knotify4, NetworkManager (NetworkManager_t) "read write" unconfined_t., ..

Daniel J Walsh dwalsh at redhat.com
Sat Oct 25 10:26:04 UTC 2008


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Antonio Olivares wrote:
> Dear all(selinux experts and testers) ,
> 
> despite updating selinux-policy packages and relabeling, I am still seeing denied avcs from setroubleshoot 
> 
> Selinux preventing all of the above plus ip (ifconfig_t) "read write" unconfined_t :( 
> 
> Summary:
> 
> SELinux is preventing ip (ifconfig_t) "read write" unconfined_t.
> 
> Detailed Description:
> 
> SELinux denied access requested by ip. It is not expected that this access is
> required by ip and this access may signal an intrusion attempt. It is also
> possible that the specific version or configuration of the application is
> causing it to require additional access.
> 
> Allowing Access:
> 
> You can generate a local policy module to allow this access - see FAQ
> (http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable
> SELinux protection altogether. Disabling SELinux protection is not recommended.
> Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
> against this package.
> 
> Additional Information:
> 
> Source Context                unconfined_u:system_r:ifconfig_t
> Target Context                unconfined_u:unconfined_r:unconfined_t:SystemLow-
>                               SystemHigh
> Target Objects                socket [ unix_stream_socket ]
> Source                        ip
> Source Path                   /sbin/ip
> Port                          <Unknown>
> Host                          localhost.localdomain
> Source RPM Packages           iproute-2.6.26-1.fc10
> Target RPM Packages           
> Policy RPM                    selinux-policy-3.5.13-3.fc10
> Selinux Enabled               True
> Policy Type                   targeted
> MLS Enabled                   True
> Enforcing Mode                Enforcing
> Plugin Name                   catchall
> Host Name                     localhost.localdomain
> Platform                      Linux localhost.localdomain
>                               2.6.27.3-34.rc1.fc10.i686 #1 SMP Tue Oct 21
>                               01:39:53 EDT 2008 i686 i686
> Alert Count                   43
> First Seen                    Fri 24 Oct 2008 01:33:46 PM CDT
> Last Seen                     Fri 24 Oct 2008 01:33:53 PM CDT
> Local ID                      16290580-6020-4615-908e-c7b32e828a7a
> Line Numbers                  
> 
> Raw Audit Messages            
> 
> node=localhost.localdomain type=AVC msg=audit(1224873233.717:83): avc:  denied  { read write } for  pid=3912 comm="ip" path="socket:[11145]" dev=sockfs ino=11145 scontext=unconfined_u:system_r:ifconfig_t:s0 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=unix_stream_socket
> 
> node=localhost.localdomain type=AVC msg=audit(1224873233.717:83): avc:  denied  { read write } for  pid=3912 comm="ip" path="socket:[11145]" dev=sockfs ino=11145 scontext=unconfined_u:system_r:ifconfig_t:s0 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=unix_stream_socket
> 
> node=localhost.localdomain type=AVC msg=audit(1224873233.717:83): avc:  denied  { read write } for  pid=3912 comm="ip" path="socket:[11145]" dev=sockfs ino=11145 scontext=unconfined_u:system_r:ifconfig_t:s0 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=unix_stream_socket
> 
> node=localhost.localdomain type=AVC msg=audit(1224873233.717:83): avc:  denied  { read write } for  pid=3912 comm="ip" path="socket:[11145]" dev=sockfs ino=11145 scontext=unconfined_u:system_r:ifconfig_t:s0 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=unix_stream_socket
> 
> node=localhost.localdomain type=AVC msg=audit(1224873233.717:83): avc:  denied  { read write } for  pid=3912 comm="ip" path="socket:[11145]" dev=sockfs ino=11145 scontext=unconfined_u:system_r:ifconfig_t:s0 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=unix_stream_socket
> 
> node=localhost.localdomain type=SYSCALL msg=audit(1224873233.717:83): arch=40000003 syscall=11 success=yes exit=0 a0=9ddcb98 a1=9dadeb0 a2=9ddcd60 a3=0 items=0 ppid=3901 pid=3912 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 ses=1 comm="ip" exe="/sbin/ip" subj=unconfined_u:system_r:ifconfig_t:s0 key=(null)
> 
> 
> 
> Summary:
> 
> SELinux is preventing NetworkManager (NetworkManager_t) "read write"
> unconfined_t.
> 
> Detailed Description:
> 
> SELinux denied access requested by NetworkManager. It is not expected that this
> access is required by NetworkManager and this access may signal an intrusion
> attempt. It is also possible that the specific version or configuration of the
> application is causing it to require additional access.
> 
> Allowing Access:
> 
> You can generate a local policy module to allow this access - see FAQ
> (http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable
> SELinux protection altogether. Disabling SELinux protection is not recommended.
> Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
> against this package.
> 
> Additional Information:
> 
> Source Context                unconfined_u:system_r:NetworkManager_t
> Target Context                unconfined_u:unconfined_r:unconfined_t:SystemLow-
>                               SystemHigh
> Target Objects                socket [ unix_stream_socket ]
> Source                        NetworkManager
> Source Path                   /usr/sbin/NetworkManager
> Port                          <Unknown>
> Host                          localhost.localdomain
> Source RPM Packages           NetworkManager-0.7.0-0.11.svn4201.fc10
> Target RPM Packages           
> Policy RPM                    selinux-policy-3.5.13-3.fc10
> Selinux Enabled               True
> Policy Type                   targeted
> MLS Enabled                   True
> Enforcing Mode                Enforcing
> Plugin Name                   catchall
> Host Name                     localhost.localdomain
> Platform                      Linux localhost.localdomain
>                               2.6.27.3-34.rc1.fc10.i686 #1 SMP Tue Oct 21
>                               01:39:53 EDT 2008 i686 i686
> Alert Count                   1
> First Seen                    Fri 24 Oct 2008 01:35:56 PM CDT
> Last Seen                     Fri 24 Oct 2008 01:35:56 PM CDT
> Local ID                      6f715f57-6bca-45b3-aa02-dc34581b3423
> Line Numbers                  
> 
> Raw Audit Messages            
> 
> node=localhost.localdomain type=AVC msg=audit(1224873356.766:92): avc:  denied  { read write } for  pid=4004 comm="NetworkManager" path="socket:[11145]" dev=sockfs ino=11145 scontext=unconfined_u:system_r:NetworkManager_t:s0 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=unix_stream_socket
> 
> node=localhost.localdomain type=AVC msg=audit(1224873356.766:92): avc:  denied  { read write } for  pid=4004 comm="NetworkManager" path="socket:[11145]" dev=sockfs ino=11145 scontext=unconfined_u:system_r:NetworkManager_t:s0 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=unix_stream_socket
> 
> node=localhost.localdomain type=AVC msg=audit(1224873356.766:92): avc:  denied  { read write } for  pid=4004 comm="NetworkManager" path="socket:[11145]" dev=sockfs ino=11145 scontext=unconfined_u:system_r:NetworkManager_t:s0 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=unix_stream_socket
> 
> node=localhost.localdomain type=AVC msg=audit(1224873356.766:92): avc:  denied  { read write } for  pid=4004 comm="NetworkManager" path="socket:[11145]" dev=sockfs ino=11145 scontext=unconfined_u:system_r:NetworkManager_t:s0 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=unix_stream_socket
> 
> node=localhost.localdomain type=AVC msg=audit(1224873356.766:92): avc:  denied  { read write } for  pid=4004 comm="NetworkManager" path="socket:[11145]" dev=sockfs ino=11145 scontext=unconfined_u:system_r:NetworkManager_t:s0 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=unix_stream_socket
> 
> node=localhost.localdomain type=SYSCALL msg=audit(1224873356.766:92): arch=40000003 syscall=11 success=yes exit=0 a0=8642bd8 a1=8642a20 a2=8642ee8 a3=0 items=0 ppid=4003 pid=4004 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 ses=1 comm="NetworkManager" exe="/usr/sbin/NetworkManager" subj=unconfined_u:system_r:NetworkManager_t:s0 key=(null)
> 
> 
> Summary:
> 
> SELinux is preventing knotify4 from making the program stack executable.
> 
> Detailed Description:
> 
> The knotify4 application attempted to make its stack executable. This is a
> potential security problem. This should never ever be necessary. Stack memory is
> not executable on most OSes these days and this will not change. Executable
> stack memory is one of the biggest security problems. An execstack error might
> in fact be most likely raised by malicious code. Applications are sometimes
> coded incorrectly and request this permission. The SELinux Memory Protection
> Tests (http://people.redhat.com/drepper/selinux-mem.html) web page explains how
> to remove this requirement. If knotify4 does not work and you need it to work,
> you can configure SELinux temporarily to allow this access until the application
> is fixed. Please file a bug report
> (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) against this package.
> 
> Allowing Access:
> 
> Sometimes a library is accidentally marked with the execstack flag, if you find
> a library with this flag you can clear it with the execstack -c LIBRARY_PATH.
> Then retry your application. If the app continues to not work, you can turn the
> flag back on with execstack -s LIBRARY_PATH. Otherwise, if you trust knotify4 to
> run correctly, you can change the context of the executable to
> unconfined_execmem_exec_t. "chcon -t unconfined_execmem_exec_t
> '/usr/bin/knotify4'" You must also change the default file context files on the
> system in order to preserve them even on a full relabel. "semanage fcontext -a
> -t unconfined_execmem_exec_t '/usr/bin/knotify4'"
> 
> Fix Command:
> 
> chcon -t unconfined_execmem_exec_t '/usr/bin/knotify4'
> 
> Additional Information:
> 
> Source Context                unconfined_u:unconfined_r:unconfined_t:SystemLow-
>                               SystemHigh
> Target Context                unconfined_u:unconfined_r:unconfined_t:SystemLow-
>                               SystemHigh
> Target Objects                None [ process ]
> Source                        nspluginscan
> Source Path                   /usr/bin/nspluginscan
> Port                          <Unknown>
> Host                          localhost.localdomain
> Source RPM Packages           kdebase-runtime-4.1.2-5.fc10
> Target RPM Packages           
> Policy RPM                    selinux-policy-3.5.13-5.fc10
> Selinux Enabled               True
> Policy Type                   targeted
> MLS Enabled                   True
> Enforcing Mode                Enforcing
> Plugin Name                   allow_execstack
> Host Name                     localhost.localdomain
> Platform                      Linux localhost.localdomain 2.6.27.3-39.fc10.i686
>                               #1 SMP Wed Oct 22 21:35:19 EDT 2008 i686 i686
> Alert Count                   38
> First Seen                    Mon 28 Jul 2008 10:50:50 PM CDT
> Last Seen                     Fri 24 Oct 2008 03:15:46 PM CDT
> Local ID                      d1193200-ba21-44ee-bdf0-5b24a80cdb04
> Line Numbers                  
> 
> Raw Audit Messages            
> 
> node=localhost.localdomain type=AVC msg=audit(1224879346.180:21): avc:  denied  { execstack } for  pid=2823 comm="knotify4" scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=process
> 
> node=localhost.localdomain type=SYSCALL msg=audit(1224879346.180:21): arch=40000003 syscall=125 success=no exit=-13 a0=bfdef000 a1=1000 a2=1000007 a3=fffff000 items=0 ppid=1 pid=2823 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) ses=1 comm="knotify4" exe="/usr/bin/knotify4" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null)
> 
> 
> Summary:
> 
> SELinux is preventing dhclient (dhcpc_t) "read write" unconfined_t.
> 
> Detailed Description:
> 
> SELinux denied access requested by dhclient. It is not expected that this access
> is required by dhclient and this access may signal an intrusion attempt. It is
> also possible that the specific version or configuration of the application is
> causing it to require additional access.
> 
> Allowing Access:
> 
> You can generate a local policy module to allow this access - see FAQ
> (http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable
> SELinux protection altogether. Disabling SELinux protection is not recommended.
> Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
> against this package.
> 
> Additional Information:
> 
> Source Context                unconfined_u:system_r:dhcpc_t:SystemLow-SystemHigh
> Target Context                unconfined_u:unconfined_r:unconfined_t:SystemLow-
>                               SystemHigh
> Target Objects                socket [ unix_stream_socket ]
> Source                        dhclient
> Source Path                   /sbin/dhclient
> Port                          <Unknown>
> Host                          localhost.localdomain
> Source RPM Packages           dhclient-4.0.0-30.fc10
> Target RPM Packages           
> Policy RPM                    selinux-policy-3.5.13-5.fc10
> Selinux Enabled               True
> Policy Type                   targeted
> MLS Enabled                   True
> Enforcing Mode                Enforcing
> Plugin Name                   catchall
> Host Name                     localhost.localdomain
> Platform                      Linux localhost.localdomain 2.6.27.3-39.fc10.i686
>                               #1 SMP Wed Oct 22 21:35:19 EDT 2008 i686 i686
> Alert Count                   2
> First Seen                    Fri 24 Oct 2008 01:45:01 PM CDT
> Last Seen                     Fri 24 Oct 2008 03:17:34 PM CDT
> Local ID                      4c789a6b-2778-4d68-bb82-4fa4b8547db5
> Line Numbers                  
> 
> Raw Audit Messages            
> 
> node=localhost.localdomain type=AVC msg=audit(1224879454.396:26): avc:  denied  { read write } for  pid=3115 comm="dhclient" path="socket:[10645]" dev=sockfs ino=10645 scontext=unconfined_u:system_r:dhcpc_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=unix_stream_socket
> 
> node=localhost.localdomain type=AVC msg=audit(1224879454.396:26): avc:  denied  { read write } for  pid=3115 comm="dhclient" path="socket:[10645]" dev=sockfs ino=10645 scontext=unconfined_u:system_r:dhcpc_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=unix_stream_socket
> 
> node=localhost.localdomain type=AVC msg=audit(1224879454.396:26): avc:  denied  { read write } for  pid=3115 comm="dhclient" path="socket:[10645]" dev=sockfs ino=10645 scontext=unconfined_u:system_r:dhcpc_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=unix_stream_socket
> 
> node=localhost.localdomain type=AVC msg=audit(1224879454.396:26): avc:  denied  { read write } for  pid=3115 comm="dhclient" path="socket:[10645]" dev=sockfs ino=10645 scontext=unconfined_u:system_r:dhcpc_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=unix_stream_socket
> 
> node=localhost.localdomain type=SYSCALL msg=audit(1224879454.396:26): arch=40000003 syscall=11 success=yes exit=0 a0=96aa660 a1=96aa6d0 a2=96a4b68 a3=0 items=0 ppid=3066 pid=3115 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 ses=1 comm="dhclient" exe="/sbin/dhclient" subj=unconfined_u:system_r:dhcpc_t:s0-s0:c0.c1023 key=(null)
> 
> 
> 
> I had a very difficult time updating this machine because i could not get a connection.  
> 
> [olivares at localhost ~]$ su -
> Password:                   
> [root at localhost ~]# ifconfig -a
> eth0      Link encap:Ethernet  HWaddr 00:00:00:00:00:00  
>           BROADCAST MULTICAST  MTU:1500  Metric:1        
>           RX packets:0 errors:0 dropped:0 overruns:0 frame:0
>           TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
>           collisions:0 txqueuelen:1000                        
>           RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)              
>           Interrupt:18 Base address:0xe000                    
> 
> lo        Link encap:Local Loopback  
>           inet addr:127.0.0.1  Mask:255.0.0.0
>           inet6 addr: ::1/128 Scope:Host     
>           UP LOOPBACK RUNNING  MTU:16436  Metric:1
>           RX packets:32 errors:0 dropped:0 overruns:0 frame:0
>           TX packets:32 errors:0 dropped:0 overruns:0 carrier:0
>           collisions:0 txqueuelen:0                            
>           RX bytes:1760 (1.7 KiB)  TX bytes:1760 (1.7 KiB)     
> 
> pan0      Link encap:Ethernet  HWaddr 36:F3:C2:B0:9B:46  
>           BROADCAST MULTICAST  MTU:1500  Metric:1        
>           RX packets:0 errors:0 dropped:0 overruns:0 frame:0
>           TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
>           collisions:0 txqueuelen:0                           
>           RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)              
> 
> wlan0     Link encap:Ethernet  HWaddr 00:16:E3:F3:09:DB  
>           UP BROADCAST MULTICAST  MTU:1500  Metric:1     
>           RX packets:0 errors:0 dropped:0 overruns:0 frame:0
>           TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
>           collisions:0 txqueuelen:1000                        
>           RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)              
> 
> wmaster0  Link encap:UNSPEC  HWaddr 00-16-E3-F3-09-DB-F4-EF-00-00-00-00-00-00-00-00                                                                             
>           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1                    
>           RX packets:0 errors:0 dropped:0 overruns:0 frame:0                    
>           TX packets:0 errors:0 dropped:0 overruns:0 carrier:0                  
>           collisions:0 txqueuelen:1000                                          
>           RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)                                
> 
> [root at localhost ~]# ifconfig -a | more
> eth0      Link encap:Ethernet  HWaddr 00:00:00:00:00:00  
>           BROADCAST MULTICAST  MTU:1500  Metric:1        
>           RX packets:0 errors:0 dropped:0 overruns:0 frame:0
>           TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
>           collisions:0 txqueuelen:1000                        
>           RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)              
>           Interrupt:18 Base address:0xe000                    
> 
> lo        Link encap:Local Loopback  
>           inet addr:127.0.0.1  Mask:255.0.0.0
>           inet6 addr: ::1/128 Scope:Host     
>           UP LOOPBACK RUNNING  MTU:16436  Metric:1
>           RX packets:32 errors:0 dropped:0 overruns:0 frame:0
>           TX packets:32 errors:0 dropped:0 overruns:0 carrier:0
>           collisions:0 txqueuelen:0                            
>           RX bytes:1760 (1.7 KiB)  TX bytes:1760 (1.7 KiB)     
> 
> pan0      Link encap:Ethernet  HWaddr 36:F3:C2:B0:9B:46  
>           BROADCAST MULTICAST  MTU:1500  Metric:1        
>           RX packets:0 errors:0 dropped:0 overruns:0 frame:0
> [root at localhost ~]# dhclient eth0                           
> Nothing to flush.                                           
> PING 10.154.19.1 (10.154.19.1) from 10.154.19.179 eth0: 56(84) bytes of data.
> 
> --- 10.154.19.1 ping statistics ---
> 4 packets transmitted, 0 received, +3 errors, 100% packet loss, time 3000ms
> pipe 3                                                                     
> [root at localhost ~]# ifconfig -a | more
> eth0      Link encap:Ethernet  HWaddr 00:00:00:00:00:00  
>           BROADCAST MULTICAST  MTU:1500  Metric:1        
>           RX packets:0 errors:0 dropped:0 overruns:0 frame:0
>           TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
>           collisions:0 txqueuelen:1000                        
>           RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)              
>           Interrupt:18 Base address:0xe000                    
> 
> lo        Link encap:Local Loopback  
>           inet addr:127.0.0.1  Mask:255.0.0.0
>           inet6 addr: ::1/128 Scope:Host     
>           UP LOOPBACK RUNNING  MTU:16436  Metric:1
>           RX packets:35 errors:0 dropped:0 overruns:0 frame:0
>           TX packets:35 errors:0 dropped:0 overruns:0 carrier:0
>           collisions:0 txqueuelen:0                            
>           RX bytes:2096 (2.0 KiB)  TX bytes:2096 (2.0 KiB)     
> 
> pan0      Link encap:Ethernet  HWaddr 36:F3:C2:B0:9B:46  
>           BROADCAST MULTICAST  MTU:1500  Metric:1        
>           RX packets:0 errors:0 dropped:0 overruns:0 frame:0
> 
> 
> I had to change the mac address of the machine to another one that could get access so that I could apply the updates.
> 
> First one knotify is a bug that I have reported:
> 
> https://bugzilla.redhat.com/show_bug.cgi?id=467210
> 
> but was closed because it was not an selinux bug, who has the hot potato now?  I keep seeing this on two of my three machines :(  
> Has someone else seen this?  
> 
> Thanks,
> 
> Antonio 
> 
> 
> 
>       
> 
The unix_stream_socket is a leaked file descriptor.

node=localhost.localdomain type=AVC msg=audit(1224873233.717:83): avc:
denied  { read write } for  pid=3912 comm="ip" path="socket:[11145]"
dev=sockfs ino=11145 scontext=unconfined_u:system_r:ifconfig_t:s0
tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
tclass=unix_stream_socket

These can be dontaudited or allowed using

# grep ifconfig /var/log/audit/audit.log | audit2allow -m mypol
# semodule -i mypol.pp

Probably a bug in one of the kde routines that should be calling
fcntl(fd, F_SETFD, FD_CLOEXEC) before executing the script to bring up
the network.

The execstack one is caused by nvidia library?  Do you have a libGL on
the system somewhere which is causing this.  I think you will have to
turn on the allow_execstack boolean to get this one to go away, or
remove the proprietary software.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkkC9DwACgkQrlYvE4MpobNKlQCfTmGPlBluyLvIW/3Is0MaDSFT
b50AnRvmGC8OMNp2uRRY0otv603FO6KQ
=GQN1
-----END PGP SIGNATURE-----




More information about the fedora-selinux-list mailing list