SELinux is preventing perl (logwatch_t) "execute_no_trans" to /sbin/ifconfig, (ifconfig_exec_t).

Daniel J Walsh dwalsh at redhat.com
Mon Nov 17 15:21:29 UTC 2008


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Frank Murphy wrote:
> SELinux is preventing perl (logwatch_t) "execute_no_trans" to /sbin/ifconfig
> (ifconfig_exec_t).
> 
> Detailed Description:
> 
> SELinux denied access requested by perl. It is not expected that this
> access is
> required by perl and this access may signal an intrusion attempt. It is also
> possible that the specific version or configuration of the application is
> causing it to require additional access.
> 
> Allowing Access:
> 
> Sometimes labeling problems can cause SELinux denials. You could try to
> restore
> the default system file context for /sbin/ifconfig,
> 
> restorecon -v '/sbin/ifconfig'
> 
> If this does not work, there is currently no automatic way to allow this
> access.
> Instead, you can generate a local policy module to allow this access -
> see FAQ
> (http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can
> disable
> SELinux protection altogether. Disabling SELinux protection is not
> recommended.
> Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
> against this package.
> 
> Additional Information:
> 
> Source Context                system_u:system_r:logwatch_t:s0
> Target Context                system_u:object_r:ifconfig_exec_t:s0
> Target Objects                /sbin/ifconfig [ file ]
> Source                        perl
> Source Path                   /usr/bin/perl
> Port                          <Unknown>
> Host                          frank-01
> Source RPM Packages           perl-5.10.0-49.fc10
> Target RPM Packages           net-tools-1.60-91.fc10
> Policy RPM                    selinux-policy-3.5.13-18.fc10
> Selinux Enabled               True
> Policy Type                   targeted
> MLS Enabled                   True
> Enforcing Mode                Enforcing
> Plugin Name                   catchall_file
> Host Name                     frank-01
> Platform                      Linux frank-01 2.6.27.5-101.fc10.i686 #1
> SMP Wed
>                               Nov 12 00:50:43 EST 2008 i686 i686
> Alert Count                   3
> First Seen                    Thu 13 Nov 2008 09:29:27 GMT
> Last Seen                     Sat 15 Nov 2008 08:19:22 GMT
> Local ID                      a75e0d31-b307-4710-8ad1-2185f020504d
> Line Numbers
> 
> Raw Audit Messages
> 
> node=frank-01 type=AVC msg=audit(1226737162.411:32): avc:  denied  {
> execute_no_trans } for  pid=4097 comm="perl" path="/sbin/ifconfig"
> dev=dm-0 ino=4322 scontext=system_u:system_r:logwatch_t:s0
> tcontext=system_u:object_r:ifconfig_exec_t:s0 tclass=file
> 
> node=frank-01 type=SYSCALL msg=audit(1226737162.411:32): arch=40000003
> syscall=11 success=no exit=-13 a0=9e01ebc a1=9eaa2a4 a2=bfb79fc0
> a3=bfb79958 items=0 ppid=4096 pid=4097 auid=4294967295 uid=0 gid=0
> euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295
> comm="perl" exe="/usr/bin/perl" subj=system_u:system_r:logwatch_t:s0
> key=(null)
> 
> --
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
Do you know what script logwatch is trying to restart?

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkkhi/kACgkQrlYvE4MpobP+IACfVm0lKQURgySUk9aGlAooQsyG
diYAoKQ+lGDiWAo4F6KTGvZubEzrsZVt
=g5LE
-----END PGP SIGNATURE-----




More information about the fedora-selinux-list mailing list