext=system_u:system_r:hotplug_t:s0 tclass=process
>
> host=bronze.cdkkt.com type=SYSCALL msg=audit(1216079158.438:534):
> arch=40000003 syscall=85 success=no exit=-13 a0=bfe68728 a1=a022ba8
> a2=1000 a3=bfe6862f items=0 ppid=12675 pid=12710 auid=4294967295 uid=0
> gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none)
> ses=4294967295 comm="pidof" exe="/sbin/killall5"
> subj=system_u:system_r:hotplug_t:s0 key=(null)
>
> -- 
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
>
Please disreard this message.  I think it was due to an unplugged 
Ethernet cable.
Dan

More information about the fedora-selinux-list mailing list