avcs on rawhide new and old one
Daniel J Walsh
dwalsh at redhat.com
Tue Mar 3 14:46:58 UTC 2009
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Antonio Olivares wrote:
>
>
>
> Summary:
>
> SELinux is preventing crontab (admin_crontab_t) "read write" unconfined_t.
>
> Detailed Description:
>
> SELinux denied access requested by crontab. It is not expected that this access
> is required by crontab and this access may signal an intrusion attempt. It is
> also possible that the specific version or configuration of the application is
> causing it to require additional access.
>
> Allowing Access:
>
> You can generate a local policy module to allow this access - see FAQ
> (http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable
> SELinux protection altogether. Disabling SELinux protection is not recommended.
> Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
> against this package.
>
> Additional Information:
>
> Source Context unconfined_u:unconfined_r:admin_crontab_t:s0-s0:c0
> .c1023
> Target Context unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1
> 023
> Target Objects socket [ unix_stream_socket ]
> Source crontab
> Source Path /usr/bin/crontab
> Port <Unknown>
> Host riohigh
> Source RPM Packages cronie-1.2-6.fc11
> Target RPM Packages
> Policy RPM selinux-policy-3.6.6-8.fc11
> Selinux Enabled True
> Policy Type targeted
> MLS Enabled True
> Enforcing Mode Enforcing
> Plugin Name catchall
> Host Name riohigh
> Platform Linux riohigh 2.6.29-0.176.rc6.git5.fc11.i586 #1
> SMP Sat Feb 28 20:51:15 EST 2009 i686 athlon
> Alert Count 16
> First Seen Mon 02 Mar 2009 07:11:37 PM CST
> Last Seen Mon 02 Mar 2009 07:11:39 PM CST
> Local ID 3883b140-4d39-40f5-9262-ce2c4c4e2e16
> Line Numbers
>
> Raw Audit Messages
>
> node=riohigh type=AVC msg=audit(1236042699.560:325): avc: denied { read write } for pid=7023 comm="crontab" path="socket:[15740]" dev=sockfs ino=15740 scontext=unconfined_u:unconfined_r:admin_crontab_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=unix_stream_socket
>
> node=riohigh type=AVC msg=audit(1236042699.560:325): avc: denied { read write } for pid=7023 comm="crontab" path="socket:[15509]" dev=sockfs ino=15509 scontext=unconfined_u:unconfined_r:admin_crontab_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=unix_stream_socket
>
> node=riohigh type=AVC msg=audit(1236042699.560:325): avc: denied { read write } for pid=7023 comm="crontab" path="socket:[15509]" dev=sockfs ino=15509 scontext=unconfined_u:unconfined_r:admin_crontab_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=unix_stream_socket
>
> node=riohigh type=AVC msg=audit(1236042699.560:325): avc: denied { read write } for pid=7023 comm="crontab" path="socket:[15509]" dev=sockfs ino=15509 scontext=unconfined_u:unconfined_r:admin_crontab_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=unix_stream_socket
>
> node=riohigh type=AVC msg=audit(1236042699.560:325): avc: denied { read write } for pid=7023 comm="crontab" path="socket:[15509]" dev=sockfs ino=15509 scontext=unconfined_u:unconfined_r:admin_crontab_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=unix_stream_socket
>
> node=riohigh type=AVC msg=audit(1236042699.560:325): avc: denied { read write } for pid=7023 comm="crontab" path="socket:[15509]" dev=sockfs ino=15509 scontext=unconfined_u:unconfined_r:admin_crontab_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=unix_stream_socket
>
> node=riohigh type=AVC msg=audit(1236042699.560:325): avc: denied { read write } for pid=7023 comm="crontab" path="socket:[15509]" dev=sockfs ino=15509 scontext=unconfined_u:unconfined_r:admin_crontab_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=unix_stream_socket
>
> node=riohigh type=AVC msg=audit(1236042699.560:325): avc: denied { read write } for pid=7023 comm="crontab" path="socket:[15509]" dev=sockfs ino=15509 scontext=unconfined_u:unconfined_r:admin_crontab_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=unix_stream_socket
>
> node=riohigh type=SYSCALL msg=audit(1236042699.560:325): arch=40000003 syscall=11 success=yes exit=0 a0=9756cc8 a1=9765140 a2=9750a18 a3=9765140 items=0 ppid=6988 pid=7023 auid=500 uid=500 gid=500 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts4 ses=1 comm="crontab" exe="/usr/bin/crontab" subj=unconfined_u:unconfined_r:admin_crontab_t:s0-s0:c0.c1023 key=(null)
>
>
>
> Summary:
>
> SELinux prevented kde4-config from writing .kde.
>
> Detailed Description:
>
> SELinux prevented kde4-config from writing .kde. If .kde is a core file, you may
> want to allow this. If .kde is not a core file, this could signal a intrusion
> attempt.
>
> Allowing Access:
>
> Changing the "allow_daemons_dump_core" boolean to true will allow this access:
> "setsebool -P allow_daemons_dump_core=1."
>
> Fix Command:
>
> setsebool -P allow_daemons_dump_core=1
>
> Additional Information:
>
> Source Context system_u:system_r:xdm_t:s0-s0:c0.c1023
> Target Context system_u:object_r:root_t:s0
> Target Objects .kde [ dir ]
> Source kde4-config
> Source Path /usr/bin/kde4-config
> Port <Unknown>
> Host riohigh
> Source RPM Packages kdelibs-4.2.1-1.fc11
> Target RPM Packages
> Policy RPM selinux-policy-3.6.6-8.fc11
> Selinux Enabled True
> Policy Type targeted
> MLS Enabled True
> Enforcing Mode Enforcing
> Plugin Name allow_daemons_dump_core
> Host Name riohigh
> Platform Linux riohigh 2.6.29-0.176.rc6.git5.fc11.i586 #1
> SMP Sat Feb 28 20:51:15 EST 2009 i686 athlon
> Alert Count 16
> First Seen Tue 17 Feb 2009 08:36:03 AM CST
> Last Seen Mon 02 Mar 2009 03:49:11 PM CST
> Local ID 6d47417b-4b4b-4c4f-9c12-6210059fc418
> Line Numbers
>
> Raw Audit Messages
>
> node=riohigh type=AVC msg=audit(1236030551.278:7): avc: denied { create } for pid=2361 comm="kde4-config" name=".kde" scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:root_t:s0 tclass=dir
>
> node=riohigh type=SYSCALL msg=audit(1236030551.278:7): arch=40000003 syscall=39 success=no exit=-13 a0=9e843f8 a1=1c0 a2=60cf8c a3=0 items=0 ppid=2360 pid=2361 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="kde4-config" exe="/usr/bin/kde4-config" subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 key=(null)
>
>
>
>
> Thanks,
>
> Antonio
>
>
>
>
>
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
THe .kde problem has been reported, to kdebase.
THe crontab trying to talk to unconfined_t unix stream socket, I think
is a leaked file descriptor caused by restarting cron, perhaps from a
konsole?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iEYEARECAAYFAkmtQuIACgkQrlYvE4MpobNRvgCg0/AgI5iDOwBlv7t9QO4kIAMj
FNEAoNuT68US7f92FwgxqFGoQ0Kt9p/n
=K84y
-----END PGP SIGNATURE-----
More information about the fedora-selinux-list
mailing list