rawhide yum denied for transition bootloader_t, two alerts
Andrew Farris
lordmorgul at gmail.com
Mon Mar 17 10:14:26 UTC 2008
These happen on two machines during updates, I'm also noticing many
%post scriptlets failing when these pop up, though I don't know if
they are related or not.
Summary:
SELinux is preventing yum (bootloader_t) "transition" to /sbin/ldconfig
(rpm_script_t).
Detailed Description:
SELinux denied access requested by yum. It is not expected that this access is
required by yum and this access may signal an intrusion attempt. It is also
possible that the specific version or configuration of the application is
causing it to require additional access.
Allowing Access:
You can generate a local policy module to allow this access - see FAQ
(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable
SELinux protection altogether. Disabling SELinux protection is not recommended.
Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
against this package.
Additional Information:
Source Context user_u:system_r:bootloader_t:s0
Target Context user_u:system_r:rpm_script_t:s0
Target Objects /sbin/ldconfig [ process ]
Source yum
Source Path /usr/bin/python
Port <Unknown>
Host durthangnix
Source RPM Packages python-2.5.1-23.fc9
Target RPM Packages glibc-2.7.90-9
Policy RPM selinux-policy-3.3.1-14.fc9
Selinux Enabled True
Policy Type targeted
MLS Enabled True
Enforcing Mode Enforcing
Plugin Name catchall
Host Name durthangnix
Platform Linux durthangnix 2.6.25-0.105.rc5.fc9 #1 SMP Mon
Mar 10 20:59:23 EDT 2008 x86_64 x86_64
Alert Count 35
First Seen Thu 13 Mar 2008 11:19:15 PM PDT
Last Seen Thu 13 Mar 2008 11:32:48 PM PDT
Local ID 36d70abc-d12d-42f2-96bf-ab7250e29da1
Line Numbers
Raw Audit Messages
host=durthangnix type=AVC msg=audit(1205476368.460:1339): avc: denied
{ transition } for pid=28100 comm="yum" path="/sbin/ldconfig"
dev=sda3 ino=858775 scontext=user_u:system_r:bootloader_t:s0
tcontext=user_u:system_r:rpm_script_t:s0 tclass=process
host=durthangnix type=SYSCALL msg=audit(1205476368.460:1339):
arch=c000003e syscall=59 success=no exit=-13 a0=7ff2034c2aca
a1=7fff1bd22350 a2=7ff20aa927d0 a3=3b8896c9f0 items=0 ppid=27144
pid=28100 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0
fsgid=0 tty=pts1 ses=4 comm="yum" exe="/usr/bin/python"
subj=user_u:system_r:bootloader_t:s0 key=(null)
Summary:
SELinux is preventing yum (bootloader_t) "transition" to /bin/bash
(rpm_script_t).
Detailed Description:
SELinux denied access requested by yum. It is not expected that this access is
required by yum and this access may signal an intrusion attempt. It is also
possible that the specific version or configuration of the application is
causing it to require additional access.
Allowing Access:
You can generate a local policy module to allow this access - see FAQ
(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable
SELinux protection altogether. Disabling SELinux protection is not recommended.
Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
against this package.
Additional Information:
Source Context user_u:system_r:bootloader_t:s0
Target Context user_u:system_r:rpm_script_t:s0
Target Objects /bin/bash [ process ]
Source rpm
Source Path /bin/rpm
Port <Unknown>
Host durthangnix
Source RPM Packages python-2.5.1-23.fc9
Target RPM Packages bash-3.2-21.fc9
Policy RPM selinux-policy-3.3.1-14.fc9
Selinux Enabled True
Policy Type targeted
MLS Enabled True
Enforcing Mode Enforcing
Plugin Name catchall
Host Name durthangnix
Platform Linux durthangnix 2.6.25-0.105.rc5.fc9 #1 SMP Mon
Mar 10 20:59:23 EDT 2008 x86_64 x86_64
Alert Count 48
First Seen Thu 13 Mar 2008 10:00:05 AM PDT
Last Seen Thu 13 Mar 2008 11:32:48 PM PDT
Local ID 75a34bf7-d467-444b-bfb4-9a931b3af238
Line Numbers
Raw Audit Messages
host=durthangnix type=AVC msg=audit(1205476368.64:1338): avc: denied
{ transition } for pid=28099 comm="yum" path="/bin/bash" dev=sda3
ino=835647 scontext=user_u:system_r:bootloader_t:s0
tcontext=user_u:system_r:rpm_script_t:s0 tclass=process
host=durthangnix type=SYSCALL msg=audit(1205476368.64:1338):
arch=c000003e syscall=59 success=no exit=-13 a0=7ff20063e90d
a1=7fff1bd22350 a2=7ff20aa927d0 a3=3b8896c9f0 items=0 ppid=27144
pid=28099 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0
fsgid=0 tty=pts1 ses=4 comm="yum" exe="/usr/bin/python"
subj=user_u:system_r:bootloader_t:s0 key=(null)
--
--
Andrew Farris <lordmorgul at gmail.com> www.lordmorgul.net
gpg 0xC99B1DF3 fingerprint CDEC 6FAD BA27 40DF 707E A2E0 F0F6 E622 C99B 1DF3
No one now has, and no one will ever again get, the big picture. - Daniel Geer
---- ----
More information about the fedora-selinux-list
mailing list